Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Too much time to shut down and power on
Message
<blockquote data-quote="NullPointerException" data-source="post: 382902" data-attributes="member: 27076"><p>I really doubt I was RATed or so. Or that BibleGateway had an exploit in it. But still here's the log.</p><p></p><p>(I DID find a strange cryptography string in registry but I deleted it with no results.)</p><p>[SPOILER="Additional.txt"]</p><p>Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015</p><p>Ran by Shade at 2015-05-10 16:47:28</p><p>Running from C:\Users\Shade\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>102 (S-1-5-21-3171145056-229118582-1774830325-1008 - Limited - Enabled) => C:\Users\102 // An account I created.</p><p>Administrator (S-1-5-21-3171145056-229118582-1774830325-500 - Administrator - Disabled)</p><p>Guest (S-1-5-21-3171145056-229118582-1774830325-501 - Limited - Disabled) => C:\Users\Guest</p><p>HomeGroupUser$ (S-1-5-21-3171145056-229118582-1774830325-1003 - Limited - Enabled)</p><p>newadmin (S-1-5-21-3171145056-229118582-1774830325-1011 - Limited - Enabled) => C:\Users\newadmin // note, it's an account I created.</p><p>Shade (S-1-5-21-3171145056-229118582-1774830325-1010 - Administrator - Enabled) => C:\Users\Shade</p><p>UpdatusUser (S-1-5-21-3171145056-229118582-1774830325-1004 - Limited - Enabled) => C:\Users\UpdatusUser</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}</p><p>AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}</p><p>FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>"Minimal SYStem 1.0.10" (HKLM\...\MSYS-1.0_is1) (Version: 1.0.10 - MinGW)</p><p>µTorrent (HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)</p><p>7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )</p><p>Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)</p><p>Apache Tomcat 8.0.15 (HKLM\...\nbi-tomcat-8.0.15.0.0) (Version: - )</p><p>Auslogics Disk Defrag Professional (HKLM\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.4.3.0 - Auslogics Software Pty Ltd)</p><p>BitTorrent (HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)</p><p>BOSS (HKLM\...\BOSS) (Version: 2.1.1 - BOSS Development Team)</p><p>Build Tools - x86 (Version: 12.0.31101 - Microsoft Corporation) Hidden</p><p>Build Tools Language Resources - x86 (Version: 12.0.31101 - Microsoft Corporation) Hidden</p><p>CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)</p><p>CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)</p><p>Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)</p><p>EPUB File Reader (HKLM\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )</p><p>ESET Smart Security (HKLM\...\{9EBF258F-F8BC-4FC2-8F9F-07D55B2157C5}) (Version: 8.0.304.0 - ESET, spol s r. o.)</p><p>Fallout (HKLM\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)</p><p>Fallout 2 (HKLM\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.10 - GOG.com)</p><p>Fallout 3 Game of the Year Edition - DLCs (HKLM\...\{12CFDA5C-BDB9-460D-9E0D-F7879D9E2351}}_is1) (Version: - Bethesda Softworks)</p><p>Fallout 3 Game of the Year Edition (HKLM\...\{552F1CCF-1364-424C-85F7-46D4D006BB69}}_is1) (Version: - Bethesda Softworks)</p><p>Fallout Mod Manager 0.13.21 (HKLM\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)</p><p>Fallout New Vegas (HKLM\...\Fallout New Vegas_is1) (Version: - )</p><p>Fiddler (HKLM\...\Fiddler2) (Version: 4.4.8.0 - Telerik)</p><p>Five Nights at Freddy's (HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\Five Nights at Freddy's) (Version: - )</p><p>GetGo Download Manager (HKLM\...\GetGoSoft_GetGoDM) (Version: 5.1.0.2224 - GetGo Software Ltd.)</p><p>GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)</p><p>GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0) (Version: - )</p><p>Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)</p><p>Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden</p><p>Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden</p><p>HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)</p><p>HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)</p><p>IDA Demo v6.6 (HKLM\...\IDA Demo_is1) (Version: - Hex-Rays SA)</p><p>Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) // I know it's out of date and all...</p><p>Java 8 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation)</p><p>Java SE Development Kit 8 Update 11 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)</p><p>KC Softwares KCleaner (HKLM\...\KC Softwares KCleaner_is1) (Version: - KC Softwares)</p><p>KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )</p><p>KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )</p><p>LastPass (uninstall only) (HKLM\...\LastPass) (Version: - LastPass)</p><p>LOOT (HKLM\...\LOOT) (Version: 0.6.1 - LOOT Development Team)</p><p>Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )</p><p>MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )</p><p>Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)</p><p>Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)</p><p>Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)</p><p>Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)</p><p>Microsoft Visual Studio Community 2013 with Update 4 (HKLM\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)</p><p>NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)</p><p>NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)</p><p>Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)</p><p>Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)</p><p>NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)</p><p>NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)</p><p>NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)</p><p>PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)</p><p>Python 3.4.0 (HKLM\...\{a37f2d73-72d1-364d-ba5d-cea430bcc040}) (Version: 3.4.150 - Python Software Foundation)</p><p>PythonScript plugin for Notepad++ (HKLM\...\{5DCB60E0-AD70-4DEE-8E29-4475C3822101}) (Version: 1.0.2.0 - Dave Brotherstone)</p><p>Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)</p><p>Skyrim Performance Monitor (HKLM\...\{84AEB93A-ECBB-4568-8F59-D4516EF59079}) (Version: 3.66 - SirGarnon on Skyrim Nexus)</p><p>SlimDX Runtime .NET 2.0 (January 2012) (HKLM\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)</p><p>SlimPDF Reader 1.0 (HKLM\...\{7E1FEE27-F869-4D4B-8AA3-64C7FD99BD7C}_is1) (Version: 1.0 - Investintech.com Inc.)</p><p>Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)</p><p>Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)</p><p>SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)</p><p>System Requirements Lab CYRI (HKLM\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)</p><p>TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )</p><p>Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)</p><p>Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)</p><p>The Elder Scrolls III Morrowind GOTY version 0.0.0.9 (HKLM\...\The Elder Scrolls III Morrowind GOTY_is1) (Version: 0.0.0.9 -</p><p>VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)</p><p>WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)</p><p>Wrye Bash (HKLM\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-3171145056-229118582-1774830325-1010_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Shade\AppData\Local\Temp\FBD0.exe No File</p><p></p><p>==================== Restore Points =========================</p><p></p><p>03-03-2015 01:27:00 Scheduled Checkpoint</p><p>13-03-2015 00:13:49 Scheduled Checkpoint</p><p>22-03-2015 13:24:23 Scheduled Checkpoint</p><p>04-04-2015 13:58:13 Windows Modules Installer</p><p>06-04-2015 16:23:58 Installed Cepstral David 6.2.3</p><p>12-04-2015 15:26:19 Removed Cepstral David 6.2.3</p><p>16-04-2015 01:29:12 Windows Update</p><p>09-05-2015 01:51:44 Latest update</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2012-07-26 09:47 - 2014-10-30 20:26 - 00000762 ____A C:\WINDOWS\system32\Drivers\etc\hosts</p><p>127.0.0.1 localhost</p><p>::1 localhost</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {0994A8BD-36B2-4E55-BF69-9953AE90EF0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)</p><p>Task: {2B37DD35-6A62-4CA8-B194-C63EC2BE6917} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)</p><p>Task: {2F94EC75-BFD1-42A1-BB83-75B9065F7AC2} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-8761-435E-9AAA-08063F7EB902} for Shade => D:\Disk Defrag Professional\DiskDefragPro.exe [2014-11-13] (Auslogics)</p><p>Task: {3D2775ED-46C4-4BAB-B88D-450230BB7DB7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation)</p><p>Task: {4CD43CFB-DBD6-40FC-9B27-8C8FFC7C3324} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe</p><p>Task: {74AE7DFC-B763-4918-8A68-F11924E1804C} - System32\Tasks\GoogleUpdateTaskMachineUA1d041d4114642d5 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)</p><p>Task: {7735AEB2-0ED4-41A7-B68F-6593233FD40C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-18] (Adobe Systems Incorporated)</p><p>Task: {914BA061-D948-4B3B-B037-134770298143} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-FD06-4FA3-B740-491EBD1F0DE5} for Shade => D:\Disk Defrag Professional\DiskDefragPro.exe [2014-11-13] (Auslogics)</p><p>Task: {9A128BFD-F83C-4929-8EA6-A4ABAABC388D} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-091D-489A-AF07-4211AF51C362} for Shade => D:\Disk Defrag Professional\DiskDefragPro.exe [2014-11-13] (Auslogics)</p><p>Task: {C9902214-0F35-4805-AD84-E70E394F6480} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)</p><p>Task: {CBAAA410-11DC-41F6-9280-9B556E98BD26} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-02-03] (@ByELDI)</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d041d4114642d5.job => C:\Program Files\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe6C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe</p><p></p><p>==================== Loaded Modules (whitelisted) ==============</p><p></p><p>2013-12-24 08:34 - 2013-10-23 12:49 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll</p><p>2015-04-25 00:15 - 2015-03-10 12:07 - 00775680 _____ () D:\Steam\SDL2.dll</p><p>2015-04-25 00:15 - 2014-12-02 05:59 - 05002752 _____ () D:\Steam\v8.dll</p><p>2015-04-25 00:15 - 2015-04-14 05:14 - 02371776 _____ () D:\Steam\video.dll</p><p>2015-04-25 00:15 - 2014-12-02 05:59 - 01612800 _____ () D:\Steam\icui18n.dll</p><p>2015-04-25 00:15 - 2014-12-02 05:59 - 01210368 _____ () D:\Steam\icuuc.dll</p><p>2015-04-25 00:15 - 2014-12-02 03:01 - 02396672 _____ () D:\Steam\libavcodec-56.dll</p><p>2015-04-25 00:15 - 2014-12-02 03:01 - 00479744 _____ () D:\Steam\libavformat-56.dll</p><p>2015-04-25 00:15 - 2014-12-02 03:01 - 00332800 _____ () D:\Steam\libavresample-2.dll</p><p>2015-04-25 00:15 - 2014-12-02 03:01 - 00442880 _____ () D:\Steam\libavutil-54.dll</p><p>2015-04-25 00:15 - 2014-12-02 03:01 - 00485888 _____ () D:\Steam\libswscale-3.dll</p><p>2015-04-25 00:16 - 2015-04-14 05:14 - 00702656 _____ () D:\Steam\bin\chromehtml.DLL</p><p>2015-04-25 00:16 - 2015-02-25 07:28 - 34641288 _____ () D:\Steam\bin\libcef.dll</p><p>2015-04-25 00:16 - 2015-02-25 07:28 - 01709960 _____ () D:\Steam\bin\ffmpegsumo.dll</p><p>2015-04-30 21:30 - 2015-04-28 07:37 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libglesv2.dll</p><p>2015-04-30 21:30 - 2015-04-28 07:37 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libegl.dll</p><p>2015-04-30 21:30 - 2015-04-28 07:37 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll</p><p>/* Nothing much interested below */</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" // I know little of this.</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"</p><p></p><p>==================== EXE Association (whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, the associated entry will be removed from the registry.)</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-3171145056-229118582-1774830325-1010\Control Panel\Desktop\\Wallpaper -> C:\Users\Shade\Documents\lulz-security.jpg /* nothing ; just an image.... */</p><p>DNS Servers: 8.8.8.8 - 8.8.4.4</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"</p><p>HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"</p><p>HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"</p><p>HKLM\...\StartupApproved\Run: => "Malwarebytes Anti-Exploit"</p><p>HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\StartupApproved\StartupFolder: => "MagicDisc.lnk"</p><p></p><p>==================== FirewallRules (whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe // I know very little Windows 8, what is this?</p><p>FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe // And this</p><p>FirewallRules: [{D1D44427-8759-4514-99B7-EC4BA6A33F87}] => (Allow) D:\Steam\Steam.exe</p><p>FirewallRules: [{99EB83FA-56E7-44F8-AE13-28D44B4CB4EF}] => (Allow) D:\Steam\Steam.exe</p><p>FirewallRules: [{4F53B02D-FE77-4534-B09F-515EAC82D793}] => (Allow) D:\Steam\bin\steamwebhelper.exe</p><p>FirewallRules: [{BF03A5BA-D4DF-49F7-A622-00DF3C7B5943}] => (Allow) D:\Steam\bin\steamwebhelper.exe</p><p>FirewallRules: [{445D1F3C-9152-4F83-B9F0-E2E641AB70CE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p></p><p>// THIS is interesting.I can't read this really.</p><p>Error: (05/10/2015 11:18:13 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )</p><p>Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)</p><p></p><p>Error: (05/09/2015 09:41:34 PM) (Source: ESENT) (EventID: 489) (User: )</p><p>Description: taskhostex (2388) An attempt to open the file "C:\Users\Shade\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).</p><p></p><p>Error: (05/09/2015 09:41:00 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )</p><p>Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)</p><p></p><p>Error: (05/09/2015 08:35:21 PM) (Source: ESENT) (EventID: 489) (User: )</p><p>Description: taskhostex (5048) An attempt to open the file "C:\Users\Shade\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).</p><p></p><p>Error: (05/09/2015 08:34:56 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )</p><p>Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)</p><p></p><p>Error: (05/09/2015 00:49:09 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )</p><p>Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)</p><p></p><p>Error: (05/07/2015 00:57:29 PM) (Source: Winlogon) (EventID: 4005) (User: )</p><p>Description: The Windows logon process has unexpectedly terminated.</p><p></p><p>Error: (05/05/2015 00:26:33 AM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program explorer.exe version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: 390</p><p></p><p>Start Time: 01d0869bbcd5c2d2</p><p></p><p>Termination Time: 41</p><p></p><p>Application Path: C:\Windows\explorer.exe</p><p></p><p>Report Id: 112b35d0-f28f-11e4-b138-002421e6a1ab</p><p></p><p>Faulting package full name: </p><p></p><p>Faulting package-relative application ID:</p><p></p><p>Error: (05/02/2015 09:28:47 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )</p><p>Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)</p><p></p><p>Error: (05/01/2015 05:47:49 PM) (Source: Winlogon) (EventID: 4005) (User: )</p><p>Description: The Windows logon process has unexpectedly terminated.</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (05/10/2015 00:37:20 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )</p><p>Description: 5</p><p></p><p>Error: (05/10/2015 00:26:43 PM) (Source: DCOM) (EventID: 10010) (User: Linux)</p><p>Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}</p><p></p><p>Error: (05/10/2015 00:24:31 PM) (Source: EventLog) (EventID: 6008) (User: )</p><p>Description: The previous system shutdown at 11:41:53 AM on 5/10/2015 was unexpected.</p><p></p><p>Error: (05/10/2015 11:17:57 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )</p><p>Description: 5</p><p></p><p>Error: (05/09/2015 10:23:50 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )</p><p>Description: 5</p><p></p><p>Error: (05/09/2015 09:40:39 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )</p><p>Description: 5</p><p></p><p>Error: (05/09/2015 08:35:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )</p><p>Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.</p><p></p><p>Error: (05/09/2015 02:28:21 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )</p><p>Description: 5</p><p></p><p>Error: (05/09/2015 01:19:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p>Error: (05/09/2015 01:19:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (05/10/2015 11:18:13 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )</p><p>Description: 0x8898008d</p><p></p><p>Error: (05/09/2015 09:41:34 PM) (Source: ESENT) (EventID: 489) (User: )</p><p>Description: taskhostex2388C:\Users\Shade\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.</p><p></p><p>Error: (05/09/2015 09:41:00 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )</p><p>Description: 0x8898008d</p><p></p><p>Error: (05/09/2015 08:35:21 PM) (Source: ESENT) (EventID: 489) (User: )</p><p>Description: taskhostex5048C:\Users\Shade\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.</p><p></p><p>Error: (05/09/2015 08:34:56 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )</p><p>Description: 0x8898008d</p><p></p><p>Error: (05/09/2015 00:49:09 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )</p><p>Description: 0x8898008d</p><p></p><p>Error: (05/07/2015 00:57:29 PM) (Source: Winlogon) (EventID: 4005) (User: )</p><p>Description: </p><p></p><p>Error: (05/05/2015 00:26:33 AM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: explorer.exe6.2.9200.1662839001d0869bbcd5c2d241C:\Windows\explorer.exe112b35d0-f28f-11e4-b138-002421e6a1ab</p><p></p><p>Error: (05/02/2015 09:28:47 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )</p><p>Description: 0x8898008d</p><p></p><p>Error: (05/01/2015 05:47:49 PM) (Source: Winlogon) (EventID: 4005) (User: )</p><p>Description: </p><p></p><p></p><p>CodeIntegrity Errors:</p><p>===================================</p><p> Date: 2014-12-01 11:31:39.792</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.</p><p></p><p> Date: 2014-12-01 11:31:39.605</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.</p><p></p><p> Date: 2014-12-01 11:31:39.277</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.</p><p></p><p> Date: 2014-12-01 11:31:35.112</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.</p><p></p><p> Date: 2014-12-01 11:31:34.441</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.</p><p></p><p> Date: 2014-12-01 11:31:30.339</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.</p><p></p><p> Date: 2014-12-01 11:31:28.685</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.</p><p></p><p> Date: 2014-11-29 12:01:14.600</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.</p><p></p><p> Date: 2014-11-29 12:01:13.693</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.</p><p></p><p> Date: 2014-11-29 12:01:08.439</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>// Not really relevant so removed.</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:97.66 GB) (Free:15.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]</p><p>==================== MBR & Partition Table ==================</p><p></p><p>[/SPOILER]</p><p>[SPOILER="FRST"]</p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015</p><p>Ran by Shade (administrator) on LINUX on 10-05-2015 16:54:37</p><p>Running from C:\Users\Shade\Downloads</p><p>Loaded Profiles: Shade (Available profiles: UpdatusUser & 102 & Shade & newadmin & Guest)</p><p>Platform: Microsoft Windows 8 Pro (X86) OS Language: English (United States)</p><p>Internet Explorer Version 10 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe</p><p>(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe</p><p>(Foxit Corporation) D:\Almost ALl Softwares\Foxit Reader\Foxit Cloud\FCUpdateService.exe</p><p>(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe</p><p>(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe</p><p>(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe</p><p>(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe</p><p>(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe</p><p>(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe</p><p>(Microsoft Corporation) C:\Windows\System32\LogonUI.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe</p><p>(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe</p><p>(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe</p><p>(Valve Corporation) D:\Steam\Steam.exe</p><p>(Valve Corporation) D:\Steam\bin\steamwebhelper.exe</p><p>(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe</p><p>(Valve Corporation) D:\Steam\bin\steamwebhelper.exe</p><p>(Krzysztof Kowalczyk) C:\Program Files\SumatraPDF\SumatraPDF.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2014-10-01] (ESET)</p><p>HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)</p><p>HKLM\...\Winlogon: [Shell] C:\Windows\explorer.exe, c:\windows\system32\explorer.exe [x ] ()</p><p>HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2124360 2014-01-14] (PeerBlock, LLC)</p><p>HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\Run: [Steam] => D:\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-02-22]</p><p>ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-02-22]</p><p>ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)</p><p>Startup: C:\Users\Shade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2014-06-20]</p><p>ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)</p><p>ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKU\S-1-5-21-3171145056-229118582-1774830325-1010\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://jbh/" target="_blank">http://jbh/</a></p><p>BHO: GetGo URLCatch -> {0315AA2C-10C7-4504-A1C4-F552ABA8A095} -> C:\Program Files\GetGo Software\GetGo Download Manager\URLCatch.dll [2014-09-22] (GetGo Software)</p><p>BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-07-19] (Oracle Corporation)</p><p>BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2014-02-22] (LastPass)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-07-19] (Oracle Corporation)</p><p>Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2014-02-22] (LastPass)</p><p>Toolbar: HKLM - GetGo Toolbar - {075BBE29-FEC0-404a-A459-FF58713616FA} - C:\Program Files\GetGo Software\GetGo Download Manager\GGToolBand.dll [2014-09-22] (GetGo Software)</p><p>Toolbar: HKU\S-1-5-21-3171145056-229118582-1774830325-1010 -> GetGo Toolbar - {075BBE29-FEC0-404A-A459-FF58713616FA} - C:\Program Files\GetGo Software\GetGo Download Manager\GGToolBand.dll [2014-09-22] (GetGo Software)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p>Tcpip\..\Interfaces\{84F4B37D-668D-4506-ABB1-70FA9D5696E0}: [NameServer] 8.8.8.8,8.8.4.4</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default</p><p>FF Homepage: <a href="https://duckduckgo.com/" target="_blank">https://duckduckgo.com/</a></p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll [2014-06-18] ()</p><p>FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Almost ALl Softwares\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File</p><p>FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Almost ALl Softwares\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File</p><p>FF Plugin: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-07-19] (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-07-19] (Oracle Corporation)</p><p>FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2014-02-22] (LastPass)</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)</p><p>FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)</p><p>FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)</p><p>FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File</p><p>FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)</p><p>FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)</p><p>FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)</p><p>FF SearchPlugin: C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\searchplugins\duckduckgo.xml [2014-01-15]</p><p>FF Extension: Xmarks - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\<a href="mailto:foxmarks@kei.com">foxmarks@kei.com</a> [2014-04-06]</p><p>FF Extension: LastPass - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\<a href="mailto:support@lastpass.com">support@lastpass.com</a> [2014-04-06]</p><p>FF Extension: WOT - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-06]</p><p>FF Extension: Adblock Plus Pop-up Addon - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\<a href="mailto:adblockpopups@jessehakanen.net.xpi">adblockpopups@jessehakanen.net.xpi</a> [2014-04-06]</p><p>FF Extension: ImageBlock - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\<a href="mailto:imageblock@hemantvats.com.xpi">imageblock@hemantvats.com.xpi</a> [2014-04-06]</p><p>FF Extension: DuckDuckGo Plus - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\<a href="mailto:jid1-ZAdIEUB7XOzOJw@jetpack.xpi">jid1-ZAdIEUB7XOzOJw@jetpack.xpi</a> [2014-04-06]</p><p>FF Extension: NoScript - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-06]</p><p>FF Extension: SEO Global For Google Search™ - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}.xpi [2014-04-06]</p><p>FF Extension: Adblock Plus - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-06]</p><p>FF HKLM\...\Firefox\Extensions: [<a href="mailto:fiddlerhook@fiddler2.com">fiddlerhook@fiddler2.com</a>] - C:\Program Files\Fiddler2\FiddlerHook</p><p>FF Extension: FiddlerHook - C:\Program Files\Fiddler2\FiddlerHook [2014-05-28]</p><p>FF HKLM\...\Firefox\Extensions: [{0DB87752-EDD2-4ddf-8AE4-A020088EF267}] - C:\Program Files\GetGo Software\GetGo Download Manager\GGMoz</p><p>FF Extension: GetGo Firefox Addon - C:\Program Files\GetGo Software\GetGo Download Manager\GGMoz [2014-10-22]</p><p>FF HKLM\...\Thunderbird\Extensions: [<a href="mailto:eplgTb@eset.com">eplgTb@eset.com</a>] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird</p><p>FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR Profile: C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (uBlock Origin) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-05-09]</p><p>CHR Extension: (Bookmark Manager) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-09]</p><p>CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-09]</p><p>CHR Extension: (Google Dictionary (by Google)) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-05-09]</p><p>CHR Extension: (Google Wallet) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-09]</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)</p><p>R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2014-10-01] (ESET)</p><p>R2 FoxitCloudUpdateService; D:\Almost ALl Softwares\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)</p><p>R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)</p><p>R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)</p><p>R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)</p><p>R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)</p><p>R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [971968 2015-02-03] (@ByELDI) [File not signed]</p><p>S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2015-01-31] (Microsoft Corporation)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)</p><p>R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [191928 2014-08-18] (ESET)</p><p>R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [190368 2014-08-18] (ESET)</p><p>R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [135296 2014-08-18] (ESET)</p><p>R2 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [176448 2014-08-18] (ESET)</p><p>R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [37928 2014-08-18] (ESET)</p><p>R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [51288 2014-09-18] (ESET)</p><p>R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-04-08] ()</p><p>R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [92888 2015-04-14] (Malwarebytes Corporation)</p><p>R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)</p><p>R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-10] (Malwarebytes Corporation)</p><p>R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)</p><p>R3 mcdbus; C:\WINDOWS\System32\drivers\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]</p><p>S3 MWAC; \??\C:\WINDOWS\system32\drivers\ [0 ] () <==== ATTENTION (zero size file/folder)</p><p>S3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [26208 2013-12-29] (SoftEther Project at University of Tsukuba, Japan.)</p><p>S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [20040 2014-01-14] ()</p><p>R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2014-06-20] (Duplex Secure Ltd.)</p><p>R3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)</p><p>S3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)</p><p>S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)</p><p>S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]</p><p>S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]</p><p>S3 etvspanx; No ImagePath</p><p>S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]</p><p>U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [52224 2012-07-26] (Microsoft Corporation)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-05-10 16:54 - 2015-05-10 16:54 - 00014926 _____ () C:\Users\Shade\Downloads\FRST.txt</p><p>2015-05-10 16:47 - 2015-05-10 16:48 - 00028885 _____ () C:\Users\Shade\Downloads\Addition.txt</p><p>2015-05-10 16:45 - 2015-05-10 16:45 - 01141248 _____ (Farbar) C:\Users\Shade\Downloads\FRST.exe</p><p>2015-05-09 12:48 - 2015-05-09 12:48 - 00245248 _____ ([Fix-KB]) C:\Users\Shade\Downloads\DriveTidy.exe</p><p>2015-05-09 12:46 - 2015-05-09 12:58 - 00000000 ____D () C:\ProgramData\RogueKiller</p><p>2015-05-09 12:46 - 2015-05-09 12:46 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys</p><p>2015-05-09 12:39 - 2015-05-09 12:44 - 16937048 _____ () C:\Users\Shade\Downloads\RogueKiller.exe</p><p>2015-05-09 12:39 - 2015-05-09 12:39 - 00243304 _____ () C:\Users\Shade\Downloads\Firefox Setup Stub 37.0.2.exe</p><p>2015-05-07 23:30 - 2015-05-07 23:30 - 00880272 _____ () C:\Users\Shade\Downloads\5183832.zip</p><p>2015-05-07 23:26 - 2015-05-07 23:28 - 08506106 _____ () C:\Users\Shade\Downloads\7467829 (1).zip</p><p>2015-05-07 23:22 - 2015-05-07 23:24 - 08506106 _____ () C:\Users\Shade\Downloads\7467829.zip</p><p>2015-05-07 23:13 - 2015-05-07 23:19 - 21204171 _____ () C:\Users\Shade\Downloads\9347966.zip</p><p>2015-05-07 22:49 - 2015-05-07 22:50 - 02998091 _____ () C:\Users\Shade\Downloads\8009311.zip</p><p>2015-05-05 00:49 - 2015-05-05 00:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit</p><p>2015-05-05 00:39 - 2015-05-05 00:41 - 03020968 _____ (Malwarebytes ) C:\Users\Shade\Downloads\mbae-setup-1.06.1.1019.exe</p><p>2015-05-04 20:21 - 2015-05-04 20:27 - 12618962 _____ () C:\Users\Shade\Downloads\6776237.rar</p><p>2015-05-04 20:21 - 2015-05-04 20:22 - 01464992 _____ () C:\Users\Shade\Downloads\4582693.zip</p><p>2015-05-04 20:18 - 2015-05-04 20:20 - 04992936 _____ () C:\Users\Shade\Downloads\3213950.zip</p><p>2015-05-04 20:15 - 2015-05-04 20:16 - 03360391 _____ () C:\Users\Shade\Downloads\7736572.zip</p><p>2015-05-04 20:15 - 2015-05-04 20:16 - 01505316 _____ () C:\Users\Shade\Downloads\9749772.rar</p><p>2015-05-04 20:15 - 2015-05-04 20:16 - 01243120 _____ () C:\Users\Shade\Downloads\8107830.rar</p><p>2015-05-04 20:13 - 2015-05-04 20:14 - 01901219 _____ () C:\Users\Shade\Downloads\6423029.rar</p><p>2015-05-04 20:10 - 2015-05-04 20:13 - 07542958 _____ () C:\Users\Shade\Downloads\997702.rar</p><p>2015-05-04 20:04 - 2015-05-04 20:09 - 10788824 _____ () C:\Users\Shade\Downloads\585658.zip</p><p>2015-05-04 19:54 - 2015-05-04 19:54 - 01118286 _____ () C:\Users\Shade\Downloads\8372739.rar</p><p>2015-05-04 19:46 - 2015-05-04 19:55 - 19729113 _____ () C:\Users\Shade\Downloads\4373875.zip</p><p>2015-05-04 19:23 - 2015-05-04 19:23 - 01026210 _____ () C:\Users\Shade\Downloads\1525597.zip</p><p>2015-05-04 19:15 - 2015-05-04 19:21 - 12943932 _____ () C:\Users\Shade\Downloads\8211324.zip</p><p>2015-05-04 18:33 - 2015-05-04 18:43 - 18376482 _____ () C:\Users\Shade\Downloads\4543353.zip</p><p>2015-05-04 01:52 - 2015-05-04 01:52 - 00000000 ____D () C:\Users\102\AppData\Local\CyberGhost</p><p>2015-05-03 23:16 - 2015-05-03 23:17 - 02090410 _____ () C:\Users\Shade\Downloads\5853680.zip</p><p>2015-05-02 14:02 - 2015-05-10 16:54 - 00000000 ____D () C:\FRST</p><p>2015-05-01 18:15 - 2015-05-01 18:24 - 10568854 _____ () C:\Users\Shade\Downloads\2523063.zip</p><p>2015-05-01 18:14 - 2015-05-01 18:14 - 00496811 _____ () C:\Users\Shade\Downloads\7681690.zip</p><p>2015-04-30 11:59 - 2015-04-30 11:59 - 00000199 _____ () C:\Users\Shade\Desktop\Dota 2.url</p><p>2015-04-29 23:06 - 2015-04-29 23:44 - 75108964 _____ () C:\Users\Shade\Downloads\TCP-IP 1-3.rar</p><p>2015-04-29 22:59 - 2015-04-29 23:05 - 10528829 _____ () C:\Users\Shade\Downloads\8545190 (1).rar</p><p>2015-04-29 22:50 - 2015-04-29 22:52 - 02461595 _____ () C:\Users\Shade\Downloads\9475366.rar</p><p>2015-04-29 22:40 - 2015-04-29 22:42 - 02611205 _____ () C:\Users\Shade\Downloads\4955320.rar</p><p>2015-04-29 22:30 - 2015-04-29 22:31 - 01585959 _____ () C:\Users\Shade\Downloads\1168073.zip</p><p>2015-04-29 22:26 - 2015-04-29 22:27 - 02680872 _____ () C:\Users\Shade\Downloads\8975653.rar</p><p>2015-04-29 22:25 - 2015-04-29 22:29 - 06363607 _____ () C:\Users\Shade\Downloads\2216738.rar</p><p>2015-04-28 01:10 - 2015-04-28 01:10 - 10266810 _____ () C:\Users\102\Downloads\bloomberg.xap</p><p>2015-04-28 00:03 - 2015-04-28 00:08 - 11653280 _____ () C:\Users\Shade\Downloads\Game_Engine_Architecture.pdf.crdownload</p><p>2015-04-27 20:47 - 2015-04-27 20:49 - 02907680 _____ () C:\Users\Shade\Downloads\9851083.rar</p><p>2015-04-27 20:24 - 2015-04-27 20:26 - 02937097 _____ () C:\Users\Shade\Downloads\3641627.zip</p><p>2015-04-27 20:22 - 2015-04-27 20:23 - 01463325 _____ () C:\Users\Shade\Downloads\3791426 (1).rar</p><p>2015-04-27 19:43 - 2015-04-27 20:07 - 26639952 _____ () C:\Users\Shade\Downloads\2289477.zip</p><p>2015-04-27 19:16 - 2015-04-27 19:29 - 05531120 _____ () C:\Users\Shade\Downloads\5709734.zip</p><p>2015-04-27 18:46 - 2015-05-06 11:05 - 00000017 _____ () C:\Users\102\Desktop\download.htm</p><p>2015-04-27 16:27 - 2015-04-27 16:30 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (7).exe</p><p>2015-04-27 16:26 - 2015-04-27 16:29 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (6).exe</p><p>2015-04-27 16:12 - 2015-04-27 16:12 - 00243304 _____ () C:\Users\102\Downloads\Firefox Setup Stub 37.0.2.exe</p><p>2015-04-27 15:55 - 2015-04-27 15:55 - 00880208 _____ (Google Inc.) C:\Users\102\Downloads\ChromeSetup (2).exe</p><p>2015-04-27 15:54 - 2015-04-27 15:54 - 00880208 _____ (Google Inc.) C:\Users\102\Downloads\ChromeSetup (1).exe</p><p>2015-04-27 13:39 - 2015-04-27 13:40 - 00880208 _____ (Google Inc.) C:\Users\102\Downloads\ChromeSetup.exe</p><p>2015-04-26 23:36 - 2015-04-26 23:46 - 17442080 _____ () C:\Users\Shade\Downloads\6824531.zip</p><p>2015-04-26 23:33 - 2015-04-26 23:33 - 01463325 _____ () C:\Users\Shade\Downloads\3791426.rar</p><p>2015-04-26 23:05 - 2015-04-26 23:32 - 50916235 _____ () C:\Users\Shade\Downloads\Rootkit_Arsenal Complete.zip</p><p>2015-04-26 22:12 - 2015-04-26 22:13 - 03666369 _____ () C:\Users\Shade\Downloads\3665826.rar</p><p>2015-04-26 21:56 - 2015-04-26 22:09 - 24028100 _____ () C:\Users\Shade\Downloads\9172544.rar</p><p>2015-04-26 21:55 - 2015-04-26 21:56 - 01661927 _____ () C:\Users\Shade\Downloads\1164480.zip</p><p>2015-04-26 14:42 - 2015-04-26 14:45 - 02184160 _____ () C:\Users\Shade\Downloads\Unconfirmed 610891.crdownload</p><p>2015-04-26 14:42 - 2015-04-26 14:43 - 01168193 _____ () C:\Users\Shade\Downloads\6941919.zip</p><p>2015-04-26 14:35 - 2015-04-26 14:41 - 06621030 _____ () C:\Users\Shade\Downloads\4356861.rar</p><p>2015-04-26 12:40 - 2015-04-26 12:41 - 00508640 _____ () C:\Users\Shade\Downloads\Unconfirmed 256089.crdownload</p><p>2015-04-26 12:38 - 2015-04-26 12:41 - 08708997 _____ () C:\Users\Shade\Downloads\Unconfirmed 512035.crdownload</p><p>2015-04-26 12:32 - 2015-04-26 12:33 - 03250022 _____ () C:\Users\Shade\Downloads\6546265.zip</p><p>2015-04-26 12:26 - 2015-04-26 12:30 - 07263070 _____ () C:\Users\Shade\Downloads\8859378.zip</p><p>2015-04-26 12:26 - 2015-04-26 12:29 - 05405401 _____ () C:\Users\Shade\Downloads\3114960.rar</p><p>2015-04-26 12:11 - 2015-04-26 12:16 - 10170290 _____ () C:\Users\Shade\Downloads\2270940.rar</p><p>2015-04-26 12:11 - 2015-04-26 12:16 - 10103303 _____ () C:\Users\Shade\Downloads\4431890.zip</p><p>2015-04-26 12:08 - 2015-04-26 12:10 - 06643947 _____ () C:\Users\Shade\Downloads\2398862.zip</p><p>2015-04-26 12:06 - 2015-04-26 12:08 - 03478881 _____ () C:\Users\Shade\Downloads\6756800.zip</p><p>2015-04-26 12:05 - 2015-04-26 12:07 - 04545672 _____ () C:\Users\Shade\Downloads\7247648.zip</p><p>2015-04-26 00:47 - 2015-04-26 00:49 - 10109071 _____ () C:\Users\Shade\Downloads\2220215.zip</p><p>2015-04-26 00:42 - 2015-04-26 00:45 - 10528829 _____ () C:\Users\Shade\Downloads\8545190.rar</p><p>2015-04-26 00:17 - 2015-04-26 00:23 - 19498908 _____ () C:\Users\Shade\Downloads\3835377.rar</p><p>2015-04-26 00:04 - 2015-04-26 00:04 - 00287646 _____ () C:\Users\Shade\Downloads\5411382.rar</p><p>2015-04-25 23:16 - 2015-04-25 23:18 - 02218755 _____ () C:\Users\Shade\Downloads\1860766.rar</p><p>2015-04-25 01:05 - 2015-04-25 01:05 - 00000199 _____ () C:\Users\Shade\Desktop\Team Fortress 2.url</p><p>2015-04-25 00:12 - 2015-04-25 00:12 - 00001076 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2015-04-25 00:12 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys</p><p>2015-04-25 00:12 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys</p><p>2015-04-25 00:12 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys</p><p>2015-04-24 14:48 - 2015-04-24 14:51 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (5).exe</p><p>2015-04-23 14:02 - 2015-04-23 14:04 - 00000277 _____ () C:\Users\newadmin\Desktop\notifications.txt</p><p>2015-04-23 13:58 - 2015-04-23 13:58 - 00000000 ____H () C:\Users\newadmin\Documents\Default.rdp</p><p>2015-04-23 13:57 - 2015-04-23 13:57 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\ESET</p><p>2015-04-23 13:57 - 2015-04-23 13:57 - 00000000 ____D () C:\Users\newadmin\AppData\Local\ESET</p><p>2015-04-23 13:53 - 2015-04-23 13:53 - 00000000 ____D () C:\Users\newadmin\AppData\Local\Google</p><p>2015-04-23 13:52 - 2015-04-23 13:52 - 00001430 _____ () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk</p><p>2015-04-23 13:52 - 2015-04-23 13:52 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\Adobe</p><p>2015-04-23 13:52 - 2015-04-23 13:52 - 00000000 ____D () C:\Users\newadmin\AppData\Local\VirtualStore</p><p>2015-04-23 13:51 - 2015-04-23 13:53 - 00000000 ____D () C:\Users\newadmin</p><p>2015-04-23 13:51 - 2015-04-23 13:51 - 00000020 ___SH () C:\Users\newadmin\ntuser.ini</p><p>2015-04-23 13:51 - 2015-04-20 22:27 - 00000000 ___RD () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools</p><p>2015-04-23 13:51 - 2014-07-14 23:49 - 00000000 ___RD () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility</p><p>2015-04-23 13:51 - 2014-04-09 12:49 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\Macromedia</p><p>2015-04-23 13:51 - 2014-03-30 00:13 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\IObit</p><p>2015-04-23 13:51 - 2012-07-26 12:23 - 00000000 ___RD () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2015-04-23 13:51 - 2012-07-26 12:23 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance</p><p>2015-04-22 18:40 - 2015-04-28 01:11 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (4).exe</p><p>2015-04-22 18:22 - 2015-04-22 18:22 - 00000623 _____ () C:\Users\102\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fallou 3 New Vegas.lnk</p><p>2015-04-22 14:56 - 2015-04-22 14:56 - 00281584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT</p><p>2015-04-21 23:34 - 2015-04-21 23:34 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (3).exe</p><p>2015-04-21 14:17 - 2015-04-21 14:17 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (2).exe</p><p>2015-04-21 14:17 - 2015-04-21 14:17 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (1).exe</p><p>2015-04-21 14:14 - 2015-04-21 14:15 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight.exe</p><p>2015-04-20 22:32 - 2015-04-14 03:37 - 00791520 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe</p><p>2015-04-20 22:32 - 2015-04-14 03:37 - 00177632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl</p><p>2015-04-20 22:27 - 2015-04-20 22:27 - 00000000 ____D () C:\WINDOWS\system32\appraiser</p><p>2015-04-16 10:15 - 2015-04-16 10:15 - 00000000 ____D () C:\Users\102\AppData\Local\Steam</p><p>2015-04-16 01:48 - 2015-01-09 10:33 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll</p><p>2015-04-16 01:48 - 2015-01-09 05:22 - 00478296 _____ () C:\WINDOWS\system32\locale.nls</p><p>2015-04-16 01:23 - 2015-03-10 09:19 - 14373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll</p><p>2015-04-16 01:23 - 2015-03-10 09:19 - 02864640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll</p><p>2015-04-16 01:23 - 2015-03-10 09:19 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll</p><p>2015-04-16 01:23 - 2015-03-10 09:19 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll</p><p>2015-04-16 01:23 - 2015-03-10 09:19 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll</p><p>2015-04-16 01:23 - 2015-03-10 09:19 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll</p><p>2015-04-16 01:23 - 2015-03-10 09:19 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll</p><p>2015-04-16 01:23 - 2015-03-10 09:19 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll</p><p>2015-04-16 01:23 - 2015-03-10 09:18 - 13767680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll</p><p>2015-04-16 01:23 - 2015-02-21 11:01 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll</p><p>2015-04-16 01:23 - 2015-02-21 11:01 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll</p><p>2015-04-16 01:23 - 2015-02-21 11:01 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe</p><p>2015-04-16 01:23 - 2015-02-21 11:00 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll</p><p>2015-04-16 01:23 - 2015-02-21 11:00 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll</p><p>2015-04-16 01:23 - 2015-02-21 11:00 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll</p><p>2015-04-16 01:23 - 2015-02-21 11:00 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll</p><p>2015-04-16 01:23 - 2015-02-21 11:00 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll</p><p>2015-04-16 01:23 - 2015-02-21 11:00 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll</p><p>2015-04-16 01:23 - 2015-02-21 11:00 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll</p><p>2015-04-16 01:23 - 2015-02-21 11:00 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll</p><p>2015-04-16 01:23 - 2015-02-21 10:59 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl</p><p>2015-04-16 01:23 - 2015-02-21 10:59 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll</p><p>2015-04-16 01:23 - 2015-02-21 10:59 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll</p><p>2015-04-16 01:23 - 2015-02-21 10:39 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb</p><p>2015-04-16 01:23 - 2015-02-21 10:37 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll</p><p>2015-04-16 01:23 - 2015-02-21 10:12 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec</p><p>2015-04-16 01:15 - 2015-03-17 10:19 - 05570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe</p><p>2015-04-16 01:15 - 2015-03-06 11:18 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll</p><p>2015-04-16 01:15 - 2015-02-03 04:48 - 00493256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys</p><p>2015-04-16 01:15 - 2015-01-15 15:30 - 01026560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll</p><p>2015-04-16 01:15 - 2015-01-15 15:30 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll</p><p>2015-04-16 01:14 - 2015-03-17 10:15 - 01474000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll</p><p>2015-04-16 01:14 - 2015-01-15 14:39 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll</p><p>2015-04-16 01:12 - 2015-03-23 09:14 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll</p><p>2015-04-16 01:12 - 2015-03-23 09:14 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll</p><p>2015-04-16 01:12 - 2015-03-23 09:14 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll</p><p>2015-04-16 01:12 - 2015-03-23 09:13 - 00859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll</p><p>2015-04-16 01:12 - 2015-03-23 09:13 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll</p><p>2015-04-16 01:12 - 2015-03-23 09:13 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll</p><p>2015-04-16 01:12 - 2015-03-23 03:33 - 00896000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll</p><p>2015-04-16 01:12 - 2014-12-08 10:34 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll</p><p>2015-04-16 01:12 - 2014-12-03 07:17 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll</p><p>2015-04-16 01:09 - 2015-03-06 11:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll</p><p>2015-04-16 01:07 - 2015-01-31 15:27 - 00038392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys</p><p>2015-04-16 01:07 - 2015-01-31 08:45 - 00238304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys</p><p>2015-04-16 01:06 - 2015-03-04 10:54 - 00011105 _____ () C:\WINDOWS\system32\AutoconfigV2.cab</p><p>2015-04-16 01:06 - 2015-03-04 10:53 - 00449848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe</p><p>2015-04-16 01:06 - 2015-03-04 10:53 - 00413208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe</p><p>2015-04-16 01:06 - 2015-03-04 10:23 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll</p><p>2015-04-16 01:06 - 2015-03-04 10:23 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll</p><p>2015-04-16 01:05 - 2014-09-18 04:54 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll</p><p>2015-04-16 01:04 - 2015-01-29 11:49 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll</p><p>2015-04-16 01:03 - 2015-02-13 04:47 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml</p><p>2015-04-16 01:03 - 2015-01-24 10:30 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll</p><p>2015-04-16 01:02 - 2015-03-14 12:03 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll</p><p>2015-04-16 01:01 - 2015-02-20 13:40 - 00035328 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll</p><p>2015-04-16 01:01 - 2015-02-20 12:54 - 00304128 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll</p><p>2015-04-16 00:58 - 2015-02-24 12:41 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys</p><p>2015-04-16 00:58 - 2015-02-17 10:43 - 17561600 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll</p><p>2015-04-16 00:58 - 2015-01-24 10:30 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll</p><p>2015-04-16 00:58 - 2015-01-24 09:30 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll</p><p>2015-04-16 00:58 - 2014-12-18 12:32 - 00038720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys</p><p>2015-04-16 00:58 - 2014-12-18 11:50 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll</p><p>2015-04-16 00:58 - 2014-12-18 11:49 - 00683520 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL</p><p>2015-04-16 00:58 - 2014-12-18 11:49 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL</p><p>2015-04-16 00:58 - 2014-11-26 10:20 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll</p><p>2015-04-16 00:57 - 2015-02-26 09:27 - 03401728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys</p><p>2015-04-16 00:56 - 2015-03-04 10:52 - 00256832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys</p><p>2015-04-16 00:56 - 2015-03-04 10:22 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll</p><p>2015-04-16 00:56 - 2015-01-24 10:30 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll</p><p>2015-04-10 20:58 - 2015-04-10 20:58 - 00178923 _____ () C:\Users\Shade\Documents\231050</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-05-10 16:53 - 2014-06-18 21:41 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job</p><p>2015-05-10 16:48 - 2015-02-06 11:43 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2015-05-10 16:30 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\system32\sru</p><p>2015-05-10 16:03 - 2014-08-30 16:03 - 01301673 _____ () C:\WINDOWS\WindowsUpdate.log</p><p>2015-05-10 16:03 - 2014-06-13 23:17 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit</p><p>2015-05-10 15:43 - 2015-02-06 11:43 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-05-10 15:43 - 2014-06-01 08:52 - 00000508 _____ () C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job</p><p>2015-05-10 15:43 - 2014-03-29 23:10 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys</p><p>2015-05-10 12:24 - 2013-12-24 08:34 - 00000000 ____D () C:\ProgramData\NVIDIA</p><p>2015-05-10 12:24 - 2012-07-26 11:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT</p><p>2015-05-09 21:41 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\Microsoft.NET</p><p>2015-05-09 13:15 - 2015-04-04 14:28 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2015-05-09 12:53 - 2015-04-04 14:07 - 00000000 ____D () C:\Users\Shade\AppData\Local\Deployment</p><p>2015-05-09 01:51 - 2012-07-26 12:13 - 00000000 ____D () C:\WINDOWS\CbsTemp</p><p>2015-05-09 01:50 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\system32\NDF</p><p>2015-05-08 23:52 - 2015-01-24 00:22 - 00000000 ____D () C:\Users\Shade\Desktop\Programming</p><p>2015-05-06 23:18 - 2015-03-27 00:52 - 00000000 ____D () C:\Program Files\HxD</p><p>2015-05-05 00:49 - 2014-01-05 22:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit</p><p>2015-05-02 14:02 - 2014-07-19 19:30 - 00000000 ____D () C:\Users\102\Documents\Fiddler2</p><p>2015-04-30 13:50 - 2014-06-27 09:33 - 00000000 ____D () C:\The Elder Scrolls III Morrowind GOTY</p><p>2015-04-30 11:59 - 2014-04-06 14:58 - 00000000 ____D () C:\Users\Shade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam</p><p>2015-04-28 09:02 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\AUInstallAgent</p><p>2015-04-28 01:09 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\AppCompat</p><p>2015-04-27 18:39 - 2014-07-31 17:20 - 00000000 ____D () C:\Oblivion Elder Scrolls</p><p>2015-04-27 18:39 - 2014-06-24 00:37 - 00000000 ____D () C:\Users\102\Documents\Nexus Mod Manager</p><p>2015-04-26 14:27 - 2013-12-24 00:46 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2015-04-26 14:25 - 2014-09-25 11:47 - 00009714 _____ () C:\WINDOWS\setupact.log</p><p>2015-04-25 14:53 - 2014-09-08 12:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware</p><p>2015-04-25 00:12 - 2014-09-08 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2015-04-25 00:04 - 2013-12-26 18:22 - 00000000 ____D () C:\Program Files\Steam</p><p>2015-04-22 16:45 - 2015-04-06 01:34 - 00001430 _____ () C:\Users\102\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk</p><p>2015-04-22 16:25 - 2015-04-04 14:02 - 00001430 _____ () C:\Users\Shade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk</p><p>2015-04-20 22:33 - 2014-04-06 14:40 - 00000000 ____D () C:\Users\Shade</p><p>2015-04-20 22:27 - 2014-07-14 23:49 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel</p><p>2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ___RD () C:\WINDOWS\ToastData</p><p>2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools</p><p>2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools</p><p>2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\WinStore</p><p>2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ____D () C:\Program Files\Windows Defender</p><p>2015-04-19 14:38 - 2014-12-27 14:44 - 00000000 ____D () C:\Users\Shade\Desktop\Shubham</p><p>2015-04-16 01:42 - 2014-07-19 19:26 - 00000000 ____D () C:\WINDOWS\system32\MRT</p><p>2015-04-14 17:46 - 2013-12-26 18:22 - 00000000 ____D () C:\Program Files\Common Files\Steam</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2014-01-27 14:04 - 2014-01-27 14:23 - 50053120 _____ () C:\Program Files\GUT73BA.tmp</p><p>2014-02-22 14:58 - 2014-02-22 14:58 - 11149312 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe</p><p>2015-03-23 18:14 - 2015-03-23 18:14 - 0003317 _____ () C:\Users\Shade\AppData\Local\recently-used.xbel</p><p>2014-04-23 17:54 - 2014-04-23 17:54 - 0007605 _____ () C:\Users\Shade\AppData\Local\Resmon.ResmonCfg</p><p>2014-04-11 15:05 - 2014-04-11 15:05 - 0000003 _____ () C:\Users\Shade\AppData\Local\updater.log</p><p>2014-04-11 15:05 - 2014-09-28 17:00 - 0000059 _____ () C:\Users\Shade\AppData\Local\UserProducts.xml</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\Shade\AppData\Local\Temp\dllnt_dump.dll</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\WINDOWS\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\system32\winlogon.exe => File is digitally signed</p><p>C:\WINDOWS\system32\wininit.exe => File is digitally signed</p><p>C:\WINDOWS\system32\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\system32\services.exe => File is digitally signed</p><p>C:\WINDOWS\system32\User32.dll => File is digitally signed</p><p>C:\WINDOWS\system32\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\system32\rpcss.dll => File is digitally signed</p><p>C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-05-09 21:43</p><p></p><p>==================== End Of Log ============================</p><p>[/SPOILER]</p></blockquote><p></p>
[QUOTE="NullPointerException, post: 382902, member: 27076"] I really doubt I was RATed or so. Or that BibleGateway had an exploit in it. But still here's the log. (I DID find a strange cryptography string in registry but I deleted it with no results.) [SPOILER="Additional.txt"] Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015 Ran by Shade at 2015-05-10 16:47:28 Running from C:\Users\Shade\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= 102 (S-1-5-21-3171145056-229118582-1774830325-1008 - Limited - Enabled) => C:\Users\102 // An account I created. Administrator (S-1-5-21-3171145056-229118582-1774830325-500 - Administrator - Disabled) Guest (S-1-5-21-3171145056-229118582-1774830325-501 - Limited - Disabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-3171145056-229118582-1774830325-1003 - Limited - Enabled) newadmin (S-1-5-21-3171145056-229118582-1774830325-1011 - Limited - Enabled) => C:\Users\newadmin // note, it's an account I created. Shade (S-1-5-21-3171145056-229118582-1774830325-1010 - Administrator - Enabled) => C:\Users\Shade UpdatusUser (S-1-5-21-3171145056-229118582-1774830325-1004 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) "Minimal SYStem 1.0.10" (HKLM\...\MSYS-1.0_is1) (Version: 1.0.10 - MinGW) µTorrent (HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.) 7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - ) Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated) Apache Tomcat 8.0.15 (HKLM\...\nbi-tomcat-8.0.15.0.0) (Version: - ) Auslogics Disk Defrag Professional (HKLM\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.4.3.0 - Auslogics Software Pty Ltd) BitTorrent (HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.) BOSS (HKLM\...\BOSS) (Version: 2.1.1 - BOSS Development Team) Build Tools - x86 (Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (Version: 12.0.31101 - Microsoft Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) EPUB File Reader (HKLM\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - ) ESET Smart Security (HKLM\...\{9EBF258F-F8BC-4FC2-8F9F-07D55B2157C5}) (Version: 8.0.304.0 - ESET, spol s r. o.) Fallout (HKLM\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com) Fallout 2 (HKLM\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.10 - GOG.com) Fallout 3 Game of the Year Edition - DLCs (HKLM\...\{12CFDA5C-BDB9-460D-9E0D-F7879D9E2351}}_is1) (Version: - Bethesda Softworks) Fallout 3 Game of the Year Edition (HKLM\...\{552F1CCF-1364-424C-85F7-46D4D006BB69}}_is1) (Version: - Bethesda Softworks) Fallout Mod Manager 0.13.21 (HKLM\...\Generic Mod Manager_is1) (Version: - Q, Timeslip) Fallout New Vegas (HKLM\...\Fallout New Vegas_is1) (Version: - ) Fiddler (HKLM\...\Fiddler2) (Version: 4.4.8.0 - Telerik) Five Nights at Freddy's (HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\Five Nights at Freddy's) (Version: - ) GetGo Download Manager (HKLM\...\GetGoSoft_GetGoDM) (Version: 5.1.0.2224 - GetGo Software Ltd.) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0) (Version: - ) Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.) HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz) IDA Demo v6.6 (HKLM\...\IDA Demo_is1) (Version: - Hex-Rays SA) Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) // I know it's out of date and all... Java 8 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation) Java SE Development Kit 8 Update 11 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation) KC Softwares KCleaner (HKLM\...\KC Softwares KCleaner_is1) (Version: - KC Softwares) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - ) LastPass (uninstall only) (HKLM\...\LastPass) (Version: - LastPass) LOOT (HKLM\...\LOOT) (Version: 0.6.1 - LOOT Development Team) Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - ) Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual Studio Community 2013 with Update 4 (HKLM\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation) NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org) NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming) Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team) NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC) Python 3.4.0 (HKLM\...\{a37f2d73-72d1-364d-ba5d-cea430bcc040}) (Version: 3.4.150 - Python Software Foundation) PythonScript plugin for Notepad++ (HKLM\...\{5DCB60E0-AD70-4DEE-8E29-4475C3822101}) (Version: 1.0.2.0 - Dave Brotherstone) Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.) Skyrim Performance Monitor (HKLM\...\{84AEB93A-ECBB-4568-8F59-D4516EF59079}) (Version: 3.66 - SirGarnon on Skyrim Nexus) SlimDX Runtime .NET 2.0 (January 2012) (HKLM\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group) SlimPDF Reader 1.0 (HKLM\...\{7E1FEE27-F869-4D4B-8AA3-64C7FD99BD7C}_is1) (Version: 1.0 - Investintech.com Inc.) Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform) Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk) System Requirements Lab CYRI (HKLM\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve) Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC) The Elder Scrolls III Morrowind GOTY version 0.0.0.9 (HKLM\...\The Elder Scrolls III Morrowind GOTY_is1) (Version: 0.0.0.9 - VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) Wrye Bash (HKLM\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3171145056-229118582-1774830325-1010_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Shade\AppData\Local\Temp\FBD0.exe No File ==================== Restore Points ========================= 03-03-2015 01:27:00 Scheduled Checkpoint 13-03-2015 00:13:49 Scheduled Checkpoint 22-03-2015 13:24:23 Scheduled Checkpoint 04-04-2015 13:58:13 Windows Modules Installer 06-04-2015 16:23:58 Installed Cepstral David 6.2.3 12-04-2015 15:26:19 Removed Cepstral David 6.2.3 16-04-2015 01:29:12 Windows Update 09-05-2015 01:51:44 Latest update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 09:47 - 2014-10-30 20:26 - 00000762 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0994A8BD-36B2-4E55-BF69-9953AE90EF0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.) Task: {2B37DD35-6A62-4CA8-B194-C63EC2BE6917} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.) Task: {2F94EC75-BFD1-42A1-BB83-75B9065F7AC2} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-8761-435E-9AAA-08063F7EB902} for Shade => D:\Disk Defrag Professional\DiskDefragPro.exe [2014-11-13] (Auslogics) Task: {3D2775ED-46C4-4BAB-B88D-450230BB7DB7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation) Task: {4CD43CFB-DBD6-40FC-9B27-8C8FFC7C3324} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe Task: {74AE7DFC-B763-4918-8A68-F11924E1804C} - System32\Tasks\GoogleUpdateTaskMachineUA1d041d4114642d5 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.) Task: {7735AEB2-0ED4-41A7-B68F-6593233FD40C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-18] (Adobe Systems Incorporated) Task: {914BA061-D948-4B3B-B037-134770298143} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-FD06-4FA3-B740-491EBD1F0DE5} for Shade => D:\Disk Defrag Professional\DiskDefragPro.exe [2014-11-13] (Auslogics) Task: {9A128BFD-F83C-4929-8EA6-A4ABAABC388D} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-091D-489A-AF07-4211AF51C362} for Shade => D:\Disk Defrag Professional\DiskDefragPro.exe [2014-11-13] (Auslogics) Task: {C9902214-0F35-4805-AD84-E70E394F6480} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd) Task: {CBAAA410-11DC-41F6-9280-9B556E98BD26} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-02-03] (@ByELDI) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d041d4114642d5.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe6C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe ==================== Loaded Modules (whitelisted) ============== 2013-12-24 08:34 - 2013-10-23 12:49 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2015-04-25 00:15 - 2015-03-10 12:07 - 00775680 _____ () D:\Steam\SDL2.dll 2015-04-25 00:15 - 2014-12-02 05:59 - 05002752 _____ () D:\Steam\v8.dll 2015-04-25 00:15 - 2015-04-14 05:14 - 02371776 _____ () D:\Steam\video.dll 2015-04-25 00:15 - 2014-12-02 05:59 - 01612800 _____ () D:\Steam\icui18n.dll 2015-04-25 00:15 - 2014-12-02 05:59 - 01210368 _____ () D:\Steam\icuuc.dll 2015-04-25 00:15 - 2014-12-02 03:01 - 02396672 _____ () D:\Steam\libavcodec-56.dll 2015-04-25 00:15 - 2014-12-02 03:01 - 00479744 _____ () D:\Steam\libavformat-56.dll 2015-04-25 00:15 - 2014-12-02 03:01 - 00332800 _____ () D:\Steam\libavresample-2.dll 2015-04-25 00:15 - 2014-12-02 03:01 - 00442880 _____ () D:\Steam\libavutil-54.dll 2015-04-25 00:15 - 2014-12-02 03:01 - 00485888 _____ () D:\Steam\libswscale-3.dll 2015-04-25 00:16 - 2015-04-14 05:14 - 00702656 _____ () D:\Steam\bin\chromehtml.DLL 2015-04-25 00:16 - 2015-02-25 07:28 - 34641288 _____ () D:\Steam\bin\libcef.dll 2015-04-25 00:16 - 2015-02-25 07:28 - 01709960 _____ () D:\Steam\bin\ffmpegsumo.dll 2015-04-30 21:30 - 2015-04-28 07:37 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libglesv2.dll 2015-04-30 21:30 - 2015-04-28 07:37 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libegl.dll 2015-04-30 21:30 - 2015-04-28 07:37 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll /* Nothing much interested below */ ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" // I know little of this. HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3171145056-229118582-1774830325-1010\Control Panel\Desktop\\Wallpaper -> C:\Users\Shade\Documents\lulz-security.jpg /* nothing ; just an image.... */ DNS Servers: 8.8.8.8 - 8.8.4.4 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk" HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk" HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run: => "Malwarebytes Anti-Exploit" HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\StartupApproved\StartupFolder: => "MagicDisc.lnk" ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe // I know very little Windows 8, what is this? FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe // And this FirewallRules: [{D1D44427-8759-4514-99B7-EC4BA6A33F87}] => (Allow) D:\Steam\Steam.exe FirewallRules: [{99EB83FA-56E7-44F8-AE13-28D44B4CB4EF}] => (Allow) D:\Steam\Steam.exe FirewallRules: [{4F53B02D-FE77-4534-B09F-515EAC82D793}] => (Allow) D:\Steam\bin\steamwebhelper.exe FirewallRules: [{BF03A5BA-D4DF-49F7-A622-00DF3C7B5943}] => (Allow) D:\Steam\bin\steamwebhelper.exe FirewallRules: [{445D1F3C-9152-4F83-B9F0-E2E641AB70CE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== // THIS is interesting.I can't read this really. Error: (05/10/2015 11:18:13 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: The Desktop Window Manager has encountered a fatal error (0x8898008d) Error: (05/09/2015 09:41:34 PM) (Source: ESENT) (EventID: 489) (User: ) Description: taskhostex (2388) An attempt to open the file "C:\Users\Shade\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (05/09/2015 09:41:00 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: The Desktop Window Manager has encountered a fatal error (0x8898008d) Error: (05/09/2015 08:35:21 PM) (Source: ESENT) (EventID: 489) (User: ) Description: taskhostex (5048) An attempt to open the file "C:\Users\Shade\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (05/09/2015 08:34:56 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: The Desktop Window Manager has encountered a fatal error (0x8898008d) Error: (05/09/2015 00:49:09 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: The Desktop Window Manager has encountered a fatal error (0x8898008d) Error: (05/07/2015 00:57:29 PM) (Source: Winlogon) (EventID: 4005) (User: ) Description: The Windows logon process has unexpectedly terminated. Error: (05/05/2015 00:26:33 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 390 Start Time: 01d0869bbcd5c2d2 Termination Time: 41 Application Path: C:\Windows\explorer.exe Report Id: 112b35d0-f28f-11e4-b138-002421e6a1ab Faulting package full name: Faulting package-relative application ID: Error: (05/02/2015 09:28:47 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: The Desktop Window Manager has encountered a fatal error (0x8898008d) Error: (05/01/2015 05:47:49 PM) (Source: Winlogon) (EventID: 4005) (User: ) Description: The Windows logon process has unexpectedly terminated. System errors: ============= Error: (05/10/2015 00:37:20 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (05/10/2015 00:26:43 PM) (Source: DCOM) (EventID: 10010) (User: Linux) Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Error: (05/10/2015 00:24:31 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:41:53 AM on 5/10/2015 was unexpected. Error: (05/10/2015 11:17:57 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (05/09/2015 10:23:50 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (05/09/2015 09:40:39 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (05/09/2015 08:35:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (05/09/2015 02:28:21 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (05/09/2015 01:19:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s). Error: (05/09/2015 01:19:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (05/10/2015 11:18:13 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: 0x8898008d Error: (05/09/2015 09:41:34 PM) (Source: ESENT) (EventID: 489) (User: ) Description: taskhostex2388C:\Users\Shade\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process. Error: (05/09/2015 09:41:00 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: 0x8898008d Error: (05/09/2015 08:35:21 PM) (Source: ESENT) (EventID: 489) (User: ) Description: taskhostex5048C:\Users\Shade\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process. Error: (05/09/2015 08:34:56 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: 0x8898008d Error: (05/09/2015 00:49:09 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: 0x8898008d Error: (05/07/2015 00:57:29 PM) (Source: Winlogon) (EventID: 4005) (User: ) Description: Error: (05/05/2015 00:26:33 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.2.9200.1662839001d0869bbcd5c2d241C:\Windows\explorer.exe112b35d0-f28f-11e4-b138-002421e6a1ab Error: (05/02/2015 09:28:47 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: 0x8898008d Error: (05/01/2015 05:47:49 PM) (Source: Winlogon) (EventID: 4005) (User: ) Description: CodeIntegrity Errors: =================================== Date: 2014-12-01 11:31:39.792 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load. Date: 2014-12-01 11:31:39.605 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load. Date: 2014-12-01 11:31:39.277 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load. Date: 2014-12-01 11:31:35.112 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load. Date: 2014-12-01 11:31:34.441 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load. Date: 2014-12-01 11:31:30.339 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load. Date: 2014-12-01 11:31:28.685 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load. Date: 2014-11-29 12:01:14.600 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load. Date: 2014-11-29 12:01:13.693 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load. Date: 2014-11-29 12:01:08.439 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load. ==================== Memory info =========================== // Not really relevant so removed. ==================== Drives ================================ Drive c: () (Fixed) (Total:97.66 GB) (Free:15.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== [/SPOILER] [SPOILER="FRST"] Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015 Ran by Shade (administrator) on LINUX on 10-05-2015 16:54:37 Running from C:\Users\Shade\Downloads Loaded Profiles: Shade (Available profiles: UpdatusUser & 102 & Shade & newadmin & Guest) Platform: Microsoft Windows 8 Pro (X86) OS Language: English (United States) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe (Foxit Corporation) D:\Almost ALl Softwares\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Valve Corporation) D:\Steam\Steam.exe (Valve Corporation) D:\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) D:\Steam\bin\steamwebhelper.exe (Krzysztof Kowalczyk) C:\Program Files\SumatraPDF\SumatraPDF.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2014-10-01] (ESET) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation) HKLM\...\Winlogon: [Shell] C:\Windows\explorer.exe, c:\windows\system32\explorer.exe [x ] () HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2124360 2014-01-14] (PeerBlock, LLC) HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\Run: [Steam] => D:\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-02-22] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-02-22] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass) Startup: C:\Users\Shade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2014-06-20] ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3171145056-229118582-1774830325-1010\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://jbh/[/URL] BHO: GetGo URLCatch -> {0315AA2C-10C7-4504-A1C4-F552ABA8A095} -> C:\Program Files\GetGo Software\GetGo Download Manager\URLCatch.dll [2014-09-22] (GetGo Software) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-07-19] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2014-02-22] (LastPass) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-07-19] (Oracle Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2014-02-22] (LastPass) Toolbar: HKLM - GetGo Toolbar - {075BBE29-FEC0-404a-A459-FF58713616FA} - C:\Program Files\GetGo Software\GetGo Download Manager\GGToolBand.dll [2014-09-22] (GetGo Software) Toolbar: HKU\S-1-5-21-3171145056-229118582-1774830325-1010 -> GetGo Toolbar - {075BBE29-FEC0-404A-A459-FF58713616FA} - C:\Program Files\GetGo Software\GetGo Download Manager\GGToolBand.dll [2014-09-22] (GetGo Software) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{84F4B37D-668D-4506-ABB1-70FA9D5696E0}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default FF Homepage: [URL]https://duckduckgo.com/[/URL] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll [2014-06-18] () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Almost ALl Softwares\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Almost ALl Softwares\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-07-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-07-19] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2014-02-22] (LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF SearchPlugin: C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\searchplugins\duckduckgo.xml [2014-01-15] FF Extension: Xmarks - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\[email]foxmarks@kei.com[/email] [2014-04-06] FF Extension: LastPass - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\[email]support@lastpass.com[/email] [2014-04-06] FF Extension: WOT - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-06] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\[email]adblockpopups@jessehakanen.net.xpi[/email] [2014-04-06] FF Extension: ImageBlock - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\[email]imageblock@hemantvats.com.xpi[/email] [2014-04-06] FF Extension: DuckDuckGo Plus - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\[email]jid1-ZAdIEUB7XOzOJw@jetpack.xpi[/email] [2014-04-06] FF Extension: NoScript - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-06] FF Extension: SEO Global For Google Search™ - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}.xpi [2014-04-06] FF Extension: Adblock Plus - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-06] FF HKLM\...\Firefox\Extensions: [[email]fiddlerhook@fiddler2.com[/email]] - C:\Program Files\Fiddler2\FiddlerHook FF Extension: FiddlerHook - C:\Program Files\Fiddler2\FiddlerHook [2014-05-28] FF HKLM\...\Firefox\Extensions: [{0DB87752-EDD2-4ddf-8AE4-A020088EF267}] - C:\Program Files\GetGo Software\GetGo Download Manager\GGMoz FF Extension: GetGo Firefox Addon - C:\Program Files\GetGo Software\GetGo Download Manager\GGMoz [2014-10-22] FF HKLM\...\Thunderbird\Extensions: [[email]eplgTb@eset.com[/email]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR Profile: C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (uBlock Origin) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-05-09] CHR Extension: (Bookmark Manager) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-09] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-09] CHR Extension: (Google Dictionary (by Google)) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-05-09] CHR Extension: (Google Wallet) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-09] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2014-10-01] (ESET) R2 FoxitCloudUpdateService; D:\Almost ALl Softwares\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [971968 2015-02-03] (@ByELDI) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2015-01-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [191928 2014-08-18] (ESET) R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [190368 2014-08-18] (ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [135296 2014-08-18] (ESET) R2 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [176448 2014-08-18] (ESET) R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [37928 2014-08-18] (ESET) R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [51288 2014-09-18] (ESET) R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-04-08] () R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [92888 2015-04-14] (Malwarebytes Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R3 mcdbus; C:\WINDOWS\System32\drivers\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed] S3 MWAC; \??\C:\WINDOWS\system32\drivers\ [0 ] () <==== ATTENTION (zero size file/folder) S3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [26208 2013-12-29] (SoftEther Project at University of Tsukuba, Japan.) S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [20040 2014-01-14] () R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2014-06-20] (Duplex Secure Ltd.) R3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) S3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X] S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X] S3 etvspanx; No ImagePath S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [52224 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-10 16:54 - 2015-05-10 16:54 - 00014926 _____ () C:\Users\Shade\Downloads\FRST.txt 2015-05-10 16:47 - 2015-05-10 16:48 - 00028885 _____ () C:\Users\Shade\Downloads\Addition.txt 2015-05-10 16:45 - 2015-05-10 16:45 - 01141248 _____ (Farbar) C:\Users\Shade\Downloads\FRST.exe 2015-05-09 12:48 - 2015-05-09 12:48 - 00245248 _____ ([Fix-KB]) C:\Users\Shade\Downloads\DriveTidy.exe 2015-05-09 12:46 - 2015-05-09 12:58 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-05-09 12:46 - 2015-05-09 12:46 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2015-05-09 12:39 - 2015-05-09 12:44 - 16937048 _____ () C:\Users\Shade\Downloads\RogueKiller.exe 2015-05-09 12:39 - 2015-05-09 12:39 - 00243304 _____ () C:\Users\Shade\Downloads\Firefox Setup Stub 37.0.2.exe 2015-05-07 23:30 - 2015-05-07 23:30 - 00880272 _____ () C:\Users\Shade\Downloads\5183832.zip 2015-05-07 23:26 - 2015-05-07 23:28 - 08506106 _____ () C:\Users\Shade\Downloads\7467829 (1).zip 2015-05-07 23:22 - 2015-05-07 23:24 - 08506106 _____ () C:\Users\Shade\Downloads\7467829.zip 2015-05-07 23:13 - 2015-05-07 23:19 - 21204171 _____ () C:\Users\Shade\Downloads\9347966.zip 2015-05-07 22:49 - 2015-05-07 22:50 - 02998091 _____ () C:\Users\Shade\Downloads\8009311.zip 2015-05-05 00:49 - 2015-05-05 00:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-05-05 00:39 - 2015-05-05 00:41 - 03020968 _____ (Malwarebytes ) C:\Users\Shade\Downloads\mbae-setup-1.06.1.1019.exe 2015-05-04 20:21 - 2015-05-04 20:27 - 12618962 _____ () C:\Users\Shade\Downloads\6776237.rar 2015-05-04 20:21 - 2015-05-04 20:22 - 01464992 _____ () C:\Users\Shade\Downloads\4582693.zip 2015-05-04 20:18 - 2015-05-04 20:20 - 04992936 _____ () C:\Users\Shade\Downloads\3213950.zip 2015-05-04 20:15 - 2015-05-04 20:16 - 03360391 _____ () C:\Users\Shade\Downloads\7736572.zip 2015-05-04 20:15 - 2015-05-04 20:16 - 01505316 _____ () C:\Users\Shade\Downloads\9749772.rar 2015-05-04 20:15 - 2015-05-04 20:16 - 01243120 _____ () C:\Users\Shade\Downloads\8107830.rar 2015-05-04 20:13 - 2015-05-04 20:14 - 01901219 _____ () C:\Users\Shade\Downloads\6423029.rar 2015-05-04 20:10 - 2015-05-04 20:13 - 07542958 _____ () C:\Users\Shade\Downloads\997702.rar 2015-05-04 20:04 - 2015-05-04 20:09 - 10788824 _____ () C:\Users\Shade\Downloads\585658.zip 2015-05-04 19:54 - 2015-05-04 19:54 - 01118286 _____ () C:\Users\Shade\Downloads\8372739.rar 2015-05-04 19:46 - 2015-05-04 19:55 - 19729113 _____ () C:\Users\Shade\Downloads\4373875.zip 2015-05-04 19:23 - 2015-05-04 19:23 - 01026210 _____ () C:\Users\Shade\Downloads\1525597.zip 2015-05-04 19:15 - 2015-05-04 19:21 - 12943932 _____ () C:\Users\Shade\Downloads\8211324.zip 2015-05-04 18:33 - 2015-05-04 18:43 - 18376482 _____ () C:\Users\Shade\Downloads\4543353.zip 2015-05-04 01:52 - 2015-05-04 01:52 - 00000000 ____D () C:\Users\102\AppData\Local\CyberGhost 2015-05-03 23:16 - 2015-05-03 23:17 - 02090410 _____ () C:\Users\Shade\Downloads\5853680.zip 2015-05-02 14:02 - 2015-05-10 16:54 - 00000000 ____D () C:\FRST 2015-05-01 18:15 - 2015-05-01 18:24 - 10568854 _____ () C:\Users\Shade\Downloads\2523063.zip 2015-05-01 18:14 - 2015-05-01 18:14 - 00496811 _____ () C:\Users\Shade\Downloads\7681690.zip 2015-04-30 11:59 - 2015-04-30 11:59 - 00000199 _____ () C:\Users\Shade\Desktop\Dota 2.url 2015-04-29 23:06 - 2015-04-29 23:44 - 75108964 _____ () C:\Users\Shade\Downloads\TCP-IP 1-3.rar 2015-04-29 22:59 - 2015-04-29 23:05 - 10528829 _____ () C:\Users\Shade\Downloads\8545190 (1).rar 2015-04-29 22:50 - 2015-04-29 22:52 - 02461595 _____ () C:\Users\Shade\Downloads\9475366.rar 2015-04-29 22:40 - 2015-04-29 22:42 - 02611205 _____ () C:\Users\Shade\Downloads\4955320.rar 2015-04-29 22:30 - 2015-04-29 22:31 - 01585959 _____ () C:\Users\Shade\Downloads\1168073.zip 2015-04-29 22:26 - 2015-04-29 22:27 - 02680872 _____ () C:\Users\Shade\Downloads\8975653.rar 2015-04-29 22:25 - 2015-04-29 22:29 - 06363607 _____ () C:\Users\Shade\Downloads\2216738.rar 2015-04-28 01:10 - 2015-04-28 01:10 - 10266810 _____ () C:\Users\102\Downloads\bloomberg.xap 2015-04-28 00:03 - 2015-04-28 00:08 - 11653280 _____ () C:\Users\Shade\Downloads\Game_Engine_Architecture.pdf.crdownload 2015-04-27 20:47 - 2015-04-27 20:49 - 02907680 _____ () C:\Users\Shade\Downloads\9851083.rar 2015-04-27 20:24 - 2015-04-27 20:26 - 02937097 _____ () C:\Users\Shade\Downloads\3641627.zip 2015-04-27 20:22 - 2015-04-27 20:23 - 01463325 _____ () C:\Users\Shade\Downloads\3791426 (1).rar 2015-04-27 19:43 - 2015-04-27 20:07 - 26639952 _____ () C:\Users\Shade\Downloads\2289477.zip 2015-04-27 19:16 - 2015-04-27 19:29 - 05531120 _____ () C:\Users\Shade\Downloads\5709734.zip 2015-04-27 18:46 - 2015-05-06 11:05 - 00000017 _____ () C:\Users\102\Desktop\download.htm 2015-04-27 16:27 - 2015-04-27 16:30 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (7).exe 2015-04-27 16:26 - 2015-04-27 16:29 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (6).exe 2015-04-27 16:12 - 2015-04-27 16:12 - 00243304 _____ () C:\Users\102\Downloads\Firefox Setup Stub 37.0.2.exe 2015-04-27 15:55 - 2015-04-27 15:55 - 00880208 _____ (Google Inc.) C:\Users\102\Downloads\ChromeSetup (2).exe 2015-04-27 15:54 - 2015-04-27 15:54 - 00880208 _____ (Google Inc.) C:\Users\102\Downloads\ChromeSetup (1).exe 2015-04-27 13:39 - 2015-04-27 13:40 - 00880208 _____ (Google Inc.) C:\Users\102\Downloads\ChromeSetup.exe 2015-04-26 23:36 - 2015-04-26 23:46 - 17442080 _____ () C:\Users\Shade\Downloads\6824531.zip 2015-04-26 23:33 - 2015-04-26 23:33 - 01463325 _____ () C:\Users\Shade\Downloads\3791426.rar 2015-04-26 23:05 - 2015-04-26 23:32 - 50916235 _____ () C:\Users\Shade\Downloads\Rootkit_Arsenal Complete.zip 2015-04-26 22:12 - 2015-04-26 22:13 - 03666369 _____ () C:\Users\Shade\Downloads\3665826.rar 2015-04-26 21:56 - 2015-04-26 22:09 - 24028100 _____ () C:\Users\Shade\Downloads\9172544.rar 2015-04-26 21:55 - 2015-04-26 21:56 - 01661927 _____ () C:\Users\Shade\Downloads\1164480.zip 2015-04-26 14:42 - 2015-04-26 14:45 - 02184160 _____ () C:\Users\Shade\Downloads\Unconfirmed 610891.crdownload 2015-04-26 14:42 - 2015-04-26 14:43 - 01168193 _____ () C:\Users\Shade\Downloads\6941919.zip 2015-04-26 14:35 - 2015-04-26 14:41 - 06621030 _____ () C:\Users\Shade\Downloads\4356861.rar 2015-04-26 12:40 - 2015-04-26 12:41 - 00508640 _____ () C:\Users\Shade\Downloads\Unconfirmed 256089.crdownload 2015-04-26 12:38 - 2015-04-26 12:41 - 08708997 _____ () C:\Users\Shade\Downloads\Unconfirmed 512035.crdownload 2015-04-26 12:32 - 2015-04-26 12:33 - 03250022 _____ () C:\Users\Shade\Downloads\6546265.zip 2015-04-26 12:26 - 2015-04-26 12:30 - 07263070 _____ () C:\Users\Shade\Downloads\8859378.zip 2015-04-26 12:26 - 2015-04-26 12:29 - 05405401 _____ () C:\Users\Shade\Downloads\3114960.rar 2015-04-26 12:11 - 2015-04-26 12:16 - 10170290 _____ () C:\Users\Shade\Downloads\2270940.rar 2015-04-26 12:11 - 2015-04-26 12:16 - 10103303 _____ () C:\Users\Shade\Downloads\4431890.zip 2015-04-26 12:08 - 2015-04-26 12:10 - 06643947 _____ () C:\Users\Shade\Downloads\2398862.zip 2015-04-26 12:06 - 2015-04-26 12:08 - 03478881 _____ () C:\Users\Shade\Downloads\6756800.zip 2015-04-26 12:05 - 2015-04-26 12:07 - 04545672 _____ () C:\Users\Shade\Downloads\7247648.zip 2015-04-26 00:47 - 2015-04-26 00:49 - 10109071 _____ () C:\Users\Shade\Downloads\2220215.zip 2015-04-26 00:42 - 2015-04-26 00:45 - 10528829 _____ () C:\Users\Shade\Downloads\8545190.rar 2015-04-26 00:17 - 2015-04-26 00:23 - 19498908 _____ () C:\Users\Shade\Downloads\3835377.rar 2015-04-26 00:04 - 2015-04-26 00:04 - 00287646 _____ () C:\Users\Shade\Downloads\5411382.rar 2015-04-25 23:16 - 2015-04-25 23:18 - 02218755 _____ () C:\Users\Shade\Downloads\1860766.rar 2015-04-25 01:05 - 2015-04-25 01:05 - 00000199 _____ () C:\Users\Shade\Desktop\Team Fortress 2.url 2015-04-25 00:12 - 2015-04-25 00:12 - 00001076 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-25 00:12 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-04-25 00:12 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-04-25 00:12 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-04-24 14:48 - 2015-04-24 14:51 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (5).exe 2015-04-23 14:02 - 2015-04-23 14:04 - 00000277 _____ () C:\Users\newadmin\Desktop\notifications.txt 2015-04-23 13:58 - 2015-04-23 13:58 - 00000000 ____H () C:\Users\newadmin\Documents\Default.rdp 2015-04-23 13:57 - 2015-04-23 13:57 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\ESET 2015-04-23 13:57 - 2015-04-23 13:57 - 00000000 ____D () C:\Users\newadmin\AppData\Local\ESET 2015-04-23 13:53 - 2015-04-23 13:53 - 00000000 ____D () C:\Users\newadmin\AppData\Local\Google 2015-04-23 13:52 - 2015-04-23 13:52 - 00001430 _____ () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-23 13:52 - 2015-04-23 13:52 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\Adobe 2015-04-23 13:52 - 2015-04-23 13:52 - 00000000 ____D () C:\Users\newadmin\AppData\Local\VirtualStore 2015-04-23 13:51 - 2015-04-23 13:53 - 00000000 ____D () C:\Users\newadmin 2015-04-23 13:51 - 2015-04-23 13:51 - 00000020 ___SH () C:\Users\newadmin\ntuser.ini 2015-04-23 13:51 - 2015-04-20 22:27 - 00000000 ___RD () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-04-23 13:51 - 2014-07-14 23:49 - 00000000 ___RD () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-04-23 13:51 - 2014-04-09 12:49 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\Macromedia 2015-04-23 13:51 - 2014-03-30 00:13 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\IObit 2015-04-23 13:51 - 2012-07-26 12:23 - 00000000 ___RD () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-23 13:51 - 2012-07-26 12:23 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-04-22 18:40 - 2015-04-28 01:11 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (4).exe 2015-04-22 18:22 - 2015-04-22 18:22 - 00000623 _____ () C:\Users\102\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fallou 3 New Vegas.lnk 2015-04-22 14:56 - 2015-04-22 14:56 - 00281584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-04-21 23:34 - 2015-04-21 23:34 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (3).exe 2015-04-21 14:17 - 2015-04-21 14:17 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (2).exe 2015-04-21 14:17 - 2015-04-21 14:17 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (1).exe 2015-04-21 14:14 - 2015-04-21 14:15 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight.exe 2015-04-20 22:32 - 2015-04-14 03:37 - 00791520 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-04-20 22:32 - 2015-04-14 03:37 - 00177632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-04-20 22:27 - 2015-04-20 22:27 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-04-16 10:15 - 2015-04-16 10:15 - 00000000 ____D () C:\Users\102\AppData\Local\Steam 2015-04-16 01:48 - 2015-01-09 10:33 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-04-16 01:48 - 2015-01-09 05:22 - 00478296 _____ () C:\WINDOWS\system32\locale.nls 2015-04-16 01:23 - 2015-03-10 09:19 - 14373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-04-16 01:23 - 2015-03-10 09:19 - 02864640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-04-16 01:23 - 2015-03-10 09:19 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-04-16 01:23 - 2015-03-10 09:19 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-04-16 01:23 - 2015-03-10 09:19 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-04-16 01:23 - 2015-03-10 09:19 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-04-16 01:23 - 2015-03-10 09:19 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-04-16 01:23 - 2015-03-10 09:19 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-04-16 01:23 - 2015-03-10 09:18 - 13767680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-04-16 01:23 - 2015-02-21 11:01 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2015-04-16 01:23 - 2015-02-21 11:01 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2015-04-16 01:23 - 2015-02-21 11:01 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-04-16 01:23 - 2015-02-21 11:00 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-04-16 01:23 - 2015-02-21 11:00 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-04-16 01:23 - 2015-02-21 11:00 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2015-04-16 01:23 - 2015-02-21 11:00 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2015-04-16 01:23 - 2015-02-21 11:00 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-04-16 01:23 - 2015-02-21 11:00 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2015-04-16 01:23 - 2015-02-21 11:00 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2015-04-16 01:23 - 2015-02-21 11:00 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2015-04-16 01:23 - 2015-02-21 10:59 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-04-16 01:23 - 2015-02-21 10:59 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-04-16 01:23 - 2015-02-21 10:59 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-04-16 01:23 - 2015-02-21 10:39 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2015-04-16 01:23 - 2015-02-21 10:37 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll 2015-04-16 01:23 - 2015-02-21 10:12 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-04-16 01:15 - 2015-03-17 10:19 - 05570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-04-16 01:15 - 2015-03-06 11:18 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2015-04-16 01:15 - 2015-02-03 04:48 - 00493256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-04-16 01:15 - 2015-01-15 15:30 - 01026560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-04-16 01:15 - 2015-01-15 15:30 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2015-04-16 01:14 - 2015-03-17 10:15 - 01474000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-04-16 01:14 - 2015-01-15 14:39 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-04-16 01:12 - 2015-03-23 09:14 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-04-16 01:12 - 2015-03-23 09:14 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-04-16 01:12 - 2015-03-23 09:14 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-04-16 01:12 - 2015-03-23 09:13 - 00859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-04-16 01:12 - 2015-03-23 09:13 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-04-16 01:12 - 2015-03-23 09:13 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-04-16 01:12 - 2015-03-23 03:33 - 00896000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-04-16 01:12 - 2014-12-08 10:34 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-04-16 01:12 - 2014-12-03 07:17 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2015-04-16 01:09 - 2015-03-06 11:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-04-16 01:07 - 2015-01-31 15:27 - 00038392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-04-16 01:07 - 2015-01-31 08:45 - 00238304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-04-16 01:06 - 2015-03-04 10:54 - 00011105 _____ () C:\WINDOWS\system32\AutoconfigV2.cab 2015-04-16 01:06 - 2015-03-04 10:53 - 00449848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe 2015-04-16 01:06 - 2015-03-04 10:53 - 00413208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe 2015-04-16 01:06 - 2015-03-04 10:23 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2015-04-16 01:06 - 2015-03-04 10:23 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-04-16 01:05 - 2014-09-18 04:54 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2015-04-16 01:04 - 2015-01-29 11:49 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-04-16 01:03 - 2015-02-13 04:47 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-04-16 01:03 - 2015-01-24 10:30 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2015-04-16 01:02 - 2015-03-14 12:03 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-04-16 01:01 - 2015-02-20 13:40 - 00035328 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-04-16 01:01 - 2015-02-20 12:54 - 00304128 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-04-16 00:58 - 2015-02-24 12:41 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2015-04-16 00:58 - 2015-02-17 10:43 - 17561600 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-04-16 00:58 - 2015-01-24 10:30 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2015-04-16 00:58 - 2015-01-24 09:30 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2015-04-16 00:58 - 2014-12-18 12:32 - 00038720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2015-04-16 00:58 - 2014-12-18 11:50 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2015-04-16 00:58 - 2014-12-18 11:49 - 00683520 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2015-04-16 00:58 - 2014-12-18 11:49 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2015-04-16 00:58 - 2014-11-26 10:20 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-04-16 00:57 - 2015-02-26 09:27 - 03401728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-04-16 00:56 - 2015-03-04 10:52 - 00256832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2015-04-16 00:56 - 2015-03-04 10:22 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll 2015-04-16 00:56 - 2015-01-24 10:30 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2015-04-10 20:58 - 2015-04-10 20:58 - 00178923 _____ () C:\Users\Shade\Documents\231050 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-10 16:53 - 2014-06-18 21:41 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-05-10 16:48 - 2015-02-06 11:43 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-10 16:30 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-05-10 16:03 - 2014-08-30 16:03 - 01301673 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-10 16:03 - 2014-06-13 23:17 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2015-05-10 15:43 - 2015-02-06 11:43 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-10 15:43 - 2014-06-01 08:52 - 00000508 _____ () C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job 2015-05-10 15:43 - 2014-03-29 23:10 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-05-10 12:24 - 2013-12-24 08:34 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-05-10 12:24 - 2012-07-26 11:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-09 21:41 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2015-05-09 13:15 - 2015-04-04 14:28 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-09 12:53 - 2015-04-04 14:07 - 00000000 ____D () C:\Users\Shade\AppData\Local\Deployment 2015-05-09 01:51 - 2012-07-26 12:13 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-05-09 01:50 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-05-08 23:52 - 2015-01-24 00:22 - 00000000 ____D () C:\Users\Shade\Desktop\Programming 2015-05-06 23:18 - 2015-03-27 00:52 - 00000000 ____D () C:\Program Files\HxD 2015-05-05 00:49 - 2014-01-05 22:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit 2015-05-02 14:02 - 2014-07-19 19:30 - 00000000 ____D () C:\Users\102\Documents\Fiddler2 2015-04-30 13:50 - 2014-06-27 09:33 - 00000000 ____D () C:\The Elder Scrolls III Morrowind GOTY 2015-04-30 11:59 - 2014-04-06 14:58 - 00000000 ____D () C:\Users\Shade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-04-28 09:02 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2015-04-28 01:09 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\AppCompat 2015-04-27 18:39 - 2014-07-31 17:20 - 00000000 ____D () C:\Oblivion Elder Scrolls 2015-04-27 18:39 - 2014-06-24 00:37 - 00000000 ____D () C:\Users\102\Documents\Nexus Mod Manager 2015-04-26 14:27 - 2013-12-24 00:46 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-26 14:25 - 2014-09-25 11:47 - 00009714 _____ () C:\WINDOWS\setupact.log 2015-04-25 14:53 - 2014-09-08 12:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-04-25 00:12 - 2014-09-08 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-25 00:04 - 2013-12-26 18:22 - 00000000 ____D () C:\Program Files\Steam 2015-04-22 16:45 - 2015-04-06 01:34 - 00001430 _____ () C:\Users\102\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-22 16:25 - 2015-04-04 14:02 - 00001430 _____ () C:\Users\Shade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-20 22:33 - 2014-04-06 14:40 - 00000000 ____D () C:\Users\Shade 2015-04-20 22:27 - 2014-07-14 23:49 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ___RD () C:\WINDOWS\ToastData 2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\WinStore 2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ____D () C:\Program Files\Windows Defender 2015-04-19 14:38 - 2014-12-27 14:44 - 00000000 ____D () C:\Users\Shade\Desktop\Shubham 2015-04-16 01:42 - 2014-07-19 19:26 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-04-14 17:46 - 2013-12-26 18:22 - 00000000 ____D () C:\Program Files\Common Files\Steam ==================== Files in the root of some directories ======= 2014-01-27 14:04 - 2014-01-27 14:23 - 50053120 _____ () C:\Program Files\GUT73BA.tmp 2014-02-22 14:58 - 2014-02-22 14:58 - 11149312 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe 2015-03-23 18:14 - 2015-03-23 18:14 - 0003317 _____ () C:\Users\Shade\AppData\Local\recently-used.xbel 2014-04-23 17:54 - 2014-04-23 17:54 - 0007605 _____ () C:\Users\Shade\AppData\Local\Resmon.ResmonCfg 2014-04-11 15:05 - 2014-04-11 15:05 - 0000003 _____ () C:\Users\Shade\AppData\Local\updater.log 2014-04-11 15:05 - 2014-09-28 17:00 - 0000059 _____ () C:\Users\Shade\AppData\Local\UserProducts.xml Some content of TEMP: ==================== C:\Users\Shade\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-09 21:43 ==================== End Of Log ============================ [/SPOILER] [/QUOTE]
Insert quotes…
Verification
Post reply
Top