Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy settings keep changing - am I infected?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Inchnotfoot

Inchnotfoot

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 11 July 2015 - 09:58 AM

I am running Windows 8.1 on my custom PC, and I have recently started noticing that some websites refuse to load, I found that this is due to proxy settings being enabled. I thought this might of been because of the fact that my laptop, which I take to school has proxy enabled, (for school WiFi) which could be using my setting from there, I am not sure if this can happen but I assumed that chrome was using my old settings.
 
Basically every time I try to turn proxy off it turns back on within a matter of seconds. This is very annoying as I can't access some websites. 
I have tried to change the setting in regedit but that just reverted back.
I ran malwarebytes but nothing was discovered.
I ran rogue killer which found some proxy virus but gave "error(2)" when trying to delete them.
I removed any dodgy programs and startup processes. 
 
Other than that I am completely hopeless for what to do if someone could help it would be very much appreciated.  
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
Ran by Windows 7 User (administrator) on WINDOWS7USER-PC on 11-07-2015 15:09:26
Running from C:\Users\Windows 7 User\Desktop
Loaded Profiles: Windows 7 User (Available Profiles: Windows 7 User & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Program Files (x86)\Loca\bin\LocaProxy.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
() C:\Program Files (x86)\Loca\bin\LocaProxyTracker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Windows 7 User\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\DiskDiagnostic\DiskDiagnostic.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\Run: [uTorrent] => C:\Users\Windows 7 User\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-01-25] (BitTorrent Inc.)
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\Run: [BitTorrent] => C:\Users\Windows 7 User\AppData\Roaming\BitTorrent\BitTorrent.exe [1696104 2015-05-16] (BitTorrent Inc.)
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\Run: [Spotify Web Helper] => C:\Users\Windows 7 User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-07-03] (Spotify Ltd)
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\Run: [Spotify] => C:\Users\Windows 7 User\AppData\Roaming\Spotify\Spotify.exe [7415864 2015-07-03] (Spotify Ltd)
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\Run: [GoogleChromeAutoLaunch_EAB5EC3DD1D73EAB35FD76620F16746E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\MountPoints2: G - "G:\Setup.exe" 
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\MountPoints2: H - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\MountPoints2: {5ff8d04e-af8f-11e4-82cc-60a44c31d10d} - "E:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\MountPoints2: {5ff8d0be-af8f-11e4-82cc-60a44c31d10d} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\MountPoints2: {f8f766f8-86a3-11e4-82ae-60a44c31d10d} - "G:\HTC_Sync_Manager_PC.exe" 
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-07-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-1329359427-3663264040-3807462144-1000] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-1329359427-3663264040-3807462144-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0
HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = 
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-05-01] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-05-01] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-17] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-17] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AF6B7A33-E2E9-47FE-A113-CDB85FD28A34}: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Windows 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\6sqepnud.default
FF SearchEngineOrder.1: 
FF SelectedSearchEngine: 
FF Keyword.URL: 
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-05-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-05-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-1329359427-3663264040-3807462144-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Windows 7 User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-03-28]
FF HKU\S-1-5-21-1329359427-3663264040-3807462144-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezi) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg [2015-05-23]
CHR Extension: (Duolingo on the Web) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-05-23]
CHR Extension: (Google Drive) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-12]
CHR Extension: (YouTube) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-12]
CHR Extension: (Google Cast) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-02-07]
CHR Extension: (OneNote Online) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciniambnphakdoflgeamacamhfllbkmo [2015-05-23]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-05-23]
CHR Extension: (Google Search) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-12]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-03-28]
CHR Extension: (JavaScript Editor) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhkeonpomkliaedmafeniofidolfmdd [2015-05-23]
CHR Extension: (Word Online) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2015-05-23]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-05-27]
CHR Extension: (AdBlock) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-30]
CHR Extension: (Excel Online) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2015-05-23]
CHR Extension: (Adblock for Pirate Bay) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2014-08-04]
CHR Extension: (Typist) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobjdokbkdhnelgogpoompgojjmgnejn [2015-05-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-12]
CHR Extension: (PowerPoint Online) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2015-05-23]
CHR Extension: (Google Classroom) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2015-05-23]
CHR Extension: (Sunrise Calendar) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2015-05-23]
CHR Extension: (OneDrive) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-05-23]
CHR Extension: (Quento) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nimiaepladfnjnkflgicmageogpmcneg [2015-05-23]
CHR Extension: (Google Wallet) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-12]
CHR Extension: (TypingClub) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2015-05-23]
CHR Extension: (Kifi) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\onjcefmjokhplckpacodglibhjiplgda [2015-05-23]
CHR Extension: (Khan Academy) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko [2015-05-23]
CHR Extension: (Outlook.com) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-05-23]
CHR Profile: C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-05]
CHR Extension: (Google Drive) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-05]
CHR Extension: (YouTube) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-05]
CHR Extension: (Google Search) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-05]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-07-05]
CHR Extension: (Boxopus) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gdifjpojafakgbdkfephddpkjejincan [2015-07-05]
CHR Extension: (mysms - SMS from Computer) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hnkkehjnlfplmdnallbjjdnokolhblgb [2015-07-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-10]
CHR Extension: (Google Wallet) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05]
CHR Extension: (Coding the Web) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbinfbikhndabcdlabpcbhggkcdakgfg [2015-07-05]
CHR Extension: (Gmail) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-05]
CHR Extension: (Inbox by Gmail) - C:\Users\Windows 7 User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2015-07-05]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - No Path Or update_url value
 
Opera: 
=======
OPR Extension: (AdBlock) - C:\Users\Windows 7 User\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2015-02-28]
OPR Extension: (Google Cast) - C:\Users\Windows 7 User\AppData\Roaming\Opera Software\Opera Stable\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-02-07]
OPR Extension: (Google Cast (Beta)) - C:\Users\Windows 7 User\AppData\Roaming\Opera Software\Opera Stable\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2015-02-07]
OPR Extension: (Download Chrome Extension) - C:\Users\Windows 7 User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2015-02-07]
OPR Extension: (Adblock Plus) - C:\Users\Windows 7 User\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-09-28]
OPR Extension: (Google Translate) - C:\Users\Windows 7 User\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcfaommkmdjacdkbaoohklbccfmbnnod [2014-12-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe [69448 2015-05-28] (Google Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [173792 2015-03-28] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-14] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-08-13] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-08-10] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 SgamingkbFltr; C:\Windows\system32\drivers\GKS16Fltr.sys [14848 2011-12-20] (LXD Development, Inc.)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-11] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-11 15:09 - 2015-07-11 15:10 - 00028841 _____ C:\Users\Windows 7 User\Desktop\FRST.txt
2015-07-11 15:09 - 2015-07-11 15:10 - 00000974 _____ C:\Users\Windows 7 User\Desktop\sf.txt
2015-07-11 14:40 - 2015-07-11 14:52 - 00000000 ____D C:\AdwCleaner
2015-07-11 14:40 - 2015-07-11 14:40 - 02248704 _____ C:\Users\Windows 7 User\Downloads\adwcleaner_4.208.exe
2015-07-11 14:39 - 2015-07-11 14:40 - 05633250 _____ (Swearware) C:\Users\Windows 7 User\Downloads\ComboFix.exe
2015-07-11 14:39 - 2015-07-11 14:39 - 03034850 _____ (Malwarebytes Corporation) C:\Users\Windows 7 User\Downloads\JRT.exe
2015-07-11 02:12 - 2015-07-11 02:12 - 00062809 _____ C:\Users\Windows 7 User\Downloads\Addition.txt
2015-07-11 02:11 - 2015-07-11 02:12 - 00052572 _____ C:\Users\Windows 7 User\Downloads\FRST.txt
2015-07-11 01:57 - 2015-07-11 01:57 - 00000000 ____D C:\Users\Windows 7 User\Downloads\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]
2015-07-11 01:42 - 2015-07-11 15:09 - 00000000 ____D C:\FRST
2015-07-11 01:42 - 2015-07-11 02:12 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-07-11 01:42 - 2015-07-11 01:52 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-11 01:42 - 2015-07-11 01:42 - 02112512 _____ (Farbar) C:\Users\Windows 7 User\Desktop\FRST64.exe
2015-07-11 01:41 - 2015-07-11 01:41 - 18070088 _____ C:\Users\Windows 7 User\Downloads\RogueKiller.exe
2015-07-11 01:05 - 2015-07-11 01:05 - 00000000 ____D C:\Users\Windows 7 User\Documents\Freemake
2015-07-11 01:01 - 2015-07-11 01:01 - 00002822 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-07-11 01:01 - 2015-07-11 01:01 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-11 01:01 - 2015-07-11 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-11 01:00 - 2015-07-11 01:01 - 00000000 ____D C:\Program Files\CCleaner
2015-07-11 00:57 - 2015-07-11 00:58 - 06565352 _____ (Piriform Ltd) C:\Users\Windows 7 User\Downloads\ccsetup507pro.exe
2015-07-05 18:05 - 2015-07-05 18:05 - 08180736 _____ C:\Users\Windows 7 User\Downloads\chromeremotedesktophost.msi
2015-07-05 12:43 - 2015-07-05 12:43 - 00691960 _____ C:\Users\Windows 7 User\Desktop\The Perfect Graphical Setup_ - Skyrim Mods - Week 137.mp4.sfk
2015-07-05 12:17 - 2015-07-05 12:17 - 00000000 _____ C:\Users\Windows 7 User\Desktop\ei.txt
2015-07-05 11:41 - 2015-07-05 11:41 - 16973081 _____ C:\Users\Windows 7 User\Downloads\HandBrake-0.10.2-x86_64-Win_GUI.exe
2015-07-05 10:50 - 2015-07-05 10:50 - 00002624 _____ C:\Users\Windows 7 User\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-07-05 10:50 - 2015-07-05 10:50 - 00000000 ____D C:\Users\Windows 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-07-05 10:50 - 2015-07-05 10:50 - 00000000 ____D C:\Users\Windows 7 User\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-07-05 10:49 - 2015-07-05 10:49 - 02721168 _____ (Microsoft Corporation) C:\Users\Windows 7 User\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2015-07-05 00:27 - 2015-07-05 01:27 - 3900907520 ____R C:\Users\Windows 7 User\Downloads\Windows_8.1_Pro_X64_Activated.iso
2015-07-05 00:10 - 2015-07-11 01:03 - 00000000 ____D C:\WINDOWS\pss
2015-07-04 22:39 - 2013-07-26 15:07 - 00827096 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2015-07-04 22:39 - 2013-07-26 15:07 - 00074456 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2015-07-04 17:26 - 2015-07-04 17:26 - 01483336 _____ (Microsoft Corporation) C:\Users\Windows 7 User\Downloads\mediacreationtool.exe
2015-07-04 17:22 - 2015-07-04 17:31 - 212576458 _____ C:\Users\Windows 7 User\Downloads\Windows 8 X64.zip
2015-06-28 14:28 - 2015-06-28 14:35 - 188160178 _____ C:\Users\Windows 7 User\Documents\Ultimate £300 Home Server.mp4
2015-06-28 14:23 - 2015-06-28 14:23 - 00000000 ____D C:\ProgramData\TEMP
2015-06-28 14:22 - 2015-06-28 14:23 - 05403264 _____ (Dll-Files.com ) C:\Users\Windows 7 User\Downloads\dff_rbno-amtlib.exe
2015-06-28 14:20 - 2015-06-28 14:21 - 01004399 _____ C:\Users\Windows 7 User\Downloads\amtlib.zip
2015-06-28 12:58 - 2015-07-11 14:31 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-28 12:58 - 2015-07-05 10:52 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-28 12:58 - 2015-07-05 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-28 12:57 - 2015-07-05 10:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-28 12:57 - 2015-06-28 12:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-28 12:57 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-28 12:57 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-28 12:57 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-28 12:56 - 2015-06-28 12:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Windows 7 User\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-27 19:01 - 2015-06-28 09:59 - 00000000 ____D C:\Users\Windows 7 User\Downloads\Ex Machina (2015) [1080p]
2015-06-27 19:00 - 2015-06-27 19:00 - 00017315 _____ C:\Users\Windows 7 User\Downloads\ex-machina-2015-1080p.torrent
2015-06-27 18:58 - 2015-06-28 10:02 - 00000000 ____D C:\Users\Windows 7 User\Downloads\Codebreaker (2011) [1080p]
2015-06-27 18:58 - 2015-06-27 18:58 - 00013285 _____ C:\Users\Windows 7 User\Downloads\codebreaker-2011-1080p.torrent
2015-06-27 18:54 - 2015-06-28 10:01 - 00000000 ____D C:\Users\Windows 7 User\Downloads\American Sniper (2014) [1080p]
2015-06-27 18:41 - 2015-06-27 18:41 - 00020645 _____ C:\Users\Windows 7 User\Downloads\american-sniper-2014-1080p.torrent
2015-06-27 18:35 - 2015-06-28 10:01 - 00000000 ____D C:\Users\Windows 7 User\Downloads\Paul Blart Mall Cop 2 (2015) [1080p]
2015-06-27 18:34 - 2015-06-27 23:35 - 00000000 ____D C:\Users\Windows 7 User\Downloads\The Grand Budapest Hotel (2014) [1080p]
2015-06-27 18:34 - 2015-06-27 18:34 - 00015281 _____ C:\Users\Windows 7 User\Downloads\paul-blart-mall-cop-2-2015-1080p.torrent
2015-06-27 18:33 - 2015-06-27 18:33 - 00015562 _____ C:\Users\Windows 7 User\Downloads\the-grand-budapest-hotel-2014-1080p.torrent
2015-06-14 01:13 - 2015-06-14 01:13 - 00000222 _____ C:\Users\Windows 7 User\Desktop\Metro Last Light Redux.url
2015-06-14 01:12 - 2015-06-14 01:12 - 00000219 _____ C:\Users\Windows 7 User\Desktop\Portal.url
2015-06-14 01:12 - 2015-06-14 01:12 - 00000195 _____ C:\Users\Windows 7 User\Desktop\Hotline Miami.url
2015-06-14 00:46 - 2015-06-14 00:46 - 00000875 _____ C:\Users\Windows 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-06-14 00:46 - 2015-06-14 00:46 - 00000827 _____ C:\Users\Windows 7 User\Desktop\Start Tor Browser.lnk
2015-06-14 00:44 - 2015-06-14 00:44 - 00000000 ____D C:\Users\Windows 7 User\Desktop\Tor Browser
2015-06-14 00:41 - 2015-06-14 00:43 - 35854880 _____ C:\Users\Windows 7 User\Downloads\torbrowser-install-4.5.1_en-US.exe
2015-06-12 23:57 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-12 23:57 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-12 23:57 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-12 23:57 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-12 23:57 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-12 23:57 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-12 23:57 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-12 23:57 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-12 23:57 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-12 23:57 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-12 23:57 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-12 23:57 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-12 23:57 - 2015-05-23 03:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-12 23:57 - 2015-05-23 03:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-12 23:57 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-12 23:57 - 2015-05-23 03:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-12 23:57 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-12 23:57 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-12 23:57 - 2015-05-23 03:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-12 23:57 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-12 23:57 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-12 23:57 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-12 23:57 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-12 23:57 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-12 23:57 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-12 23:57 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-12 23:57 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-12 23:57 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-12 23:57 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-12 23:57 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-12 23:57 - 2015-05-22 19:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-12 23:57 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-12 23:57 - 2015-05-22 19:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-12 23:57 - 2015-05-22 19:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-12 23:57 - 2015-05-22 19:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-12 23:57 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-12 23:57 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-12 23:57 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-12 23:57 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-12 23:57 - 2015-05-22 18:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-12 23:57 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-12 23:57 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-12 23:57 - 2015-05-21 17:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-12 23:57 - 2015-04-25 03:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-12 23:57 - 2015-04-25 03:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-12 23:57 - 2015-04-16 07:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-12 23:57 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-12 23:57 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-12 23:57 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-12 23:57 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-12 23:57 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-12 23:57 - 2015-04-08 23:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-12 23:57 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-12 23:57 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-12 23:57 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-12 23:57 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-12 23:57 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-12 23:57 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-12 23:57 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-12 23:57 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-12 23:57 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-12 23:57 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-12 23:57 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-12 23:57 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-12 23:57 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-12 23:57 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-12 23:57 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-12 23:57 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-12 23:57 - 2015-03-20 04:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-12 23:57 - 2015-03-20 03:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-12 23:57 - 2015-03-20 03:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-12 23:57 - 2015-03-02 02:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-12 23:57 - 2015-03-02 02:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-12 23:31 - 2015-06-12 23:31 - 00000000 ____D C:\Users\Windows 7 User\AppData\Roaming\3909
2015-06-12 22:05 - 2015-06-12 22:05 - 00000222 _____ C:\Users\Windows 7 User\Desktop\Papers, Please.url
2015-06-12 22:04 - 2015-06-12 22:04 - 00000221 _____ C:\Users\Windows 7 User\Desktop\Super Meat Boy.url
2015-06-12 22:04 - 2015-06-12 22:04 - 00000219 _____ C:\Users\Windows 7 User\Desktop\Half-Life 2.url
2015-06-12 18:32 - 2015-06-12 18:32 - 00000218 _____ C:\Users\Windows 7 User\Desktop\Half-Life.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-11 15:07 - 2015-02-13 19:47 - 00000000 ____D C:\Users\Windows 7 User\AppData\Roaming\BitTorrent
2015-07-11 15:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-11 14:46 - 2014-07-12 02:42 - 01747025 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-11 14:37 - 2014-07-12 02:55 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1329359427-3663264040-3807462144-1000
2015-07-11 14:36 - 2014-07-12 02:54 - 00003990 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0FACE3C9-4ADE-470C-A344-449449018FEA}
2015-07-11 14:33 - 2015-01-25 02:33 - 00097184 _____ C:\WINDOWS\system32\lvcoinst.log
2015-07-11 14:33 - 2014-07-12 03:02 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-11 14:32 - 2014-07-12 22:43 - 00166912 ___SH C:\Users\Windows 7 User\Desktop\Thumbs.db
2015-07-11 14:32 - 2014-07-12 02:52 - 00000000 ___DO C:\Users\Windows 7 User\SkyDrive
2015-07-11 14:31 - 2015-02-08 18:21 - 00000000 ____D C:\Users\Windows 7 User\AppData\Local\HTC MediaHub
2015-07-11 14:31 - 2014-07-12 03:02 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-11 14:27 - 2014-08-28 00:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-11 14:27 - 2013-08-22 15:46 - 00096483 _____ C:\WINDOWS\setupact.log
2015-07-11 14:27 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-11 02:18 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-11 01:21 - 2014-08-28 00:59 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-11 01:06 - 2014-07-26 22:30 - 00000000 ____D C:\Program Files (x86)\iExplorer
2015-07-11 01:05 - 2015-05-29 20:58 - 00000000 ____D C:\Users\Windows 7 User\AppData\Roaming\D-LAN
2015-07-11 01:05 - 2015-02-08 17:12 - 00000000 ____D C:\Program Files (x86)\HTC
2015-07-11 01:05 - 2014-07-16 07:20 - 00000000 ____D C:\ProgramData\Freemake
2015-07-11 01:05 - 2014-07-16 07:20 - 00000000 ____D C:\Program Files (x86)\Freemake
2015-07-11 00:11 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-10 23:43 - 2014-12-31 14:56 - 00000000 ____D C:\Program Files (x86)\GameBuilderStudio
2015-07-10 23:41 - 2014-08-15 00:00 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-10 23:41 - 2014-08-14 19:57 - 00000000 ____D C:\Games
2015-07-10 23:29 - 2015-03-28 17:34 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-07-10 23:29 - 2015-03-28 17:34 - 00001644 _____ C:\WINDOWS\LkmdfCoInst.log
2015-07-10 23:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-06 22:24 - 2014-07-17 21:56 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-06 22:24 - 2014-07-17 21:56 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-05 18:15 - 2014-07-12 02:45 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-05 12:43 - 2015-02-16 00:08 - 00188928 ___SH C:\Users\Windows 7 User\Documents\Thumbs.db
2015-07-05 11:08 - 2014-07-12 22:47 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-04 23:47 - 2014-07-12 02:37 - 00328322 _____ C:\WINDOWS\PFRO.log
2015-07-04 23:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-04 23:26 - 2014-07-17 22:14 - 00000000 ____D C:\ProgramData\APN
2015-07-04 23:08 - 2015-06-07 15:24 - 00000000 ____D C:\Users\Windows 7 User\AppData\Local\Akamai
2015-07-04 23:03 - 2015-05-27 12:26 - 00000000 ____D C:\Users\Windows 7 User\Downloads\LOIC-1.0.8-binary
2015-07-04 22:39 - 2014-08-08 22:42 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-07-04 22:39 - 2014-07-12 02:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-04 17:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\addins
2015-07-04 17:02 - 2015-01-25 13:05 - 00000000 ____D C:\Users\Windows 7 User\AppData\Roaming\Spotify
2015-07-04 03:30 - 2015-06-07 18:57 - 00000000 ____D C:\Users\Windows 7 User\AppData\Local\Plex Media Server
2015-07-03 16:59 - 2015-01-25 13:07 - 00000000 ____D C:\Users\Windows 7 User\AppData\Local\Spotify
2015-06-28 14:24 - 2014-08-31 13:50 - 00000000 ____D C:\Users\Windows 7 User\AppData\Roaming\Audacity
2015-06-28 13:05 - 2014-12-28 18:44 - 00000000 __SHD C:\Users\Windows 7 User\AppData\Local\EmieBrowserModeList
2015-06-28 13:05 - 2014-07-22 12:17 - 00000000 __SHD C:\Users\Windows 7 User\AppData\Local\EmieUserList
2015-06-28 13:05 - 2014-07-22 12:17 - 00000000 __SHD C:\Users\Windows 7 User\AppData\Local\EmieSiteList
2015-06-28 10:13 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-27 14:22 - 2014-08-30 19:22 - 00000210 _____ C:\Users\Windows 7 User\AppData\Roaming\WB.CFG
2015-06-14 19:20 - 2013-11-30 17:33 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-14 17:26 - 2014-08-09 13:42 - 00000000 ____D C:\Users\Windows 7 User\AppData\Roaming\vlc
2015-06-14 17:20 - 2015-05-10 00:56 - 00000000 ____D C:\Users\Windows 7 User\AppData\Local\Windows Live
2015-06-14 16:15 - 2014-07-12 22:51 - 00000000 ____D C:\ProgramData\Origin
2015-06-14 01:14 - 2014-07-12 22:51 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-14 01:13 - 2014-07-31 11:03 - 00000000 ____D C:\Users\Windows 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-13 22:00 - 2013-08-22 15:44 - 05099856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-13 21:47 - 2014-11-02 13:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-13 21:47 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-13 21:47 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-13 21:46 - 2014-11-02 13:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-13 21:46 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini
2015-06-13 02:27 - 2014-07-14 17:09 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-13 02:27 - 2014-07-14 17:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-13 01:36 - 2015-05-24 11:14 - 00000000 ____D C:\Users\Windows 7 User\Documents\HTC
 
==================== Files in the root of some directories =======
 
2014-12-31 13:45 - 2014-12-31 13:45 - 0000132 _____ () C:\Users\Windows 7 User\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-08-30 19:22 - 2015-06-27 14:22 - 0000210 _____ () C:\Users\Windows 7 User\AppData\Roaming\WB.CFG
2014-12-06 21:22 - 2014-12-17 01:22 - 0000010 _____ () C:\Users\Windows 7 User\AppData\Local\DSI.DAT
2015-02-15 22:04 - 2015-02-15 22:04 - 0333312 _____ () C:\ProgramData\cryptoDrvUpdate.exe
2014-08-08 22:44 - 2014-08-08 22:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\ProgramData\cryptoDrvUpdate.exe
C:\Users\Windows 7 User\appnimi-pdf-unlocker.dat
 
 
Some files in TEMP:
====================
C:\Users\Windows 7 User\AppData\Local\Temp\067eUcbc6p.exe
C:\Users\Windows 7 User\AppData\Local\Temp\5C1hgBFCMD.exe
C:\Users\Windows 7 User\AppData\Local\Temp\6QTu5pN9kX.exe
C:\Users\Windows 7 User\AppData\Local\Temp\98gzdQAGEO.exe
C:\Users\Windows 7 User\AppData\Local\Temp\bu4pv8xr.dll
C:\Users\Windows 7 User\AppData\Local\Temp\ChangeIcon.exe
C:\Users\Windows 7 User\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Windows 7 User\AppData\Local\Temp\drm_dyndata_7380015.dll
C:\Users\Windows 7 User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzayjd9.dll
C:\Users\Windows 7 User\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Windows 7 User\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Windows 7 User\AppData\Local\Temp\EADB603.exe
C:\Users\Windows 7 User\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe
C:\Users\Windows 7 User\AppData\Local\Temp\HssInstaller64.exe
C:\Users\Windows 7 User\AppData\Local\Temp\install_flashplayer14x32_chra_dy_aaa_aih.exe
C:\Users\Windows 7 User\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.1-10-g8688bd4-b3092jnks.dll
C:\Users\Windows 7 User\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.2-24-g07d4558-b3116jnks.dll
C:\Users\Windows 7 User\AppData\Local\Temp\jansi-32-git-Spigot-1649.dll
C:\Users\Windows 7 User\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.9-R0.1-10-g8688bd4-b3092jnks.dll
C:\Users\Windows 7 User\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.9-R0.2-24-g07d4558-b3116jnks.dll
C:\Users\Windows 7 User\AppData\Local\Temp\jansi-64-git-Spigot-1649.dll
C:\Users\Windows 7 User\AppData\Local\Temp\jline_git-Bukkit-1_8_1-R4-7-g22f18a2-b1423jnks.dll
C:\Users\Windows 7 User\AppData\Local\Temp\jsonparser.dll
C:\Users\Windows 7 User\AppData\Local\Temp\lI5UcdYyJc.exe
C:\Users\Windows 7 User\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Windows 7 User\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\Windows 7 User\AppData\Local\Temp\optprosetup.exe
C:\Users\Windows 7 User\AppData\Local\Temp\ose00000.exe
C:\Users\Windows 7 User\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Windows 7 User\AppData\Local\Temp\Quarantine.exe
C:\Users\Windows 7 User\AppData\Local\Temp\R3aXBaaPFl.exe
C:\Users\Windows 7 User\AppData\Local\Temp\raptrpatch.exe
C:\Users\Windows 7 User\AppData\Local\Temp\raptr_stub.exe
C:\Users\Windows 7 User\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Windows 7 User\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Windows 7 User\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Windows 7 User\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Windows 7 User\AppData\Local\Temp\sfareca00002.dll
C:\Users\Windows 7 User\AppData\Local\Temp\sfextra.dll
C:\Users\Windows 7 User\AppData\Local\Temp\sonarinst.exe
C:\Users\Windows 7 User\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Windows 7 User\AppData\Local\Temp\sqlite3.dll
C:\Users\Windows 7 User\AppData\Local\Temp\sqlite3.exe
C:\Users\Windows 7 User\AppData\Local\Temp\Uninstall.exe
C:\Users\Windows 7 User\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Windows 7 User\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Windows 7 User\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-11 00:08
 
==================== End of log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 13 July 2015 - 03:21 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 04 August 2015 - 02:01 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users