Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015
Ran by user (administrator) on USER-PC (26-12-2015 22:07:49)
Running from C:\Users\user\Downloads
Loaded Profiles: user & (Available Profiles: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Acer Incorporated) C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [AutoLockProcess] => C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe [456080 2010-09-16] (Acer Inc.)
HKLM\...\Run: [Acer PowerSaver] => C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe [536576 2009-04-17] (Acer Incorporated)
HKLM\...\Run: [Acer SmartBoot] => C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe [448000 2009-05-12] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-02-01] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RaidCall] => C:\Program Files (x86)\RaidCall.RU\raidcall.exe [5127832 2015-11-06] (RAIDCALL.COM)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3945883201-336551496-2958160573-1000\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-03] (BitTorrent Inc.)
HKU\S-1-5-21-3945883201-336551496-2958160573-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-03] (BitTorrent Inc.)
HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3945883201-336551496-2958160573-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\S-1-5-21-3945883201-336551496-2958160573-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [456224 2010-07-29] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-07-12] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
Tcpip\..\Interfaces\{04327659-C96B-4FF8-A007-36838D9D58E9}: [DhcpNameServer] 192.168.2.1 142.166.166.166
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3945883201-336551496-2958160573-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3945883201-336551496-2958160573-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/?gws_rd=ssl
HKU\S-1-5-21-3945883201-336551496-2958160573-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/?gws_rd=ssl
HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3945883201-336551496-2958160573-1000 -> {2368BE58-9390-435F-B51C-07E2426E6FD7} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2368BE58-9390-435F-B51C-07E2426E6FD7} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3945883201-336551496-2958160573-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-02] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-02] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3945883201-336551496-2958160573-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\user\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://uk.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASLSvc; C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe [502784 2009-05-12] (Acer Incorporated) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 eLockService; C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe [30080 2010-09-16] (Acer Inc.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-02-17] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 eLock2BurnerLockDriver; C:\Windows\System32\DRIVERS\eLock2BurnerLockDriver.sys [16416 2010-08-05] (Windows (R) Win 7 DDK provider)
R2 eLock2FSCTLDriver; C:\Windows\System32\DRIVERS\eLock2FSCTLDriver.sys [100384 2008-03-11] (Acer, Inc.)
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2014-10-16] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-26] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-26 22:07 - 2015-12-26 22:09 - 00017911 _____ C:\Users\user\Downloads\FRST.txt
2015-12-26 22:07 - 2015-12-26 22:07 - 02370560 _____ (Farbar) C:\Users\user\Downloads\FRST64 (1).exe
2015-12-26 22:04 - 2015-12-26 22:07 - 00000000 ____D C:\FRST
2015-12-26 22:04 - 2015-12-26 22:04 - 02370560 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-12-26 21:34 - 2015-12-26 21:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-26 21:34 - 2015-12-26 21:34 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-26 21:34 - 2015-12-26 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-26 21:34 - 2015-12-26 21:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-26 21:34 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-26 21:34 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-26 21:34 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-26 21:28 - 2015-12-26 21:31 - 22908888 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-26 19:59 - 2015-12-26 19:59 - 00035972 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e07.friends.in.high.places.internal.hdtv.x264.d0nk.sparrow.torrent
2015-12-26 19:59 - 2015-12-26 19:59 - 00029414 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e08.hitlers.plane.hdtv.x264.d0nk.sparrow.torrent
2015-12-26 19:57 - 2015-12-26 19:57 - 00023846 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e06.hitlers.safehouse.hdtv.x264.d0nk.torrent
2015-12-26 09:19 - 2015-12-26 09:19 - 00000000 ____D C:\$SysReset
2015-12-21 21:53 - 2015-12-21 21:55 - 22859232 _____ (Splashtop Inc.) C:\Users\user\Downloads\Splashtop_Streamer_WIN_v3.0.2.1.EXE
2015-12-21 21:03 - 2015-12-21 21:03 - 01013600 _____ (Remote Mouse ) C:\Users\user\Downloads\RemoteMouse.exe
2015-12-21 19:53 - 2015-12-21 19:54 - 01525760 _____ C:\Users\user\Downloads\sbt-0.13.9.2 (2).msi
2015-12-21 19:53 - 2015-12-21 19:53 - 01525760 _____ C:\Users\user\Downloads\sbt-0.13.9.2 (1).msi
2015-12-21 19:27 - 2015-12-21 19:48 - 247237112 _____ C:\Users\user\Downloads\ideaIC-15.0.2.exe
2015-12-21 19:23 - 2015-12-21 19:23 - 01525760 _____ C:\Users\user\Downloads\sbt-0.13.9.2.msi
2015-12-21 19:12 - 2015-12-21 19:12 - 01785560 _____ C:\Users\user\Downloads\SPenDigitizer.apk
2015-12-21 18:48 - 2015-12-21 18:49 - 00160768 _____ C:\Users\user\Downloads\SPenClient.exe
2015-12-19 21:10 - 2015-12-19 21:10 - 00001290 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-12-19 20:49 - 2015-12-19 20:50 - 00689328 _____ (Adobe Systems Incorporated) C:\Users\user\Downloads\CreativeCloudSet-Up.exe
2015-12-19 18:14 - 2015-12-19 18:23 - 96819488 _____ (The GIMP Team ) C:\Users\user\Downloads\gimp-2.8.16-setup.exe
2015-12-16 20:10 - 2015-12-16 20:10 - 00002326 _____ C:\Users\user\Downloads\[kat.cr]the.last.man.on.earth.s02e10.hdtv.x264.killers.ettv.torrent
2015-12-16 20:08 - 2015-12-16 20:08 - 00002459 _____ C:\Users\user\Downloads\[kat.cr]the.last.man.on.earth.s02e09.hdtv.x264.killers.ettv.torrent
2015-12-16 20:07 - 2015-12-16 20:07 - 00013150 _____ C:\Users\user\Downloads\[kat.cr]the.last.man.on.earth.s02e08.hdtv.x264.fleet.rartv.torrent
2015-12-16 19:16 - 2015-12-16 19:16 - 00002408 _____ C:\Users\user\Downloads\[kat.cr]the.last.man.on.earth.s02e07.hdtv.x264.killers.ettv.torrent
2015-12-16 19:15 - 2015-12-16 19:15 - 00013151 _____ C:\Users\user\Downloads\[kat.cr]the.last.man.on.earth.s02e06.hdtv.x264.fleet.rartv.torrent
2015-12-16 19:09 - 2015-12-16 19:09 - 00002386 _____ C:\Users\user\Downloads\[kat.cr]the.last.man.on.earth.s02e05.hdtv.x264.w4f.ettv.torrent
2015-12-15 15:31 - 2015-12-15 15:31 - 00007809 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e10.hdtv.x264.2hd.eztv.torrent
2015-12-15 15:31 - 2015-12-15 15:31 - 00007269 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e11.hdtv.x264.2hd.eztv.torrent
2015-12-15 15:30 - 2015-12-15 15:30 - 00009289 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e08.hdtv.x264.2hd.eztv.torrent
2015-12-15 15:30 - 2015-12-15 15:30 - 00006913 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e09.hdtv.x264.2hd.eztv.torrent
2015-12-14 21:45 - 2015-12-14 21:45 - 00009056 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e07.hdtv.x264.crooks.eztv.torrent
2015-12-14 21:43 - 2015-12-14 21:43 - 00008232 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e06.hdtv.x264.crooks.eztv.torrent
2015-12-14 21:43 - 2015-12-14 21:43 - 00007373 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e05.hdtv.x264.killers.eztv.torrent
2015-12-14 21:36 - 2015-12-14 21:36 - 00030325 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e12.hdtv.x264.lol.ettv.torrent
2015-12-14 21:35 - 2015-12-14 21:35 - 00030799 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e11.hdtv.x264.lol.ettv.torrent
2015-12-11 22:12 - 2015-12-11 22:12 - 00015223 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e07.x264.mp4.torrent
2015-12-11 22:11 - 2015-12-11 22:11 - 00014285 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e06.x264.mp4.torrent
2015-12-10 22:03 - 2015-12-10 22:03 - 00017360 _____ C:\Users\user\Downloads\[kat.cr]hot.tub.time.machine.2.2015.1080p.brrip.x264.yify.torrent
2015-12-10 21:43 - 2015-12-10 21:43 - 00026750 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e05.ratlines.hdtv.x264.d0nk.torrent
2015-12-10 21:42 - 2015-12-10 21:42 - 00027905 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e04.the.tunnel.hdtv.x264.d0nk.torrent
2015-12-08 09:43 - 2015-12-08 09:43 - 00029999 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e10.hdtv.x264.lol.ettv.torrent
2015-12-08 09:43 - 2015-12-08 09:43 - 00029325 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e09.hdtv.x264.lol.ettv.torrent
2015-12-07 20:32 - 2015-12-07 20:32 - 00030765 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e08.hdtv.x264.lol.ettv.torrent
2015-12-07 20:32 - 2015-12-07 20:32 - 00026965 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e07.hdtv.x264.lol.ettv.torrent
2015-12-07 20:31 - 2015-12-07 20:31 - 00016009 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e06.hdtv.x264.lol.eztv.torrent
2015-12-05 10:45 - 2015-12-15 09:01 - 00001103 _____ C:\Users\user\Desktop\RaidCall.lnk
2015-12-05 10:45 - 2015-12-05 10:45 - 00001127 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2015-12-05 10:43 - 2015-12-05 10:44 - 06046176 _____ C:\Users\user\Downloads\raidcall_v8.1.8 (3).exe
2015-12-04 23:24 - 2015-12-04 23:24 - 00030399 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e04.hdtv.x264.lol.ettv.torrent
2015-12-04 23:24 - 2015-12-04 23:24 - 00028739 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e05.hdtv.x264.lol.ettv.torrent
2015-12-04 23:23 - 2015-12-04 23:23 - 00032419 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e03.hdtv.x264.lol.ettv.torrent
2015-12-04 23:22 - 2015-12-04 23:22 - 00016696 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e02.hdtv.x264.lol.eztv.torrent
2015-12-04 23:20 - 2015-12-04 23:20 - 00048407 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e01.hdtv.x264.killers.ettv.torrent
2015-12-03 13:05 - 2015-12-03 13:05 - 00008192 _____ C:\Windows\system32\config\userdiff
2015-12-03 12:05 - 2015-12-03 12:05 - 06046176 _____ C:\Users\user\Downloads\raidcall_v8.1.8 (2).exe
2015-12-03 12:02 - 2015-12-03 12:04 - 06046176 _____ C:\Users\user\Downloads\raidcall_v8.1.8 (1).exe
2015-12-03 02:00 - 2015-12-03 10:48 - 00010449 _____ C:\Windows\diagerr.xml
2015-12-03 02:00 - 2015-12-03 10:48 - 00009528 _____ C:\Windows\diagwrn.xml
2015-12-01 19:26 - 2015-12-01 19:26 - 00003897 _____ C:\Users\user\Downloads\[kat.cr]the.martian.2015.hd.ts.xvid.ac3.hq.hive.cm8.torrent
2015-12-01 11:53 - 2015-12-01 11:53 - 00015152 _____ C:\Users\user\Downloads\[kat.cr]the.hunger.games.mockingjay.part.1.2014.720p.bluray.x264.torrent
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-26 22:09 - 2013-03-09 08:40 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2015-12-26 22:05 - 2007-07-11 21:48 - 00000000 ____D C:\Windows
2015-12-26 21:56 - 2015-09-29 12:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-26 21:32 - 2013-04-19 17:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-26 21:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
2015-12-26 21:03 - 2009-07-14 00:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-26 21:03 - 2009-07-14 00:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-26 20:12 - 2013-03-10 20:56 - 00000000 ____D C:\Users\user\Downloads\flix
2015-12-26 19:49 - 2013-02-27 19:02 - 00000000 ____D C:\Users\user\AppData\Local\Deployment
2015-12-26 15:04 - 2015-09-29 12:49 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-26 13:26 - 2015-10-12 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-12-26 13:26 - 2015-10-10 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurakingdom.to Private
2015-12-26 13:26 - 2015-09-29 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-26 13:26 - 2015-07-12 09:45 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2015-12-26 13:26 - 2015-07-10 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-12-26 13:26 - 2015-02-03 15:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-26 13:26 - 2015-02-03 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-26 13:26 - 2015-01-17 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-12-26 13:26 - 2015-01-17 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oovee
2015-12-26 13:26 - 2014-10-26 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-26 13:26 - 2014-09-17 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-26 13:26 - 2014-08-23 08:50 - 00000000 ____D C:\Windows\SysWOW64\new_gamedata
2015-12-26 13:26 - 2014-01-24 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-12-26 13:26 - 2013-03-29 15:21 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-12-26 13:26 - 2013-03-14 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-26 13:26 - 2013-02-28 08:24 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-12-26 13:26 - 2013-02-27 16:22 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-12-26 13:26 - 2013-02-27 14:32 - 00000000 ____D C:\Windows\system32\appmgmt
2015-12-26 13:26 - 2013-02-27 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
2015-12-26 13:26 - 2012-02-02 04:25 - 00000000 ____D C:\Windows\system32\driver
2015-12-26 13:26 - 2012-02-01 13:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-26 13:26 - 2011-06-30 11:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-12-26 13:26 - 2011-06-30 11:04 - 00000000 ____D C:\Windows\fr
2015-12-26 13:26 - 2011-06-30 11:04 - 00000000 ____D C:\Windows\en
2015-12-26 13:26 - 2011-06-30 10:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-12-26 13:26 - 2011-06-30 10:59 - 00000000 ____D C:\Program Files (x86)\Acer
2015-12-26 13:26 - 2011-06-30 10:42 - 00000000 ____D C:\Program Files (x86)\Intel
2015-12-26 13:26 - 2010-11-21 03:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-26 13:26 - 2009-07-14 01:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-12-26 13:26 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Resources
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-26 11:02 - 2015-10-10 08:37 - 00000000 ____D C:\Program Files (x86)\Aurakingdom.to Private
2015-12-26 10:57 - 2013-02-27 14:41 - 00000000 ____D C:\ProgramData\MFAData
2015-12-26 10:47 - 2015-11-09 13:16 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2015-12-26 10:46 - 2015-09-29 12:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-26 10:46 - 2015-07-09 18:04 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-26 10:46 - 2014-09-09 20:52 - 00000095 _____ C:\Users\user\.accessibility.properties
2015-12-26 10:46 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-26 09:48 - 2014-02-26 03:03 - 00776886 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-26 09:48 - 2009-07-14 01:13 - 00776886 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-26 09:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2015-12-26 09:40 - 2015-02-10 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-26 09:36 - 2015-10-30 05:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-26 09:35 - 2015-07-12 09:49 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-26 02:00 - 2013-02-27 15:52 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2015-12-24 14:21 - 2014-04-30 06:39 - 00000000 ____D C:\Users\user\Desktop\IndiFilms
2015-12-22 13:47 - 2013-07-08 16:57 - 00000000 ____D C:\Users\user\Desktop\air pics
2015-12-21 22:08 - 2015-02-10 21:53 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-20 18:29 - 2013-02-27 14:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2015-12-19 23:21 - 2014-09-16 09:21 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-19 23:17 - 2011-06-30 11:08 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-19 22:28 - 2014-09-21 09:02 - 00000000 ____D C:\Users\user\Documents\Adobe
2015-12-19 22:25 - 2014-11-19 14:16 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-19 22:22 - 2011-06-30 11:09 - 00000000 ____D C:\ProgramData\Adobe
2015-12-19 20:33 - 2014-08-31 14:30 - 00000000 ____D C:\Users\user\.gimp-2.8
2015-12-14 21:27 - 2013-03-14 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-14 21:27 - 2013-03-14 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 15:25 - 2013-02-27 15:14 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 10:56 - 2015-10-25 13:02 - 00001924 _____ C:\Users\user\Desktop\RCGamebox.lnk
2015-12-05 10:47 - 2015-10-24 10:49 - 00000000 ____D C:\Program Files (x86)\RaidCall.RU
2015-12-03 10:57 - 2015-10-10 20:20 - 00000857 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall RaidCall.lnk
2015-12-03 10:56 - 2013-02-27 14:15 - 00000000 ___RD C:\Users\user\Virtual Machines
2015-12-03 10:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-12-03 10:47 - 2015-09-29 12:45 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 10:47 - 2015-09-29 12:45 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 10:47 - 2015-08-15 09:23 - 00003814 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2015-12-03 10:47 - 2015-07-12 09:44 - 00003436 _____ C:\Windows\System32\Tasks\{DF1CD0DB-035F-4F96-A4A0-7A63C183EB18}
2015-12-03 10:47 - 2015-07-08 17:39 - 00003156 _____ C:\Windows\System32\Tasks\{D66ED892-A8FE-4BE3-B992-0DF46F4B247F}
2015-12-03 10:47 - 2015-06-12 13:53 - 00003996 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-03 10:47 - 2015-02-05 08:43 - 00003320 _____ C:\Windows\System32\Tasks\{E0E74EA3-0D0F-48E4-A6C9-EA4384E8FD92}
2015-12-03 10:47 - 2014-09-17 10:52 - 00003246 _____ C:\Windows\System32\Tasks\{B109EB6D-04EF-4326-A10A-18949F3DF1E2}
2015-12-03 10:47 - 2014-09-06 21:08 - 00003156 _____ C:\Windows\System32\Tasks\{BF2EFA52-F3B3-4F91-9F75-F708B17224C9}
2015-12-03 10:47 - 2013-04-19 17:54 - 00003878 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-03 09:34 - 2015-10-24 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2015-12-03 02:07 - 2015-08-27 01:20 - 00000000 ____D C:\Windows\Panther
2015-12-02 09:28 - 2015-10-06 07:51 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2015-12-02 09:28 - 2014-10-26 15:56 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-02 09:27 - 2014-10-26 15:56 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-12-02 05:03 - 2015-10-29 18:05 - 00000940 _____ C:\Users\Public\Desktop\AVG Protection.lnk
==================== Files in the root of some directories =======
2014-09-16 09:29 - 2014-09-16 09:49 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-04-30 09:40 - 2014-05-24 11:33 - 0006656 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-14 12:29 - 2014-09-14 12:29 - 0006998 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2013-03-29 14:24 - 2013-03-29 14:24 - 0007601 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\avg-40332d53-bc7a-4f63-ba36-6701ecab9578.exe
C:\Users\user\AppData\Local\Temp\avguirn_081836334675.exe
C:\Users\user\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\user\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\user\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\user\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\user\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\user\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\user\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\user\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\user\AppData\Local\Temp\ytb.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-02 18:42
==================== End of FRST.txt ============================
Ran by user (administrator) on USER-PC (26-12-2015 22:07:49)
Running from C:\Users\user\Downloads
Loaded Profiles: user & (Available Profiles: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Acer Incorporated) C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [AutoLockProcess] => C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe [456080 2010-09-16] (Acer Inc.)
HKLM\...\Run: [Acer PowerSaver] => C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe [536576 2009-04-17] (Acer Incorporated)
HKLM\...\Run: [Acer SmartBoot] => C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe [448000 2009-05-12] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-02-01] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RaidCall] => C:\Program Files (x86)\RaidCall.RU\raidcall.exe [5127832 2015-11-06] (RAIDCALL.COM)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3945883201-336551496-2958160573-1000\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-03] (BitTorrent Inc.)
HKU\S-1-5-21-3945883201-336551496-2958160573-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-03] (BitTorrent Inc.)
HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3945883201-336551496-2958160573-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\S-1-5-21-3945883201-336551496-2958160573-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [456224 2010-07-29] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-07-12] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
Tcpip\..\Interfaces\{04327659-C96B-4FF8-A007-36838D9D58E9}: [DhcpNameServer] 192.168.2.1 142.166.166.166
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3945883201-336551496-2958160573-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3945883201-336551496-2958160573-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/?gws_rd=ssl
HKU\S-1-5-21-3945883201-336551496-2958160573-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/?gws_rd=ssl
HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3945883201-336551496-2958160573-1000 -> {2368BE58-9390-435F-B51C-07E2426E6FD7} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2368BE58-9390-435F-B51C-07E2426E6FD7} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3945883201-336551496-2958160573-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-02] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-02] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3945883201-336551496-2958160573-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3945883201-336551496-2958160573-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\user\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://uk.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASLSvc; C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe [502784 2009-05-12] (Acer Incorporated) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 eLockService; C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe [30080 2010-09-16] (Acer Inc.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-02-17] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 eLock2BurnerLockDriver; C:\Windows\System32\DRIVERS\eLock2BurnerLockDriver.sys [16416 2010-08-05] (Windows (R) Win 7 DDK provider)
R2 eLock2FSCTLDriver; C:\Windows\System32\DRIVERS\eLock2FSCTLDriver.sys [100384 2008-03-11] (Acer, Inc.)
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2014-10-16] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-26] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-26 22:07 - 2015-12-26 22:09 - 00017911 _____ C:\Users\user\Downloads\FRST.txt
2015-12-26 22:07 - 2015-12-26 22:07 - 02370560 _____ (Farbar) C:\Users\user\Downloads\FRST64 (1).exe
2015-12-26 22:04 - 2015-12-26 22:07 - 00000000 ____D C:\FRST
2015-12-26 22:04 - 2015-12-26 22:04 - 02370560 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-12-26 21:34 - 2015-12-26 21:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-26 21:34 - 2015-12-26 21:34 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-26 21:34 - 2015-12-26 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-26 21:34 - 2015-12-26 21:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-26 21:34 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-26 21:34 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-26 21:34 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-26 21:28 - 2015-12-26 21:31 - 22908888 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-26 19:59 - 2015-12-26 19:59 - 00035972 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e07.friends.in.high.places.internal.hdtv.x264.d0nk.sparrow.torrent
2015-12-26 19:59 - 2015-12-26 19:59 - 00029414 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e08.hitlers.plane.hdtv.x264.d0nk.sparrow.torrent
2015-12-26 19:57 - 2015-12-26 19:57 - 00023846 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e06.hitlers.safehouse.hdtv.x264.d0nk.torrent
2015-12-26 09:19 - 2015-12-26 09:19 - 00000000 ____D C:\$SysReset
2015-12-21 21:53 - 2015-12-21 21:55 - 22859232 _____ (Splashtop Inc.) C:\Users\user\Downloads\Splashtop_Streamer_WIN_v3.0.2.1.EXE
2015-12-21 21:03 - 2015-12-21 21:03 - 01013600 _____ (Remote Mouse ) C:\Users\user\Downloads\RemoteMouse.exe
2015-12-21 19:53 - 2015-12-21 19:54 - 01525760 _____ C:\Users\user\Downloads\sbt-0.13.9.2 (2).msi
2015-12-21 19:53 - 2015-12-21 19:53 - 01525760 _____ C:\Users\user\Downloads\sbt-0.13.9.2 (1).msi
2015-12-21 19:27 - 2015-12-21 19:48 - 247237112 _____ C:\Users\user\Downloads\ideaIC-15.0.2.exe
2015-12-21 19:23 - 2015-12-21 19:23 - 01525760 _____ C:\Users\user\Downloads\sbt-0.13.9.2.msi
2015-12-21 19:12 - 2015-12-21 19:12 - 01785560 _____ C:\Users\user\Downloads\SPenDigitizer.apk
2015-12-21 18:48 - 2015-12-21 18:49 - 00160768 _____ C:\Users\user\Downloads\SPenClient.exe
2015-12-19 21:10 - 2015-12-19 21:10 - 00001290 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-12-19 20:49 - 2015-12-19 20:50 - 00689328 _____ (Adobe Systems Incorporated) C:\Users\user\Downloads\CreativeCloudSet-Up.exe
2015-12-19 18:14 - 2015-12-19 18:23 - 96819488 _____ (The GIMP Team ) C:\Users\user\Downloads\gimp-2.8.16-setup.exe
2015-12-16 20:10 - 2015-12-16 20:10 - 00002326 _____ C:\Users\user\Downloads\[kat.cr]the.last.man.on.earth.s02e10.hdtv.x264.killers.ettv.torrent
2015-12-16 20:08 - 2015-12-16 20:08 - 00002459 _____ C:\Users\user\Downloads\[kat.cr]the.last.man.on.earth.s02e09.hdtv.x264.killers.ettv.torrent
2015-12-16 20:07 - 2015-12-16 20:07 - 00013150 _____ C:\Users\user\Downloads\[kat.cr]the.last.man.on.earth.s02e08.hdtv.x264.fleet.rartv.torrent
2015-12-16 19:16 - 2015-12-16 19:16 - 00002408 _____ C:\Users\user\Downloads\[kat.cr]the.last.man.on.earth.s02e07.hdtv.x264.killers.ettv.torrent
2015-12-16 19:15 - 2015-12-16 19:15 - 00013151 _____ C:\Users\user\Downloads\[kat.cr]the.last.man.on.earth.s02e06.hdtv.x264.fleet.rartv.torrent
2015-12-16 19:09 - 2015-12-16 19:09 - 00002386 _____ C:\Users\user\Downloads\[kat.cr]the.last.man.on.earth.s02e05.hdtv.x264.w4f.ettv.torrent
2015-12-15 15:31 - 2015-12-15 15:31 - 00007809 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e10.hdtv.x264.2hd.eztv.torrent
2015-12-15 15:31 - 2015-12-15 15:31 - 00007269 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e11.hdtv.x264.2hd.eztv.torrent
2015-12-15 15:30 - 2015-12-15 15:30 - 00009289 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e08.hdtv.x264.2hd.eztv.torrent
2015-12-15 15:30 - 2015-12-15 15:30 - 00006913 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e09.hdtv.x264.2hd.eztv.torrent
2015-12-14 21:45 - 2015-12-14 21:45 - 00009056 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e07.hdtv.x264.crooks.eztv.torrent
2015-12-14 21:43 - 2015-12-14 21:43 - 00008232 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e06.hdtv.x264.crooks.eztv.torrent
2015-12-14 21:43 - 2015-12-14 21:43 - 00007373 _____ C:\Users\user\Downloads\[kat.cr]schitts.creek.s01e05.hdtv.x264.killers.eztv.torrent
2015-12-14 21:36 - 2015-12-14 21:36 - 00030325 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e12.hdtv.x264.lol.ettv.torrent
2015-12-14 21:35 - 2015-12-14 21:35 - 00030799 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e11.hdtv.x264.lol.ettv.torrent
2015-12-11 22:12 - 2015-12-11 22:12 - 00015223 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e07.x264.mp4.torrent
2015-12-11 22:11 - 2015-12-11 22:11 - 00014285 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e06.x264.mp4.torrent
2015-12-10 22:03 - 2015-12-10 22:03 - 00017360 _____ C:\Users\user\Downloads\[kat.cr]hot.tub.time.machine.2.2015.1080p.brrip.x264.yify.torrent
2015-12-10 21:43 - 2015-12-10 21:43 - 00026750 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e05.ratlines.hdtv.x264.d0nk.torrent
2015-12-10 21:42 - 2015-12-10 21:42 - 00027905 _____ C:\Users\user\Downloads\[kat.cr]hunting.hitler.s01e04.the.tunnel.hdtv.x264.d0nk.torrent
2015-12-08 09:43 - 2015-12-08 09:43 - 00029999 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e10.hdtv.x264.lol.ettv.torrent
2015-12-08 09:43 - 2015-12-08 09:43 - 00029325 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e09.hdtv.x264.lol.ettv.torrent
2015-12-07 20:32 - 2015-12-07 20:32 - 00030765 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e08.hdtv.x264.lol.ettv.torrent
2015-12-07 20:32 - 2015-12-07 20:32 - 00026965 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e07.hdtv.x264.lol.ettv.torrent
2015-12-07 20:31 - 2015-12-07 20:31 - 00016009 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e06.hdtv.x264.lol.eztv.torrent
2015-12-05 10:45 - 2015-12-15 09:01 - 00001103 _____ C:\Users\user\Desktop\RaidCall.lnk
2015-12-05 10:45 - 2015-12-05 10:45 - 00001127 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2015-12-05 10:43 - 2015-12-05 10:44 - 06046176 _____ C:\Users\user\Downloads\raidcall_v8.1.8 (3).exe
2015-12-04 23:24 - 2015-12-04 23:24 - 00030399 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e04.hdtv.x264.lol.ettv.torrent
2015-12-04 23:24 - 2015-12-04 23:24 - 00028739 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e05.hdtv.x264.lol.ettv.torrent
2015-12-04 23:23 - 2015-12-04 23:23 - 00032419 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e03.hdtv.x264.lol.ettv.torrent
2015-12-04 23:22 - 2015-12-04 23:22 - 00016696 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e02.hdtv.x264.lol.eztv.torrent
2015-12-04 23:20 - 2015-12-04 23:20 - 00048407 _____ C:\Users\user\Downloads\[kat.cr]shameless.us.s05e01.hdtv.x264.killers.ettv.torrent
2015-12-03 13:05 - 2015-12-03 13:05 - 00008192 _____ C:\Windows\system32\config\userdiff
2015-12-03 12:05 - 2015-12-03 12:05 - 06046176 _____ C:\Users\user\Downloads\raidcall_v8.1.8 (2).exe
2015-12-03 12:02 - 2015-12-03 12:04 - 06046176 _____ C:\Users\user\Downloads\raidcall_v8.1.8 (1).exe
2015-12-03 02:00 - 2015-12-03 10:48 - 00010449 _____ C:\Windows\diagerr.xml
2015-12-03 02:00 - 2015-12-03 10:48 - 00009528 _____ C:\Windows\diagwrn.xml
2015-12-01 19:26 - 2015-12-01 19:26 - 00003897 _____ C:\Users\user\Downloads\[kat.cr]the.martian.2015.hd.ts.xvid.ac3.hq.hive.cm8.torrent
2015-12-01 11:53 - 2015-12-01 11:53 - 00015152 _____ C:\Users\user\Downloads\[kat.cr]the.hunger.games.mockingjay.part.1.2014.720p.bluray.x264.torrent
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-26 22:09 - 2013-03-09 08:40 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2015-12-26 22:05 - 2007-07-11 21:48 - 00000000 ____D C:\Windows
2015-12-26 21:56 - 2015-09-29 12:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-26 21:32 - 2013-04-19 17:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-26 21:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
2015-12-26 21:03 - 2009-07-14 00:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-26 21:03 - 2009-07-14 00:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-26 20:12 - 2013-03-10 20:56 - 00000000 ____D C:\Users\user\Downloads\flix
2015-12-26 19:49 - 2013-02-27 19:02 - 00000000 ____D C:\Users\user\AppData\Local\Deployment
2015-12-26 15:04 - 2015-09-29 12:49 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-26 13:26 - 2015-10-12 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-12-26 13:26 - 2015-10-10 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurakingdom.to Private
2015-12-26 13:26 - 2015-09-29 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-26 13:26 - 2015-07-12 09:45 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2015-12-26 13:26 - 2015-07-10 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-12-26 13:26 - 2015-02-03 15:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-26 13:26 - 2015-02-03 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-26 13:26 - 2015-01-17 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-12-26 13:26 - 2015-01-17 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oovee
2015-12-26 13:26 - 2014-10-26 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-26 13:26 - 2014-09-17 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-26 13:26 - 2014-08-23 08:50 - 00000000 ____D C:\Windows\SysWOW64\new_gamedata
2015-12-26 13:26 - 2014-01-24 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-12-26 13:26 - 2013-03-29 15:21 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-12-26 13:26 - 2013-03-14 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-26 13:26 - 2013-02-28 08:24 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-12-26 13:26 - 2013-02-27 16:22 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-12-26 13:26 - 2013-02-27 14:32 - 00000000 ____D C:\Windows\system32\appmgmt
2015-12-26 13:26 - 2013-02-27 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
2015-12-26 13:26 - 2012-02-02 04:25 - 00000000 ____D C:\Windows\system32\driver
2015-12-26 13:26 - 2012-02-01 13:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-26 13:26 - 2011-06-30 11:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-12-26 13:26 - 2011-06-30 11:04 - 00000000 ____D C:\Windows\fr
2015-12-26 13:26 - 2011-06-30 11:04 - 00000000 ____D C:\Windows\en
2015-12-26 13:26 - 2011-06-30 10:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-12-26 13:26 - 2011-06-30 10:59 - 00000000 ____D C:\Program Files (x86)\Acer
2015-12-26 13:26 - 2011-06-30 10:42 - 00000000 ____D C:\Program Files (x86)\Intel
2015-12-26 13:26 - 2010-11-21 03:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-26 13:26 - 2009-07-14 01:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-12-26 13:26 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Resources
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME
2015-12-26 13:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-26 11:02 - 2015-10-10 08:37 - 00000000 ____D C:\Program Files (x86)\Aurakingdom.to Private
2015-12-26 10:57 - 2013-02-27 14:41 - 00000000 ____D C:\ProgramData\MFAData
2015-12-26 10:47 - 2015-11-09 13:16 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2015-12-26 10:46 - 2015-09-29 12:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-26 10:46 - 2015-07-09 18:04 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-26 10:46 - 2014-09-09 20:52 - 00000095 _____ C:\Users\user\.accessibility.properties
2015-12-26 10:46 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-26 09:48 - 2014-02-26 03:03 - 00776886 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-26 09:48 - 2009-07-14 01:13 - 00776886 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-26 09:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2015-12-26 09:40 - 2015-02-10 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-26 09:36 - 2015-10-30 05:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-26 09:35 - 2015-07-12 09:49 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-26 02:00 - 2013-02-27 15:52 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2015-12-24 14:21 - 2014-04-30 06:39 - 00000000 ____D C:\Users\user\Desktop\IndiFilms
2015-12-22 13:47 - 2013-07-08 16:57 - 00000000 ____D C:\Users\user\Desktop\air pics
2015-12-21 22:08 - 2015-02-10 21:53 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-20 18:29 - 2013-02-27 14:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2015-12-19 23:21 - 2014-09-16 09:21 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-19 23:17 - 2011-06-30 11:08 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-19 22:28 - 2014-09-21 09:02 - 00000000 ____D C:\Users\user\Documents\Adobe
2015-12-19 22:25 - 2014-11-19 14:16 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-19 22:22 - 2011-06-30 11:09 - 00000000 ____D C:\ProgramData\Adobe
2015-12-19 20:33 - 2014-08-31 14:30 - 00000000 ____D C:\Users\user\.gimp-2.8
2015-12-14 21:27 - 2013-03-14 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-14 21:27 - 2013-03-14 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 15:25 - 2013-02-27 15:14 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 10:56 - 2015-10-25 13:02 - 00001924 _____ C:\Users\user\Desktop\RCGamebox.lnk
2015-12-05 10:47 - 2015-10-24 10:49 - 00000000 ____D C:\Program Files (x86)\RaidCall.RU
2015-12-03 10:57 - 2015-10-10 20:20 - 00000857 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall RaidCall.lnk
2015-12-03 10:56 - 2013-02-27 14:15 - 00000000 ___RD C:\Users\user\Virtual Machines
2015-12-03 10:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-12-03 10:47 - 2015-09-29 12:45 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 10:47 - 2015-09-29 12:45 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 10:47 - 2015-08-15 09:23 - 00003814 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2015-12-03 10:47 - 2015-07-12 09:44 - 00003436 _____ C:\Windows\System32\Tasks\{DF1CD0DB-035F-4F96-A4A0-7A63C183EB18}
2015-12-03 10:47 - 2015-07-08 17:39 - 00003156 _____ C:\Windows\System32\Tasks\{D66ED892-A8FE-4BE3-B992-0DF46F4B247F}
2015-12-03 10:47 - 2015-06-12 13:53 - 00003996 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-03 10:47 - 2015-02-05 08:43 - 00003320 _____ C:\Windows\System32\Tasks\{E0E74EA3-0D0F-48E4-A6C9-EA4384E8FD92}
2015-12-03 10:47 - 2014-09-17 10:52 - 00003246 _____ C:\Windows\System32\Tasks\{B109EB6D-04EF-4326-A10A-18949F3DF1E2}
2015-12-03 10:47 - 2014-09-06 21:08 - 00003156 _____ C:\Windows\System32\Tasks\{BF2EFA52-F3B3-4F91-9F75-F708B17224C9}
2015-12-03 10:47 - 2013-04-19 17:54 - 00003878 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-03 09:34 - 2015-10-24 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2015-12-03 02:07 - 2015-08-27 01:20 - 00000000 ____D C:\Windows\Panther
2015-12-02 09:28 - 2015-10-06 07:51 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2015-12-02 09:28 - 2014-10-26 15:56 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-02 09:27 - 2014-10-26 15:56 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-12-02 05:03 - 2015-10-29 18:05 - 00000940 _____ C:\Users\Public\Desktop\AVG Protection.lnk
==================== Files in the root of some directories =======
2014-09-16 09:29 - 2014-09-16 09:49 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-04-30 09:40 - 2014-05-24 11:33 - 0006656 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-14 12:29 - 2014-09-14 12:29 - 0006998 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2013-03-29 14:24 - 2013-03-29 14:24 - 0007601 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\avg-40332d53-bc7a-4f63-ba36-6701ecab9578.exe
C:\Users\user\AppData\Local\Temp\avguirn_081836334675.exe
C:\Users\user\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\user\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\user\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\user\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\user\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\user\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\user\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\user\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\user\AppData\Local\Temp\ytb.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-02 18:42
==================== End of FRST.txt ============================