Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I suspect I have malware/infection [strange things happening] what can I do?


  • This topic is locked This topic is locked
11 replies to this topic

#1 Felty

Felty

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 22 July 2015 - 01:30 AM

Well last month I posted on another forum about a similar issue, and an expert helped me, looked at my logs, gave me the instructions to clean my system. They said that I had malware and my system was now clean.

 

Despite that, I've still been having problems with my laptop and I strongly suspect a subtle infection or malware. These are a few of the things that have happened lately...

 

.Randomly hearing windows 'error', 'exclamation', 'ding' and 'windows critial stop' sound effects with no windows popping up.

 

.When I have been connecting to the internet (prior to being disconnected), the yellow warning icon strangely shows up and lingers for about 10-20 seconds before disappearing.

 

Note: This actually happened before I got my system clean last month, then after the cleanup, it stopped for a while. But lately, it's been happening once again.

 

.Yesterday, right out of the blue, a window popped up saying 'you have chosen to open starter_avp.exe' which it said was a binary file located in the Kaspersky lab folder. I did not request to open this.

 

.A few days ago Google asked me to enter a captcha to continue using search, as they had supposedly detected 'unusual traffic from my computer network. But I only used search about 5-6 times in a period of 10 minutes so this didn't make sense.

 

.Unable to successfully perform a system restore. I have actually had this problem for ages, and the cleanup last month didn't resolve it either.

 

Some of these issues may be nothing at all, but they're making me paranoid and I just have a strong feeling that whatever I had before is either back, or it's something else entirely. I am always safe online, so I don't know how this could've happened. I have Kaspersky and Malwarebytes (payed versions) if this helps.

 

Help really appreciated, thanks

 

 



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:49 AM

Posted 23 July 2015 - 02:17 PM

Hello Felty, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

 

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Best Regards,
oneof4.


#3 Felty

Felty
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 24 July 2015 - 02:56 PM

Hi, thanks very much for the response and for your assistance. I've done as directed, and below I will include the frst and addition log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Steven (administrator) on Steven on 24-07-2015 20:03:58
Running from C:\Users\Steven.Steven\Downloads
Loaded Profiles: Steven (Available Profiles: Steven)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe [24256 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157992 2015-07-11] (Apple Inc.)
HKU\S-1-5-21-1173336206-2999024541-334857791-1002\...\Run: [Spotify Web Helper] => C:\Users\Steven.Steven\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-07-09] (Spotify Ltd)
HKU\S-1-5-21-1173336206-2999024541-334857791-1002\...\Run: [Amazon Music] => C:\Users\Steven.Steven\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-21-1173336206-2999024541-334857791-1002\...\Run: [Spotify] => C:\Users\Steven.Steven\AppData\Roaming\Spotify\Spotify.exe [7504952 2015-07-09] (Spotify Ltd)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2014-04-02] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2014-04-02] (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-1173336206-2999024541-334857791-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1173336206-2999024541-334857791-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1173336206-2999024541-334857791-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-02] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-04-02] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-02] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-02] (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-02] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-04-02] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-02] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-02] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{66A998D1-E176-48C4-9C97-27E0C9663E2F}: [DhcpNameServer] 40.21.1.201 40.21.1.202
Tcpip\..\Interfaces\{A606A4FD-FD2F-4A6A-8C96-B83A11EFB3FF}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Steven.Steven\AppData\Roaming\Mozilla\Firefox\Profiles\3huiz7ca.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-1173336206-2999024541-334857791-1002: @nsroblox.roblox.com/launcher -> C:\Users\Steven.Steven\AppData\Local\Roblox\Versions\version-0d46087630eb46cd\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1173336206-2999024541-334857791-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\Steven.Steven\AppData\Local\Roblox\Versions\version-0d46087630eb46cd\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Extension: WOT - C:\Users\Steven.Steven\AppData\Roaming\Mozilla\Firefox\Profiles\3huiz7ca.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-10]
FF Extension: Disconnect - C:\Users\Steven.Steven\AppData\Roaming\Mozilla\Firefox\Profiles\3huiz7ca.default\Extensions\2.0@disconnect.me.xpi [2014-03-23]
FF Extension: TinEye Reverse Image Search - C:\Users\Steven.Steven\AppData\Roaming\Mozilla\Firefox\Profiles\3huiz7ca.default\Extensions\tineye@ideeinc.com.xpi [2015-04-15]
FF Extension: NoScript - C:\Users\Steven.Steven\AppData\Roaming\Mozilla\Firefox\Profiles\3huiz7ca.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-12]
FF Extension: Adblock Plus - C:\Users\Steven.Steven\AppData\Roaming\Mozilla\Firefox\Profiles\3huiz7ca.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23]
FF Extension: BetterPrivacy - C:\Users\Steven.Steven\AppData\Roaming\Mozilla\Firefox\Profiles\3huiz7ca.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-03-22]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-22]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-03-22]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-03-22]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-03-22]

Chrome:
=======
CHR Profile: C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-23]
CHR Extension: (Google Drive) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-23]
CHR Extension: (Google Search) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-23]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-23]
CHR Extension: (Safe Money) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-03-23]
CHR Extension: (Content Blocker) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-23]
CHR Extension: (Virtual Keyboard) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-23]
CHR Extension: (Google Wallet) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-23]
CHR Extension: (Gmail) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-23]
CHR Extension: (Anti-Banner) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-23]
CHR Profile: C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (YouTube) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google Search) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-02-07]
CHR Extension: (Google Sheets) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-07]
CHR Extension: (Gmail) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-07]
CHR Extension: (Anti-Banner) - C:\Users\Steven.Steven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-02-07]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-06] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [591360 2014-08-27] (C-MEDIA)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-11] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627264 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-06-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-24 20:03 - 2015-07-24 20:04 - 00025707 _____ C:\Users\Steven.Steven\Downloads\FRST.txt
2015-07-24 20:03 - 2015-07-24 20:04 - 00000000 ____D C:\FRST
2015-07-24 20:02 - 2015-07-24 20:02 - 02135552 _____ (Farbar) C:\Users\Steven.Steven\Downloads\FRST64.exe
2015-07-24 18:53 - 2015-07-24 19:05 - 00000179 _____ C:\Users\Steven.Steven\Documents\artwork ideas 1.txt
2015-07-24 18:40 - 2015-07-24 18:40 - 00000143 _____ C:\Users\Steven.Steven\Documents\artwork ideas 2.txt
2015-07-24 16:46 - 2015-07-24 16:46 - 00000460 _____ C:\Users\Steven.Steven\Documents\artwork ideas 3.txt
2015-07-24 15:04 - 2015-07-24 15:04 - 00000155 _____ C:\Users\Steven.Steven\Documents\artwork ideas 4.txt
2015-07-24 06:29 - 2015-07-24 06:29 - 00000243 _____ C:\Users\Steven.Steven\Documents\fish tank.txt
2015-07-23 18:46 - 2015-07-23 19:01 - 00002394 _____ C:\Users\Steven.Steven\Documents\new wishlist.txt
2015-07-23 16:16 - 2015-07-23 16:16 - 00000204 _____ C:\Users\Steven.Steven\Documents\dicey.txt
2015-07-23 15:14 - 2015-07-23 15:14 - 00000511 _____ C:\Users\Steven.Steven\Documents\amazon.txt
2015-07-22 15:04 - 2015-07-22 15:23 - 00000413 _____ C:\Users\Steven.Steven\Documents\good dinosaur.txt
2015-07-22 08:34 - 2015-07-22 10:07 - 00001155 _____ C:\Users\Steven.Steven\Documents\to do list.txt
2015-07-22 08:15 - 2015-07-22 12:33 - 00001904 _____ C:\Users\Steven.Steven\Documents\cool.txt
2015-07-22 07:29 - 2015-07-22 07:29 - 00001845 _____ C:\Users\Steven.Steven\Documents\new logs.txt
2015-07-21 15:15 - 2015-07-24 18:51 - 00001898 _____ C:\Users\Steven.Steven\Documents\steam achievments.txt
2015-07-21 14:38 - 2015-07-22 21:38 - 00000072 _____ C:\Users\Steven.Steven\Desktop\todo.txt
2015-07-21 12:28 - 2015-07-21 15:35 - 00001334 _____ C:\Users\Steven.Steven\Documents\amazon new stuff.txt
2015-07-21 07:18 - 2015-07-14 15:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 07:18 - 2015-07-14 15:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 07:18 - 2015-07-14 15:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 07:18 - 2015-07-14 15:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 22:13 - 2015-07-20 22:23 - 00001029 _____ C:\Users\Steven.Steven\Documents\trailers.txt
2015-07-20 21:59 - 2015-07-20 21:59 - 00000757 _____ C:\Users\Steven.Steven\Documents\written reviews.txt
2015-07-20 20:19 - 2015-07-20 20:21 - 00000998 _____ C:\Users\Steven.Steven\Documents\safe copy2.txt
2015-07-20 16:17 - 2015-07-20 16:17 - 00000796 _____ C:\Users\Steven.Steven\Documents\fan art.txt
2015-07-20 12:27 - 2015-07-20 12:27 - 00000151 _____ C:\Users\Steven.Steven\Documents\1222132.txt
2015-07-20 09:59 - 2015-07-20 10:49 - 00004514 _____ C:\Users\Steven.Steven\Documents\bands to check out.txt
2015-07-18 18:47 - 2015-07-18 18:48 - 00000934 _____ C:\Users\Steven.Steven\Documents\complaint.txt
2015-07-17 07:26 - 2015-06-29 23:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-17 07:26 - 2015-06-29 16:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-17 07:26 - 2015-06-29 16:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-17 07:26 - 2015-06-29 16:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-17 07:26 - 2015-06-29 16:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-17 07:26 - 2015-06-29 16:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-17 07:26 - 2015-06-27 00:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-17 07:26 - 2015-06-27 00:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-17 07:26 - 2015-05-12 14:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-17 07:26 - 2015-05-11 17:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-17 07:26 - 2015-05-07 18:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-17 07:26 - 2015-05-07 18:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-17 07:26 - 2015-05-07 17:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-17 07:26 - 2015-05-07 17:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-17 07:26 - 2015-05-07 16:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-17 07:26 - 2015-05-07 16:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-17 07:26 - 2015-05-03 16:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-17 07:26 - 2015-05-03 16:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-17 07:26 - 2015-05-03 15:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-17 07:26 - 2015-05-03 15:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-17 07:26 - 2015-05-03 15:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-17 07:26 - 2015-05-03 15:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-17 07:26 - 2015-05-03 01:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-17 07:26 - 2015-05-02 00:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-17 07:26 - 2015-04-30 00:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-17 07:26 - 2015-04-28 14:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-17 07:26 - 2015-04-28 14:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-17 07:26 - 2015-04-25 03:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-17 07:26 - 2015-04-23 16:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-17 07:26 - 2015-04-23 16:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-17 07:26 - 2014-11-04 20:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-17 07:26 - 2014-11-04 20:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-17 07:26 - 2014-11-04 07:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-17 07:26 - 2014-11-04 07:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-17 07:26 - 2014-11-04 07:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-17 07:26 - 2014-11-04 07:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-17 05:44 - 2015-07-17 05:44 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\09CF5BC5.sys
2015-07-16 18:29 - 2015-07-16 18:30 - 1786872968 _____ C:\Users\Steven.Steven\Documents\vid0690.avi
2015-07-16 18:29 - 2015-07-16 18:29 - 315785008 _____ C:\Users\Steven.Steven\Documents\vid0689.avi
2015-07-16 18:28 - 2015-07-16 18:28 - 724802736 _____ C:\Users\Steven.Steven\Documents\vid0688.avi
2015-07-16 18:27 - 2015-07-16 18:28 - 2163599984 _____ C:\Users\Steven.Steven\Documents\vid0687.avi
2015-07-16 18:24 - 2015-07-16 18:26 - 4036597664 _____ C:\Users\Steven.Steven\Documents\vid0686.avi
2015-07-16 18:19 - 2015-07-16 18:20 - 1812035576 _____ C:\Users\Steven.Steven\Documents\vid0685.avi
2015-07-16 17:44 - 2015-07-17 05:56 - 00003502 _____ C:\Users\Steven.Steven\Documents\letter to send.txt
2015-07-16 14:32 - 2015-07-16 14:32 - 882665072 _____ C:\Users\Steven.Steven\Documents\vid0684.avi
2015-07-16 13:37 - 2015-07-16 17:33 - 00003207 _____ C:\Users\Steven.Steven\Documents\edits.txt
2015-07-16 13:19 - 2015-07-16 13:31 - 00000668 _____ C:\Users\Steven.Steven\Documents\rocking out.txt
2015-07-16 10:08 - 2015-07-16 10:09 - 2544014752 _____ C:\Users\Steven.Steven\Documents\vid0683.avi
2015-07-15 16:44 - 2015-07-15 16:47 - 1833714728 _____ C:\Users\Steven.Steven\Documents\vid0682.avi
2015-07-15 16:40 - 2015-07-15 16:41 - 2608719200 _____ C:\Users\Steven.Steven\Documents\vid0681.avi
2015-07-15 16:30 - 2015-07-15 16:30 - 240411048 _____ C:\Users\Steven.Steven\Documents\vid0680.avi
2015-07-15 16:29 - 2015-07-15 16:29 - 717909848 _____ C:\Users\Steven.Steven\Documents\vid0679.avi
2015-07-15 15:45 - 2015-07-15 15:47 - 00001225 _____ C:\Users\Steven.Steven\Documents\the robotss.txt
2015-07-15 06:54 - 2015-07-15 06:54 - 498740016 _____ C:\Users\Steven.Steven\Documents\vid0678.avi
2015-07-15 06:36 - 2015-07-15 06:37 - 3588318912 _____ C:\Users\Steven.Steven\Documents\vid0677.avi
2015-07-15 06:30 - 2015-07-15 06:32 - 2723338960 _____ C:\Users\Steven.Steven\Documents\vid0676.avi
2015-07-15 06:29 - 2015-07-15 06:30 - 1072859088 _____ C:\Users\Steven.Steven\Documents\vid0675.avi
2015-07-15 06:26 - 2015-07-15 06:26 - 1460427864 _____ C:\Users\Steven.Steven\Documents\vid0674.avi
2015-07-15 04:11 - 2015-06-28 06:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 04:11 - 2015-06-28 06:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 04:11 - 2015-06-28 06:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 04:11 - 2015-06-28 06:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 04:11 - 2015-06-27 17:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 04:11 - 2015-06-27 04:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 04:11 - 2015-06-27 04:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 04:11 - 2015-06-27 04:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 04:11 - 2015-06-27 03:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 04:11 - 2015-06-27 03:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 04:11 - 2015-06-27 03:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 04:11 - 2015-06-27 02:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 04:11 - 2015-06-27 02:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 04:11 - 2015-06-25 03:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 04:11 - 2015-06-15 23:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 04:11 - 2015-06-15 23:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 04:11 - 2015-06-15 22:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 04:11 - 2015-06-15 22:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 04:11 - 2015-06-15 21:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 04:11 - 2015-06-15 20:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 04:10 - 2015-07-09 20:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 04:10 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 04:10 - 2015-07-09 17:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 04:10 - 2015-07-09 16:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 04:10 - 2015-07-09 16:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 04:10 - 2015-07-09 16:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 04:10 - 2015-07-09 16:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 04:10 - 2015-07-09 16:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 04:10 - 2015-07-09 16:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 04:10 - 2015-07-09 16:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 04:10 - 2015-07-09 16:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 04:10 - 2015-07-09 16:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 04:10 - 2015-07-09 16:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 04:10 - 2015-07-01 23:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 04:10 - 2015-07-01 22:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 04:10 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 04:10 - 2015-06-27 04:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 04:10 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 04:10 - 2015-05-30 22:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 04:10 - 2015-05-30 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 04:10 - 2015-05-30 20:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 04:09 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 04:09 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 04:09 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 04:09 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 04:09 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 04:09 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 04:09 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 04:09 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 04:08 - 2015-06-16 06:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 04:08 - 2015-06-16 06:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 04:08 - 2015-06-15 23:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 04:08 - 2015-06-15 23:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 04:08 - 2015-06-15 23:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 04:08 - 2015-06-15 23:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 04:08 - 2015-06-15 23:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 04:08 - 2015-06-15 22:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 04:08 - 2015-06-15 22:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 04:08 - 2015-06-15 22:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 04:08 - 2015-06-15 22:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 04:08 - 2015-06-15 22:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 04:08 - 2015-06-15 22:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 04:08 - 2015-06-15 22:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 04:08 - 2015-06-15 22:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 04:08 - 2015-06-15 22:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 04:08 - 2015-06-15 22:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 04:08 - 2015-06-15 22:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 04:08 - 2015-06-15 22:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 04:08 - 2015-06-15 22:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 04:08 - 2015-06-15 22:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 04:08 - 2015-06-15 21:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 04:08 - 2015-06-15 21:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 04:08 - 2015-06-15 21:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 04:08 - 2015-06-15 21:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 04:08 - 2015-06-15 21:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 04:08 - 2015-06-15 21:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 04:08 - 2015-06-15 21:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 04:08 - 2015-06-15 21:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 04:08 - 2015-06-15 21:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 04:08 - 2015-06-15 21:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 04:08 - 2015-06-15 21:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 04:08 - 2015-06-15 21:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 04:08 - 2015-06-15 21:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 04:08 - 2015-06-15 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 04:08 - 2015-06-11 04:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 04:08 - 2015-06-10 17:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 04:08 - 2015-05-07 17:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-14 15:54 - 2015-07-14 15:54 - 226056752 _____ C:\Users\Steven.Steven\Documents\vid0673.avi
2015-07-14 15:52 - 2015-07-14 15:52 - 254770720 _____ C:\Users\Steven.Steven\Documents\vid0672.avi
2015-07-14 15:51 - 2015-07-14 15:51 - 638676064 _____ C:\Users\Steven.Steven\Documents\vid0671.avi
2015-07-14 15:49 - 2015-07-14 15:51 - 3193557056 _____ C:\Users\Steven.Steven\Documents\vid0670.avi
2015-07-14 15:47 - 2015-07-14 15:49 - 2615729552 _____ C:\Users\Steven.Steven\Documents\vid0669.avi
2015-07-14 15:45 - 2015-07-14 15:46 - 1115887032 _____ C:\Users\Steven.Steven\Documents\vid0668.avi
2015-07-14 15:44 - 2015-07-14 15:45 - 2884816768 _____ C:\Users\Steven.Steven\Documents\vid0667.avi
2015-07-14 15:43 - 2015-07-14 15:43 - 387528712 _____ C:\Users\Steven.Steven\Documents\vid0666.avi
2015-07-14 15:42 - 2015-07-14 15:43 - 2350224176 _____ C:\Users\Steven.Steven\Documents\vid0665.avi
2015-07-14 15:41 - 2015-07-14 15:42 - 1535709488 _____ C:\Users\Steven.Steven\Documents\vid0664.avi
2015-07-14 15:39 - 2015-07-14 15:40 - 2282022160 _____ C:\Users\Steven.Steven\Documents\vid0663.avi
2015-07-14 15:38 - 2015-07-14 15:39 - 1331486664 _____ C:\Users\Steven.Steven\Documents\vid0662.avi
2015-07-14 15:37 - 2015-07-14 15:37 - 1528623792 _____ C:\Users\Steven.Steven\Documents\vid0661.avi
2015-07-14 15:36 - 2015-07-14 15:36 - 832433984 _____ C:\Users\Steven.Steven\Documents\vid0660.avi
2015-07-14 15:34 - 2015-07-14 15:36 - 2558299984 _____ C:\Users\Steven.Steven\Documents\vid0659.avi
2015-07-14 15:33 - 2015-07-14 15:34 - 4029446528 _____ C:\Users\Steven.Steven\Documents\vid0658.avi
2015-07-14 15:32 - 2015-07-14 15:32 - 1844319744 _____ C:\Users\Steven.Steven\Documents\vid0657.avi
2015-07-14 15:31 - 2015-07-14 15:31 - 1288106328 _____ C:\Users\Steven.Steven\Documents\vid0656.avi
2015-07-14 15:26 - 2015-07-14 15:30 - 1219785608 _____ C:\Users\Steven.Steven\Documents\vid0655.avi
2015-07-14 15:21 - 2015-07-14 15:22 - 2834559808 _____ C:\Users\Steven.Steven\Documents\vid0654.avi
2015-07-14 15:19 - 2015-07-14 15:19 - 699686768 _____ C:\Users\Steven.Steven\Documents\vid0653.avi
2015-07-14 14:16 - 2015-07-14 14:50 - 00003465 _____ C:\Users\Steven.Steven\Documents\dream.txt
2015-07-14 13:46 - 2015-07-14 13:47 - 897024744 _____ C:\Users\Steven.Steven\Documents\vid0652.avi
2015-07-14 10:45 - 2015-07-14 10:45 - 340868720 _____ C:\Users\Steven.Steven\Documents\vid0651.avi
2015-07-14 10:32 - 2015-07-14 10:32 - 391114144 _____ C:\Users\Steven.Steven\Documents\vid0650.avi
2015-07-14 10:31 - 2015-07-14 10:32 - 1320412920 _____ C:\Users\Steven.Steven\Documents\vid0649.avi
2015-07-14 10:30 - 2015-07-14 10:31 - 1697137520 _____ C:\Users\Steven.Steven\Documents\vid0648.avi
2015-07-14 10:28 - 2015-07-14 10:28 - 566924272 _____ C:\Users\Steven.Steven\Documents\vid0647.avi
2015-07-14 10:09 - 2015-07-14 10:09 - 211717688 _____ C:\Users\Steven.Steven\Documents\vid0646.avi
2015-07-14 10:03 - 2015-07-14 10:03 - 559742656 _____ C:\Users\Steven.Steven\Documents\vid0645.avi
2015-07-14 10:00 - 2015-07-14 10:00 - 287064768 _____ C:\Users\Steven.Steven\Documents\vid0644.avi
2015-07-14 09:59 - 2015-07-14 09:59 - 376758952 _____ C:\Users\Steven.Steven\Documents\vid0643.avi
2015-07-14 09:41 - 2015-07-14 09:42 - 778606712 _____ C:\Users\Steven.Steven\Documents\vid0642.avi
2015-07-14 09:39 - 2015-07-14 09:39 - 771434952 _____ C:\Users\Steven.Steven\Documents\vid0641.avi
2015-07-14 09:36 - 2015-07-14 09:36 - 1377810392 _____ C:\Users\Steven.Steven\Documents\vid0640.avi
2015-07-14 09:31 - 2015-07-14 09:32 - 620734520 _____ C:\Users\Steven.Steven\Documents\vid0639.avi
2015-07-14 09:28 - 2015-07-14 09:28 - 473626712 _____ C:\Users\Steven.Steven\Documents\vid0638.avi
2015-07-14 09:21 - 2015-07-14 09:21 - 211709624 _____ C:\Users\Steven.Steven\Documents\vid0637.avi
2015-07-14 09:20 - 2015-07-14 09:20 - 18362336 _____ C:\Users\Steven.Steven\Documents\vid0636.avi
2015-07-14 09:19 - 2015-07-14 09:19 - 509509776 _____ C:\Users\Steven.Steven\Documents\vid0634.avi
2015-07-14 09:19 - 2015-07-14 09:19 - 219432832 _____ C:\Users\Steven.Steven\Documents\vid0635.avi
2015-07-14 09:15 - 2015-07-14 09:15 - 312169984 _____ C:\Users\Steven.Steven\Documents\vid0633.avi
2015-07-14 09:03 - 2015-07-14 09:03 - 527510480 _____ C:\Users\Steven.Steven\Documents\vid0632.avi
2015-07-14 08:59 - 2015-07-14 08:59 - 889879888 _____ C:\Users\Steven.Steven\Documents\vid0631.avi
2015-07-14 08:57 - 2015-07-14 08:57 - 509507088 _____ C:\Users\Steven.Steven\Documents\vid0630.avi
2015-07-14 06:10 - 2015-07-14 06:10 - 00001802 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-14 06:10 - 2015-07-14 06:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-14 06:09 - 2015-07-14 06:10 - 00000000 ____D C:\Program Files\iTunes
2015-07-14 06:09 - 2015-07-14 06:09 - 00000000 ____D C:\Program Files\iPod
2015-07-13 18:20 - 2015-07-13 18:20 - 351642960 _____ C:\Users\Steven.Steven\Documents\vid0629.avi
2015-07-13 18:19 - 2015-07-13 18:19 - 724797360 _____ C:\Users\Steven.Steven\Documents\vid0628.avi
2015-07-13 18:18 - 2015-07-13 18:19 - 749900808 _____ C:\Users\Steven.Steven\Documents\vid0627.avi
2015-07-13 18:18 - 2015-07-13 18:18 - 484410832 _____ C:\Users\Steven.Steven\Documents\vid0626.avi
2015-07-13 18:16 - 2015-07-13 18:16 - 229649352 _____ C:\Users\Steven.Steven\Documents\vid0625.avi
2015-07-13 18:14 - 2015-07-13 18:14 - 441341648 _____ C:\Users\Steven.Steven\Documents\vid0624.avi
2015-07-13 18:10 - 2015-07-13 18:11 - 1456740216 _____ C:\Users\Steven.Steven\Documents\vid0623.avi
2015-07-13 18:09 - 2015-07-13 18:09 - 556191296 _____ C:\Users\Steven.Steven\Documents\vid0622.avi
2015-07-13 18:08 - 2015-07-13 18:08 - 721215512 _____ C:\Users\Steven.Steven\Documents\vid0621.avi
2015-07-13 18:07 - 2015-07-13 18:07 - 897015784 _____ C:\Users\Steven.Steven\Documents\vid0619.avi
2015-07-13 18:07 - 2015-07-13 18:07 - 362447688 _____ C:\Users\Steven.Steven\Documents\vid0620.avi
2015-07-13 16:38 - 2015-07-13 16:49 - 00000410 _____ C:\Users\Steven.Steven\Documents\new blurb.txt
2015-07-13 10:29 - 2015-07-13 10:29 - 00000035 _____ C:\Users\Steven.Steven\Documents\2015 bands.txt
2015-07-12 17:38 - 2015-07-12 17:39 - 383931632 _____ C:\Users\Steven.Steven\Documents\vid0618.avi
2015-07-12 17:37 - 2015-07-12 17:38 - 1801298992 _____ C:\Users\Steven.Steven\Documents\vid0617.avi
2015-07-12 16:38 - 2015-07-12 16:38 - 1370630568 _____ C:\Users\Steven.Steven\Documents\vid0616.avi
2015-07-12 16:04 - 2015-07-12 16:05 - 2030823424 _____ C:\Users\Steven.Steven\Documents\vid0615.avi
2015-07-12 15:38 - 2015-07-12 15:38 - 279881336 _____ C:\Users\Steven.Steven\Documents\vid0614.avi
2015-07-12 15:37 - 2015-07-12 15:37 - 1259415680 _____ C:\Users\Steven.Steven\Documents\vid0613.avi
2015-07-12 15:36 - 2015-07-12 15:36 - 803749608 _____ C:\Users\Steven.Steven\Documents\vid0612.avi
2015-07-12 15:20 - 2015-07-15 11:40 - 00000092 _____ C:\Users\Steven.Steven\Desktop\To watch soon.txt
2015-07-12 14:48 - 2015-07-12 14:48 - 588490696 _____ C:\Users\Steven.Steven\Documents\vid0611.avi
2015-07-12 13:56 - 2015-07-12 13:56 - 437756216 _____ C:\Users\Steven.Steven\Documents\vid0610.avi
2015-07-12 13:55 - 2015-07-12 13:56 - 961631656 _____ C:\Users\Steven.Steven\Documents\vid0609.avi
2015-07-12 13:27 - 2015-07-12 13:28 - 950890592 _____ C:\Users\Steven.Steven\Documents\vid0608.avi
2015-07-12 13:09 - 2015-07-12 13:09 - 513098792 _____ C:\Users\Steven.Steven\Documents\vid0607.avi
2015-07-12 13:06 - 2015-07-12 13:07 - 886477360 _____ C:\Users\Steven.Steven\Documents\vid0606.avi
2015-07-12 11:06 - 2015-07-12 11:06 - 00000360 _____ C:\Users\Steven.Steven\Documents\new movies july.txt
2015-07-12 09:18 - 2015-07-12 09:18 - 574101432 _____ C:\Users\Steven.Steven\Documents\vid0605.avi
2015-07-12 09:11 - 2015-07-12 09:12 - 3821516928 _____ C:\Users\Steven.Steven\Documents\vid0604.avi
2015-07-12 09:06 - 2015-07-12 09:06 - 455694152 _____ C:\Users\Steven.Steven\Documents\vid0603.avi
2015-07-12 09:04 - 2015-07-12 09:05 - 821687544 _____ C:\Users\Steven.Steven\Documents\vid0602.avi
2015-07-12 09:02 - 2015-07-12 09:03 - 1026230480 _____ C:\Users\Steven.Steven\Documents\vid0601.avi
2015-07-12 09:01 - 2015-07-12 09:02 - 868344848 _____ C:\Users\Steven.Steven\Documents\vid0600.avi
2015-07-12 09:01 - 2015-07-12 09:01 - 1083662920 _____ C:\Users\Steven.Steven\Documents\vid0599.avi
2015-07-12 03:33 - 2015-07-12 03:33 - 00000094 _____ C:\Users\Steven.Steven\Documents\moree.txt
2015-07-11 16:44 - 2015-07-11 16:44 - 35912040 _____ C:\Users\Steven.Steven\Documents\vid0598.avi
2015-07-11 16:41 - 2015-07-11 16:43 - 233099256 _____ C:\Users\Steven.Steven\Documents\vid0597.avi
2015-07-11 16:39 - 2015-07-11 16:40 - 843194784 _____ C:\Users\Steven.Steven\Documents\vid0596.avi
2015-07-11 16:33 - 2015-07-11 16:33 - 531051984 _____ C:\Users\Steven.Steven\Documents\vid0595.avi
2015-07-11 16:29 - 2015-07-11 16:30 - 968808792 _____ C:\Users\Steven.Steven\Documents\vid0594.avi
2015-07-11 16:22 - 2015-07-11 16:22 - 362401072 _____ C:\Users\Steven.Steven\Documents\vid0593.avi
2015-07-11 16:21 - 2015-07-11 16:21 - 172242920 _____ C:\Users\Steven.Steven\Documents\vid0592.avi
2015-07-11 16:20 - 2015-07-11 16:21 - 782192144 _____ C:\Users\Steven.Steven\Documents\vid0591.avi
2015-07-11 16:18 - 2015-07-11 16:18 - 523899040 _____ C:\Users\Steven.Steven\Documents\vid0590.avi
2015-07-11 15:56 - 2015-07-11 15:57 - 222473088 _____ C:\Users\Steven.Steven\Documents\vid0589.avi
2015-07-11 15:55 - 2015-07-11 15:56 - 764273944 _____ C:\Users\Steven.Steven\Documents\vid0588.avi
2015-07-11 15:53 - 2015-07-11 15:53 - 1155423672 _____ C:\Users\Steven.Steven\Documents\vid0587.avi
2015-07-11 15:48 - 2015-07-11 15:48 - 111238488 _____ C:\Users\Steven.Steven\Documents\vid0586.avi
2015-07-11 15:44 - 2015-07-11 15:44 - 832445656 _____ C:\Users\Steven.Steven\Documents\vid0585.avi
2015-07-11 15:43 - 2015-07-11 15:44 - 843252176 _____ C:\Users\Steven.Steven\Documents\vid0584.avi
2015-07-11 15:40 - 2015-07-11 15:41 - 233246456 _____ C:\Users\Steven.Steven\Documents\vid0583.avi
2015-07-11 15:40 - 2015-07-11 15:40 - 89720496 _____ C:\Users\Steven.Steven\Documents\vid0581.avi
2015-07-11 15:40 - 2015-07-11 15:40 - 218958488 _____ C:\Users\Steven.Steven\Documents\vid0582.avi
2015-07-11 15:39 - 2015-07-11 15:39 - 480954496 _____ C:\Users\Steven.Steven\Documents\vid0580.avi
2015-07-11 13:17 - 2015-07-11 13:18 - 1033378944 _____ C:\Users\Steven.Steven\Documents\vid0579.avi
2015-07-11 12:55 - 2015-07-11 12:57 - 2501160016 _____ C:\Users\Steven.Steven\Documents\vid0578.avi
2015-07-11 12:55 - 2015-07-11 12:55 - 322934368 _____ C:\Users\Steven.Steven\Documents\vid0577.avi
2015-07-11 12:27 - 2015-07-11 12:28 - 1611400872 _____ C:\Users\Steven.Steven\Documents\vid0576.avi
2015-07-11 08:11 - 2015-07-11 08:15 - 2737609008 _____ C:\Users\Steven.Steven\Documents\vid0575.avi
2015-07-10 15:57 - 2015-07-10 15:58 - 1847885464 _____ C:\Users\Steven.Steven\Documents\vid0574.avi
2015-07-10 15:57 - 2015-07-10 15:57 - 348061112 _____ C:\Users\Steven.Steven\Documents\vid0573.avi
2015-07-10 14:48 - 2015-07-10 14:49 - 1442393088 _____ C:\Users\Steven.Steven\Documents\vid0572.avi
2015-07-10 14:46 - 2015-07-10 14:48 - 3433737584 _____ C:\Users\Steven.Steven\Documents\vid0571.avi
2015-07-10 14:37 - 2015-07-10 14:38 - 211735608 _____ C:\Users\Steven.Steven\Documents\vid0570.avi
2015-07-10 14:36 - 2015-07-10 14:37 - 2741805024 _____ C:\Users\Steven.Steven\Documents\vid0569.avi
2015-07-10 14:34 - 2015-07-10 14:35 - 1604108056 _____ C:\Users\Steven.Steven\Documents\vid0568.avi
2015-07-10 14:31 - 2015-07-10 14:33 - 4091303504 _____ C:\Users\Steven.Steven\Documents\vid0567.avi
2015-07-10 14:29 - 2015-07-10 14:31 - 2635883836 _____ C:\Users\Steven.Steven\Documents\vid0566.avi
2015-07-10 14:28 - 2015-07-10 14:29 - 2023714432 _____ C:\Users\Steven.Steven\Documents\vid0565.avi
2015-07-10 14:26 - 2015-07-10 14:28 - 2579905808 _____ C:\Users\Steven.Steven\Documents\vid0564.avi
2015-07-10 14:20 - 2015-07-10 14:21 - 3749773392 _____ C:\Users\Steven.Steven\Documents\vid0563.avi
2015-07-10 12:54 - 2015-07-10 12:54 - 814487088 _____ C:\Users\Steven.Steven\Documents\vid0562.avi
2015-07-10 12:54 - 2015-07-10 12:54 - 229669984 _____ C:\Users\Steven.Steven\Documents\vid0561.avi
2015-07-10 12:53 - 2015-07-10 12:54 - 857549976 _____ C:\Users\Steven.Steven\Documents\vid0560.avi
2015-07-10 12:29 - 2015-07-10 12:29 - 21538904 _____ C:\Users\Steven.Steven\Documents\vid0559.avi
2015-07-10 12:28 - 2015-07-10 12:28 - 1026269928 _____ C:\Users\Steven.Steven\Documents\vid0558.avi
2015-07-10 12:26 - 2015-07-10 12:27 - 1252347904 _____ C:\Users\Steven.Steven\Documents\vid0557.avi
2015-07-10 10:49 - 2015-07-10 10:50 - 1051396696 _____ C:\Users\Steven.Steven\Documents\vid0556.avi
2015-07-10 09:52 - 2015-07-10 09:52 - 39479552 _____ C:\Users\Steven.Steven\Documents\vid0555.avi
2015-07-10 02:31 - 2015-07-10 02:31 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1E0C2554.sys
2015-07-10 02:24 - 2015-07-10 02:24 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5DC32023.sys
2015-07-09 00:11 - 2015-07-09 00:11 - 00000512 _____ C:\Users\Steven.Steven\Documents\journal 2.txt
2015-07-08 17:42 - 2015-07-08 17:42 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\3A51426E.sys
2015-07-07 21:45 - 2015-07-07 21:45 - 00000289 _____ C:\Users\Steven.Steven\Documents\smb game.txt
2015-07-07 14:59 - 2015-07-07 15:22 - 00002128 _____ C:\Users\Steven.Steven\Documents\croc.txt
2015-07-07 14:48 - 2015-07-07 14:48 - 00000808 _____ C:\Users\Steven.Steven\Documents\drawingg.txt
2015-07-06 11:45 - 2015-07-06 11:45 - 00000222 _____ C:\Users\Steven.Steven\Documents\new drawings.txt
2015-07-06 04:44 - 2015-07-07 21:06 - 00002028 _____ C:\Users\Steven.Steven\Documents\true false questions.txt
2015-07-05 13:24 - 2015-07-05 13:24 - 00000296 _____ C:\Users\Steven.Steven\Documents\alltime.txt
2015-07-05 04:26 - 2015-07-05 04:26 - 00000930 _____ C:\Users\Steven.Steven\Documents\questions.txt
2015-07-04 08:08 - 2015-07-04 08:08 - 00000449 _____ C:\Users\Steven.Steven\Documents\bad raps.txt
2015-07-04 07:06 - 2015-07-04 07:09 - 232179496 _____ C:\Users\Steven.Steven\Documents\vid0554.avi
2015-07-04 07:04 - 2015-07-04 07:04 - 95596184 _____ C:\Users\Steven.Steven\Documents\vid0553.avi
2015-07-04 06:46 - 2015-07-04 06:51 - 1143410520 _____ C:\Users\Steven.Steven\Documents\vid0552.avi
2015-07-04 06:44 - 2015-07-04 06:46 - 172156728 _____ C:\Users\Steven.Steven\Documents\vid0551.avi
2015-07-04 06:27 - 2015-07-04 06:29 - 3221703248 _____ C:\Users\Steven.Steven\Documents\vid0550.avi
2015-07-04 06:27 - 2015-07-04 06:27 - 42820120 _____ C:\Users\Steven.Steven\Documents\vid0549.avi
2015-07-04 03:09 - 2015-07-04 03:09 - 00000633 _____ C:\Users\Steven.Steven\Documents\fnaf.txt
2015-07-03 13:40 - 2015-07-03 13:40 - 00000256 _____ C:\Users\Steven.Steven\Documents\other more.txt
2015-07-03 10:32 - 2015-07-05 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-02 23:53 - 2015-07-02 23:53 - 00000052 _____ C:\Users\Steven.Steven\Documents\colour combos.txt
2015-07-02 10:23 - 2015-07-02 10:23 - 00000552 _____ C:\Users\Steven.Steven\Documents\preacher.txt
2015-07-01 22:56 - 2015-07-01 22:56 - 00000496 _____ C:\Users\Steven.Steven\Documents\found footage.txt
2015-07-01 01:09 - 2015-07-01 01:36 - 00001470 _____ C:\Users\Steven.Steven\Documents\new sketch.txt
2015-07-01 00:26 - 2015-07-14 08:51 - 00000000 ____D C:\Users\Steven.Steven\AppData\Local\Adobe
2015-06-30 11:22 - 2015-06-30 11:37 - 00001225 _____ C:\Users\Steven.Steven\Documents\game333.txt
2015-06-30 11:03 - 2015-06-30 11:16 - 00000715 _____ C:\Users\Steven.Steven\Documents\game3333.txt
2015-06-29 14:01 - 2015-06-29 14:01 - 00000170 _____ C:\Users\Steven.Steven\Documents\goldfish.txt
2015-06-28 11:04 - 2015-06-28 11:13 - 00000517 _____ C:\Users\Steven.Steven\Documents\new books.txt
2015-06-28 10:00 - 2015-06-28 10:00 - 00000438 _____ C:\Users\Steven.Steven\Documents\conspiracy.txt
2015-06-28 03:51 - 2015-07-19 08:21 - 00002190 _____ C:\Users\Steven.Steven\Documents\happy bday.txt
2015-06-27 07:58 - 2015-06-27 07:58 - 00000830 _____ C:\Users\Steven.Steven\Documents\apple.txt
2015-06-27 07:15 - 2015-06-27 07:15 - 00000135 _____ C:\Users\Steven.Steven\Documents\apple bites.txt
2015-06-25 20:31 - 2015-06-25 20:32 - 00000558 _____ C:\Users\Steven.Steven\Documents\scampi.txt
2015-06-25 08:43 - 2015-06-25 08:43 - 00000000 ____D C:\Users\Steven.Steven\AppData\Roaming\AVG2015
2015-06-25 08:42 - 2015-06-25 08:49 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-25 08:41 - 2015-06-25 08:49 - 00000000 ____D C:\ProgramData\AVG2015
2015-06-25 08:37 - 2015-06-25 08:49 - 00000000 ____D C:\Users\Steven.Steven\AppData\Local\Avg2015
2015-06-25 08:37 - 2015-06-25 08:37 - 04928968 _____ (AVG Technologies) C:\Users\Steven.Steven\Downloads\avg_free_stb_all_5961p1_177.exe
2015-06-25 07:30 - 2015-06-25 07:36 - 00001341 _____ C:\Users\Steven.Steven\Documents\as.txt
2015-06-25 05:07 - 2015-06-25 05:07 - 00000485 _____ C:\Users\Steven.Steven\Documents\new names for series.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-24 20:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-24 19:56 - 2014-03-22 10:33 - 01633635 _____ C:\Windows\WindowsUpdate.log
2015-07-24 19:52 - 2014-06-23 01:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-24 19:10 - 2014-03-23 03:14 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-24 18:46 - 2014-03-22 11:39 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0D544576-E30F-4CAD-9155-FAD70C6B56F8}
2015-07-24 18:36 - 2014-04-03 18:08 - 00000000 ____D C:\Users\Steven.Steven\AppData\Local\Paint.NET
2015-07-24 17:39 - 2014-03-22 16:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-07-24 17:17 - 2014-07-09 08:15 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-24 12:34 - 2014-03-22 11:45 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1173336206-2999024541-334857791-1002
2015-07-24 11:36 - 2014-04-03 16:41 - 00000000 ____D C:\Users\Steven.Steven\Documents\Roblox Projects
2015-07-24 11:35 - 2014-03-23 03:22 - 00000000 ____D C:\Users\Steven.Steven\AppData\Local\Last.fm
2015-07-24 08:26 - 2014-03-22 16:53 - 00000000 ____D C:\Users\Steven.Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-07-24 07:17 - 2014-03-22 17:00 - 00001416 _____ C:\Users\Steven.Steven\Desktop\ROBLOX Player.lnk
2015-07-24 06:11 - 2015-06-09 08:34 - 00037595 _____ C:\Users\Steven.Steven\Desktop\Dream Journal5.txt
2015-07-24 06:10 - 2014-03-23 03:14 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-24 06:08 - 2014-06-26 13:22 - 00000000 ____D C:\Users\Steven.Steven\AppData\Local\CrashDumps
2015-07-24 06:08 - 2014-03-22 11:41 - 00000000 ____D C:\Users\Steven.Steven\Documents\Youcam
2015-07-22 08:21 - 2014-03-24 18:12 - 00000000 ____D C:\Users\Steven.Steven\Documents\ACID Music Studio 10.0 Projects
2015-07-22 06:25 - 2014-09-14 17:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-22 06:05 - 2013-08-22 15:46 - 00039460 _____ C:\Windows\setupact.log
2015-07-22 06:05 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 06:05 - 2013-08-22 15:44 - 00569728 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 21:04 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-21 18:47 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-21 14:38 - 2014-10-15 02:32 - 00000000 ____D C:\Users\Steven.Steven\Desktop\Future Scripts for use
2015-07-21 08:41 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-19 09:10 - 2014-03-23 05:50 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-18 13:59 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-07-18 08:32 - 2015-04-03 10:13 - 00001012 _____ C:\Users\Steven.Steven\Desktop\Upcoming movies 2016.txt
2015-07-17 19:44 - 2014-03-22 11:38 - 00000000 ____D C:\Users\Steven.Steven
2015-07-17 17:17 - 2014-03-22 11:42 - 00000000 ___RD C:\Users\Steven.Steven\SkyDrive
2015-07-17 17:11 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-17 17:11 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\WinStore
2015-07-17 08:50 - 2014-12-10 09:13 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-17 08:50 - 2014-07-11 01:36 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-17 08:50 - 2014-03-24 19:13 - 00000000 ____D C:\Windows\system32\MRT
2015-07-17 07:39 - 2015-04-04 08:22 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 07:39 - 2015-04-04 08:22 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-16 06:05 - 2014-03-23 03:14 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 06:05 - 2014-03-23 03:14 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 17:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\en-GB
2015-07-15 04:21 - 2014-03-23 03:21 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-15 03:56 - 2015-02-03 23:08 - 00003826 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1416964690
2015-07-15 03:56 - 2014-11-26 02:18 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-15 03:56 - 2014-11-26 02:17 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-14 08:50 - 2014-06-23 01:33 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 06:10 - 2014-03-22 14:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-14 06:09 - 2014-03-22 14:57 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-13 22:10 - 2015-03-12 17:55 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 22:10 - 2015-03-12 17:55 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 04:14 - 2014-09-28 20:59 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-07-12 16:05 - 2015-05-25 08:41 - 00000533 _____ C:\Users\Steven.Steven\Desktop\chatu.txt
2015-07-11 11:06 - 2014-10-09 14:02 - 00000000 ____D C:\Users\Steven.Steven\Desktop\story scripts [copy]
2015-07-11 07:07 - 2014-03-24 09:37 - 00000000 ____D C:\Users\Steven.Steven\AppData\Local\Spotify
2015-07-11 07:07 - 2014-03-24 09:33 - 00000000 ____D C:\Users\Steven.Steven\AppData\Roaming\Spotify
2015-07-11 04:56 - 2014-08-10 01:52 - 00001216 _____ C:\Users\Steven.Steven\Desktop\Amazon Music.lnk
2015-07-07 08:19 - 2015-06-15 19:15 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-05 12:45 - 2014-03-22 13:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 12:45 - 2013-08-26 07:01 - 01178426 _____ C:\Windows\PFRO.log
2015-07-03 08:43 - 2014-03-24 19:13 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-28 21:28 - 2015-02-08 21:10 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForSteven.job
2015-06-25 08:49 - 2014-06-25 02:41 - 00000000 ____D C:\Program Files (x86)\AVG
2015-06-25 08:49 - 2014-06-25 02:38 - 00000000 ____D C:\ProgramData\MFAData
2015-06-25 08:42 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-06-25 08:09 - 2014-03-22 11:38 - 00000000 ____D C:\Users\Steven.Steven\AppData\Local\Packages
2015-06-24 19:35 - 2014-07-09 08:15 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-24 19:35 - 2014-07-09 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-24 19:35 - 2014-07-09 08:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======

2014-06-25 09:50 - 2014-06-25 09:50 - 0000017 _____ () C:\Users\Steven.Steven\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 06:00

==================== End of log ============================

 

And now here is the 'addition' log.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Steven at 2015-07-24 20:07:00
Running from C:\Users\Steven.Steven\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1173336206-2999024541-334857791-500 - Administrator - Disabled)
Guest (S-1-5-21-1173336206-2999024541-334857791-501 - Limited - Disabled)
Steven (S-1-5-21-1173336206-2999024541-334857791-1002 - Administrator - Enabled) => C:\Users\Steven.Steven

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ACID Music Studio 10.0 (HKLM-x32\...\{A8016D8F-6838-11E3-8FB5-F04DA23A5C58}) (Version: 10.0.99 - Sony)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon Music (HKU\S-1-5-21-1173336206-2999024541-334857791-1002\...\Amazon Amazon Music) (Version: 3.9.7.901 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5BB304EB-8E5B-0F2D-66FA-6603D9BB3232}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{06A333EA-4E9D-4848-865F-FE5A1E12AB30}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bombing Bastards (HKLM-x32\...\Steam App 314220) (Version:  - Sanuk Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bus Driver (HKLM-x32\...\Steam App 302080) (Version:  - SCS Software)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Catlateral Damage (HKLM-x32\...\Steam App 329860) (Version:  - Chris Chung)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes en-GB (HKLM-x32\...\{C438C1D0-A46C-4BFA-AF02-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
DVD Architect Studio 5.0 (HKLM-x32\...\{E3D1078F-9660-11E2-9E28-F04DA23A5C58}) (Version: 5.0.178 - Sony)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)
Five Nights at Freddy's 2 (HKLM-x32\...\Steam App 332800) (Version:  - Scott Cawthon)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hive (HKLM-x32\...\Steam App 251210) (Version:  - Blueline Games)
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1173336206-2999024541-334857791-1002\...\HPConnectedMusic) (Version: 1.1 (build 106) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.28.01 - Hyperionics Technology LLC)
I am Bread (HKLM-x32\...\Steam App 327890) (Version:  - Bossa Studios)
Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden
iTunes (HKLM\...\{8A99C2B8-2B40-46B2-B900-621DC8E177CF}) (Version: 12.2.1.16 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
KRUNCH (HKLM-x32\...\Steam App 280500) (Version:  - LeGrudge & Rugged)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1173336206-2999024541-334857791-1002\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{6BE763B0-958D-11E2-A440-F04DA23A5C58}) (Version: 12.0.896 - Sony)
Mozilla Firefox 39.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-GB)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NewBlue VideoFX for Sony Vegas MSPPS (HKLM\...\NewBlue VideoFX for Sony Vegas MSPPS) (Version: 2.0 - NewBlue)
Octodad: Dadliest Catch (HKLM-x32\...\Steam App 224480) (Version:  - Young Horses)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Q*bert: Rebooted (HKLM-x32\...\Steam App 285960) (Version:  - Sideline Amusements)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
ROBLOX Player for Steven (HKU\S-1-5-21-1133331206-2939024541-331153794-1042\...\{373D1718-8CC4-4527-8EE1-9023AD08A620}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Steven (HKU\S-1-5-21-1133331206-2939024541-331153794-1042\...\{2911D6F1-2265-4EHA-93A9-94GEAB3AFA64}) (Version:  - ROBLOX Corporation)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Sony Vocal Eraser (HKLM-x32\...\Sony Vocal Eraser_is1) (Version: 1.00 - iZotope, Inc.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{75648F62-925B-11E2-B9EF-F04DA23A5C58}) (Version: 10.0.245 - Sony)
Spore (HKLM-x32\...\Steam App 17390) (Version:  - Maxis™)
Spotify (HKU\S-1-5-21-1173336206-2999024541-334857791-1002\...\Spotify) (Version: 1.0.8.59.gee82e7e6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Toy Cars (HKLM-x32\...\Steam App 116100) (Version:  - Eclipse Games)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Impossible Game (HKLM-x32\...\Steam App 251630) (Version:  - Grip Games)
The Swapper (HKLM-x32\...\Steam App 231160) (Version:  - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
Transformice (HKLM-x32\...\Steam App 335240) (Version:  - Atelier 801)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
TruePianos Amber Lite (ACID Music Studio) 1.5.0 (HKLM-x32\...\TruePianos Amber Lite (ACID Music Studio)_is1) (Version:  - 4Front Technologies)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1173336206-2999024541-334857791-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Steven.Steven\AppData\Local\Roblox\Versions\version-0d46087630eb46cd\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-1173336206-2999024541-334857791-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Steven.Steven\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

04-07-2015 04:43:34 Scheduled Checkpoint
10-07-2015 02:04:10 Windows Update
15-07-2015 04:22:59 Windows Update
21-07-2015 08:38:27 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {114F08D0-EF61-46B1-A781-A9FEA710246D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-07] (Hewlett-Packard)
Task: {18F602DD-34AC-42C7-835F-397E8AC0DEAF} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1173336206-2999024541-334857791-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {1994D2EB-47A7-48D0-A26E-4ADC7931BBF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-07] (Hewlett-Packard)
Task: {1A3FB5BE-D530-4CC4-81EA-8603EB466D16} - System32\Tasks\Opera scheduled Autoupdate 1416964690 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {2B0B5196-C453-46E2-81E9-07C8F298571D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {45A47BB4-BBFA-4644-B7C8-5A6729918401} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {5DDA3272-B7FD-436C-98A5-31C71C6B63CC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {663B8EEC-E685-47F1-80F7-6695D0814186} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {6A08E8E8-36D0-4CE5-9C5F-011EADA99884} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
Task: {783C28D0-233E-4AAF-BAF0-C2D6B45923BF} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {87FBEE57-05C9-4B38-8B15-599E1BA1E8F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
Task: {8ABCFE9D-A02D-4D87-BBFF-A5BEFFE7408A} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {A5046325-8341-4A4B-B6DE-C9D5B2E02F15} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AD704675-2720-426E-8A15-B7FF30C746E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {D5FCFF90-829F-4E14-BE9A-406B9C552638} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {DEFD5BFF-AD5F-4AA5-85DD-53611ABD6E10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {DFB123AF-8461-459B-89E8-E3899E941F30} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation)
Task: {F5B71134-BC17-4FE5-9F7A-23A580977A45} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {FCE875DA-C9F4-41A4-8D2B-954C7AD07CBB} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSteven.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-26 11:28 - 2013-09-26 11:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-26 11:25 - 2013-09-26 11:25 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-26 11:25 - 2013-09-26 11:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-26 11:25 - 2013-09-26 11:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-26 11:39 - 2013-09-26 11:39 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-26 11:39 - 2013-09-26 11:39 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-25 07:48 - 2013-09-25 07:48 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-09-23 04:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-16 18:10 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-26 11:34 - 2013-09-26 11:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-09-25 07:48 - 2013-09-25 07:48 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 19:19 - 2012-12-20 19:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 19:19 - 2012-12-20 19:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2013-11-27 20:59 - 2013-02-01 12:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll
2013-11-27 20:59 - 2013-02-01 12:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll
2013-11-27 20:59 - 2013-02-01 12:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll
2013-11-27 20:59 - 2013-02-01 12:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll
2013-11-27 20:59 - 2013-02-01 12:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll
2013-11-27 20:59 - 2013-02-01 12:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll
2013-11-27 20:59 - 2013-02-01 12:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2013-11-27 20:53 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-23 03:22 - 2015-04-20 02:00 - 00738784 _____ () C:\Program Files (x86)\Last.fm\unicorn.dll
2014-03-23 03:22 - 2015-04-20 02:00 - 00128992 _____ () C:\Program Files (x86)\Last.fm\listener.dll
2014-03-23 03:22 - 2015-04-20 02:00 - 00034784 _____ () C:\Program Files (x86)\Last.fm\logger.dll
2014-03-23 03:22 - 2015-04-20 02:00 - 00353248 _____ () C:\Program Files (x86)\Last.fm\lastfm.dll
2014-03-23 03:22 - 2015-04-20 01:59 - 00304608 _____ () C:\Program Files (x86)\Last.fm\phonon.dll
2015-04-23 21:56 - 2015-04-20 02:00 - 00184800 _____ () C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll
2014-03-23 03:22 - 2015-04-20 01:59 - 00113120 _____ () C:\Program Files (x86)\Last.fm\libvlc.dll
2014-03-23 03:22 - 2015-04-20 01:59 - 02288608 _____ () C:\Program Files (x86)\Last.fm\libvlccore.dll
2015-04-23 21:56 - 2015-04-20 02:00 - 00051680 _____ () C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Steven\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Steven.Steven\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1173336206-2999024541-334857791-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Steven.Steven\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1173336206-2999024541-334857791-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1173336206-2999024541-334857791-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1173336206-2999024541-334857791-1002\...\StartupApproved\Run: => "Amazon Music"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2786685C-F1E3-4171-98B7-B8BF30E17FB0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4C288755-76FE-4DBC-AD8C-07D104DC428A}] => (Allow) LPort=2869
FirewallRules: [{ED49264E-7943-4CA5-A39F-0B3E760A3B53}] => (Allow) LPort=1900
FirewallRules: [{FF9639B3-C981-46E8-BBEA-C45367A8AE5F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{CC31FEEA-D33A-4894-AD1F-DB20EBF599EB}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{EA2FE627-C9EE-4977-BF4E-EDD6B4EEFFB6}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{7D7A3D59-BDC6-4B75-A5D8-598931A23BDA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{5C734C0D-A1F5-4C1F-91E2-6C39B3B66CD8}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{6F677648-DB26-4546-B490-D4CE4F55A6A3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{966C2ACC-813B-45AF-9933-55FF4149F359}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2487C062-9720-4950-BBE9-DBA8E8335827}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D181197B-1B68-4479-B1C4-1F6094E28FEE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EEFCC60F-9F83-4167-BAFE-2B27C969B3E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CC4FC243-A550-4B8B-AC2E-5D723C369392}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{41B9D7B4-D9C5-458C-A5B3-408AE031E36D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{27579E9C-83B5-45BD-9553-0266ADA6DB4B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{CF9E74F7-1AC7-49F8-BCD9-3E0F5DB76A94}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{6BED619E-EB00-47A5-BA19-8020CA49D1CE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{2E0CE17F-015A-4925-BB68-64EE4CF52BEB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{30214629-2F96-43C8-B681-6AC10076FEAC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{39AF2B65-385A-45D4-9939-205C3364CA32}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2B6CF5C7-4D44-48A6-808F-BBDDBA54E0AB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{41B9D7AD-2A42-4525-B6F1-45D452F73A7E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{74664F50-D55F-4530-97B3-26BABB6E7BE9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8B7CE05F-0AD3-4235-99B4-7BA9EB244B18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{59AFEFEA-3D82-4D9A-9D1F-5F8B50233671}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{3B4714E5-1463-446E-BD92-2173B6A08215}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3432C897-ABAD-46D6-B592-1BD9E1157361}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{937D41D3-B27E-4F77-A95A-12E7BEE3D0A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\KRUNCH\KRUNCH.exe
FirewallRules: [{3C8AAF9C-8D75-44E6-89D3-3F22976C31FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\KRUNCH\KRUNCH.exe
FirewallRules: [{1A9CAD80-368F-44F7-B106-130DBF27C986}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hive\Hive.exe
FirewallRules: [{A342E8D1-7910-4BD6-8E3D-87E2550798C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hive\Hive.exe
FirewallRules: [{1E054D7B-B21A-4A84-B15C-8B492B272E32}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{D1C036B4-A03B-4788-92D8-B732B420810B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{1BBAF917-0950-4A6E-ACCA-2D9DE0A48FD7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Swapper\TheSwapper.exe
FirewallRules: [{BFCC4155-3ADF-47BD-B4F3-3555F69B56C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Swapper\TheSwapper.exe
FirewallRules: [{3F735474-8D9D-4188-82A3-2010815240E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheImpossibleGame\ImpossibleGame.exe
FirewallRules: [{12CA5526-FC17-4A4B-A4BA-0E0D9AF25DF1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheImpossibleGame\ImpossibleGame.exe
FirewallRules: [{44F6A174-7EDB-4166-83DD-49A0AD18F26A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bus Driver\bin\win_x86\busdriver.exe
FirewallRules: [{7712BD95-AFED-4FB0-9D57-936E137E8B47}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bus Driver\bin\win_x86\busdriver.exe
FirewallRules: [{62D2DA64-E442-4028-A44B-C861A0C52BCB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bus Driver\bin\win_x86\launcher.exe
FirewallRules: [{66A8C537-5A61-456A-B105-850332D4B7AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bus Driver\bin\win_x86\launcher.exe
FirewallRules: [{BBDAEB38-A8D1-4571-AE9D-E4563698A3EC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Toy Cars\SuperToyCars.exe
FirewallRules: [{1567E8F0-35A7-4207-A430-CA8FAEF3D38D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Toy Cars\SuperToyCars.exe
FirewallRules: [{93B486BF-108F-439E-ACB3-A5514E7529D5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1881AC8F-9D7A-462C-8B64-B8DB84B9334E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BB588B96-A8CF-4B43-9188-358C459F28F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{DC5CA4EF-F800-4D99-BC16-C0FC56780094}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{FC7CE21D-D562-4E4C-B6FD-7C6990A73B12}] => (Allow) C:\Users\Steven.Steven\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3092F087-D345-4C49-99C0-F9A3A272F83E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{8791AB3A-7DC8-4D4F-AC05-3A8920F3F1AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\QBert\QBert.exe
FirewallRules: [{34C1A377-9513-49E2-9C36-4D8AA7C491F4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\QBert\QBert.exe
FirewallRules: [{9AEFD412-3F3E-487F-9F91-D623BF96EAB9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CatlateralDamage\CatlateralDamage.exe
FirewallRules: [{7F3E5A8B-3101-45C5-A76D-D13D63FB3631}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CatlateralDamage\CatlateralDamage.exe
FirewallRules: [{F63F174B-7113-4F84-B51D-0CE7C5FB7480}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
FirewallRules: [{7816506F-ACD5-4318-A6CE-A708A78100E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
FirewallRules: [{9CA05383-BAB4-4F6F-8F5C-95AB3FBC9975}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{0D75A253-D2F2-46ED-BD3E-C9BBAEFEC34E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{387189B3-AF01-4A37-82E9-BEECE87D429F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{179BB786-952A-4334-BFB6-5E7B615D57BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{A6FEC814-BC18-4A80-805A-045A5ABF9330}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bombing Bastards\BombingBastards.exe
FirewallRules: [{1FE0B148-0C70-437A-9A63-E4C7EB8E663F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bombing Bastards\BombingBastards.exe
FirewallRules: [{E64C486B-3DAD-4991-8980-CF41A9D610FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\iambread\IamBread.exe
FirewallRules: [{93538DF4-49C6-4FDB-9A37-5ED3E16CC903}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\iambread\IamBread.exe
FirewallRules: [{9A5237BA-CDF9-47B0-903A-6E7C77F4CAF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9514C3B9-BF72-4C7B-8AA3-273D83041902}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7EDD3DA2-C5C1-4D5F-8410-03E85B981463}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{241451FF-844C-43E0-88E4-71C5ABA65A51}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A9F093C6-5CAD-4324-9026-2E85E681FEC8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Transformice\Transformice.exe
FirewallRules: [{7E70CE9A-CEBE-4499-BFEF-2DFCFF44C567}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Transformice\Transformice.exe
FirewallRules: [{E3602A17-6EF6-419D-9E77-AD656B2C2B5C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E70783EC-9B0C-4859-8D3F-5F9C080C0529}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{08727D2A-D1E4-46CB-BEF2-ED5715218F16}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{24231D1D-92A0-40AB-9DAC-5ACA5AAB005A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D6A52955-B9A9-4C4F-B9FA-081F6B6964B9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2015 06:33:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/24/2015 06:07:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WerFault.exe, version: 6.3.9600.17415, time stamp: 0x54503815
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000142
Fault offset: 0x0009d4f2
Faulting process ID: 0x130c
Faulting application start time: 0xWerFault.exe0
Faulting application path: WerFault.exe1
Faulting module path: WerFault.exe2
Report ID: WerFault.exe3
Faulting package full name: WerFault.exe4
Faulting package-relative application ID: WerFault.exe5

Error: (07/24/2015 06:06:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32652453

Error: (07/24/2015 06:06:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32652453

Error: (07/24/2015 06:06:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2015 09:02:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15047

Error: (07/23/2015 09:02:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15047

Error: (07/23/2015 09:02:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2015 06:52:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WerFault.exe, version: 6.3.9600.17415, time stamp: 0x54503815
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000142
Fault offset: 0x0009d4f2
Faulting process ID: 0x784
Faulting application start time: 0xWerFault.exe0
Faulting application path: WerFault.exe1
Faulting module path: WerFault.exe2
Report ID: WerFault.exe3
Faulting package full name: WerFault.exe4
Faulting package-relative application ID: WerFault.exe5

Error: (07/23/2015 06:51:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26863812


System errors:
=============
Error: (07/23/2015 09:01:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 2 time(s).

Error: (07/23/2015 07:07:50 PM) (Source: DCOM) (EventID: 10010) (User: Steven)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/23/2015 07:07:20 PM) (Source: DCOM) (EventID: 10010) (User: Steven)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/23/2015 06:51:26 AM) (Source: DCOM) (EventID: 10010) (User: Steven)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/22/2015 11:23:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/22/2015 11:23:10 PM) (Source: DCOM) (EventID: 10010) (User: Steven)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/22/2015 07:59:22 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (07/22/2015 07:59:17 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (07/22/2015 07:59:11 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (07/22/2015 07:59:06 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.


Microsoft Office:
=========================
Error: (07/24/2015 06:33:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/24/2015 06:07:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WerFault.exe6.3.9600.1741554503815KERNELBASE.dll6.3.9600.17736550f42c2c00001420009d4f2130c01d0c5ce9ef484faC:\Windows\SysWOW64\WerFault.exeKERNELBASE.dlldf32d4c8-31c1-11e5-82d4-a01d48e0c886

Error: (07/24/2015 06:06:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32652453

Error: (07/24/2015 06:06:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32652453

Error: (07/24/2015 06:06:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2015 09:02:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15047

Error: (07/23/2015 09:02:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15047

Error: (07/23/2015 09:02:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2015 06:52:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WerFault.exe6.3.9600.1741554503815KERNELBASE.dll6.3.9600.17736550f42c2c00001420009d4f278401d0c50bc2fbda83C:\Windows\SysWOW64\WerFault.exeKERNELBASE.dll059ffdd3-30ff-11e5-82d4-a01d48e0c886

Error: (07/23/2015 06:51:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26863812


==================== Memory info ===========================

Processor: AMD A10-5745M APU with Radeon™ HD Graphics
Percentage of memory in use: 35%
Total physical RAM: 7366.26 MB
Available physical RAM: 4769.38 MB
Total Virtual: 8518.26 MB
Available Virtual: 4802.6 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:912.57 GB) (Free:95.14 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.17 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CF9F01CA)

Partition: GPT Partition Type.

==================== End of log ============================



#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:49 AM

Posted 26 July 2015 - 10:00 PM

Hello, :)

 

The first thing we need to do is cut FRST64 from your Downloads folder and paste it onto your Desktop.

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also, update me on how your system is performing after running the fix.

Attached Files


Best Regards,
oneof4.


#5 Felty

Felty
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 27 July 2015 - 02:18 PM

Hello, thank you, I did what you said. I accidentally ran it twice as well so I hope that won't make a difference, but here are the results from the first fixlog.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Steven at 2015-07-27 19:54:38 Run:1
Running from C:\Users\Steven.Steven\Desktop
Loaded Profiles: Steven (Available Profiles: Steven)
Boot Mode: Normal
==============================================

fixlist content:
*****************
AlternateDataStreams: C:\Users\Steven\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Steven.Steven\SkyDrive:ms-properties
*****************

"C:\Users\Steven\SkyDrive" => ":ms-properties" ADS not found.
"C:\Users\Steven.Steven\SkyDrive" => ":ms-properties" ADS not found.

==== End of Fixlog 19:54:39 ====

 

As for system performance, I'm not sure if it's just me, but my laptop does actually seem a lot faster now. I've tested it, and web pages seem to be loading quicker than they were before. I'm very grateful if that's because of the fixlist.



#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:49 AM

Posted 27 July 2015 - 08:38 PM

Hi Felty, :)

 

Perhaps the ADS streams were slowing things down, nevertheless, it's good that you are seeing improvement.

 

Let's check for any leftovers:

 

Malwarebytes' Anti-Malware

I see you have MBAM installed - I think this is a great program and would like you to run a scan at this time:

  • Double-click mbam icon
  • Click on Update Now to download the current database definitions, and then click the Scan Now button.
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions if threats are found, otherwise click Finish.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
  • After rebooting the computer, copy and paste the mbam.log in your next reply.

 

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Single click on the most current scan, then the Scanning History Log will open.
  • Click the Export button.
  • Click Copy to Clipboard...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.

Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

 

==========

 

ESET Online Scanner using Internet Explorer:


Note 1: These instructions are for Internet Explorer only! If you're using another browser, please stop here and let me know!
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Click this link to open ESET OnlineScan.
  • Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
  • When prompted allow the Add-On/Active X to install.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!


Best Regards,
oneof4.


#7 Felty

Felty
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 28 July 2015 - 03:08 AM

Hello, thanks, I did a Malwarebytes scan, here are the results from that.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/07/2015
Scan Time: 07:21
Logfile: mal scan log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.28.01
Rootkit Database: v2015.07.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Steven

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401311
Time Elapsed: 1 hr, 29 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

As for the second scan, I don't use internet explorer, I mainly use firefox (and in rare cases chrome). Internet explorer is still on my computer though, but I just never click it (unless by accident).



#8 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:49 AM

Posted 28 July 2015 - 08:57 AM

Go ahead and use IE to run ESET.


Best Regards,
oneof4.


#9 Felty

Felty
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 28 July 2015 - 04:39 PM

Hello, I've done as instructed. I paused Kaspersky protection, did the scan and it found and deleted the following two threats. I resumed Kaspersky protection afterwards, and then restarted as Kaspersky wouldn't open when clicking it for some reason. But it's fully working now.

 

C:\Users\Steven.Steven\Downloads\cbsidlm-cbsi188-Blue_Cats_Widening_ParametrEQ_VST-SEO-75329641.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting - quarantined

C:\Users\Steven.Steven\Downloads\cbsidlm-cbsi188-Security_Task_Manager-SEO-10246545.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting - quarantined

 

Also, it may be nothing, but just in case, I feel I should mention that after I paused Kaspersky protection it said something along the lines of 'Kaspersky has found [a certain number] of open networks, terminating in...' and then it did a countdown that I didn't react to.
 



#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:49 AM

Posted 29 July 2015 - 12:08 PM

Hey, :)

 

Not sure what Kaspersky is griping about.  The fact that the other scans have come back clean leads me to believe that any malware has been delt with.

 

So, with that being said...

 

Congratulations! You now appear clean!  :cool:

**********

Please pay particularly close attention to the instructions that follow. To neglect these steps risk needless reinfection!!

**********

Are things running okay?  Do you have any more questions?

**********

  • Any programs that we had you download and/or install can be removed at this time.
  • If we had you create or download any custom fixes, these can be deleted at this time.

**********

Recommendations

Below are some recommendations to lower your chances of (re)infection.
 
:step1: Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.
 
:step2: Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls
 
:step3: Install an Anti-Spyware program, and update it regularly

Malwarebytes' Anti-Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.

SUPERAntiSpyware is another good scanner with high detection and removal rates.
Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
 
:step4: Prevention article : To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read our Best Practices article by quietman7.
 
:step5: Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
http://www.techtalkz.com/windows-7/515869-windows-update-enable-disable-automatic-updates-windows-7-guide.html
 
:step6: Keep your other software up to date as well.

Software does not need to be made by Microsoft to be insecure. Download Secunia Software Inspector to keep all your software up to date.
 
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing . :(
 
**********

Safe Surfing!


Best Regards,
oneof4.


#11 Felty

Felty
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 30 July 2015 - 09:18 AM

Great, in that case thanks very much. I thoroughly appreciate all the help and will ensure that I follow all of those safety tips. Thanks again!



#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:49 AM

Posted 03 August 2015 - 01:53 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users