Jump to content


Photo

safety checkup


  • This topic is locked This topic is locked
29 replies to this topic

#1 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 16 February 2014 - 03:49 AM

Hi guys, its me again. sorry for bugging you guys so much with my queries but you all hv been so helpful and this is like one of the best places to check. 

 

well i'd just like a checkup on my laptop as i'm gonna be going back to university in about a month or so and i'd like nicely clean system to go back with.

 

basically i'm running Windows 7 Home Premium x64 SP1 

 

nothing unusual so far, since my last infection i hv taken alot of advice in keeping my system clean. in fact my antivirus no longer screams every week or so about an infection, its been about a month that i hv no reported infections either by avira, during regular scans by mbam, superantispyware or even eset and hitman pro. i do run adwcleaner and JRT once in a while for maintenance purposes. normally what they remove seems to be preferences files from chrome or firefox. although there was once that adwcleaner says file found in firefox on the bitdefender trafficlight addon and removed it. no idea what was that about. but system hasn't been funny, although i did experience a slight panic moment when suddenly avira reports all services are off, but i could get it back up and and scans with mbam etc did not find anything, i suspect it was after an update after researching online with others who had the same experience (prob a one off bug) but it did not happen again in quite a few weeks now, and i really did not encounter anything strange, but i would appreciate a checkup just to make sure. thx

 

just that i ran Rk awhile ago and found this entry, kinda worried me abit:

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

but digging around the net seems to indicate a change in the desktop etc. i mean i did modify my desktop and logon screen and logon screen with the tuneup utilities. well. its like everyone wh runs RK will hv these entries and the disable are set to 0. if you guys don't mind checking my system for me, tho i do hv reason to believe that my system is most likely clean, i'd be grateful. thx also i'd like someone to explain the RK logs to me and what it means.

 

*edit
i did run delete on those entries and the latest RK log looks like this. note that i did edit the logon screen again as deleting those entries made my custom logon screen turn back into the normal win7 logon screen. i think those registry are the results of my changes. can someone confirm? thanks
 

RogueKiller V8.8.7 _x64_ [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : art248 [Admin rights]
Mode : Scan -- Date : 02/16/2014 21:10:47
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 localhost
0.0.0.0 lbmuvpwgcmquc.org
0.0.0.0 jknuotworuebip.org
0.0.0.0 syusdoctfpnee.org
0.0.0.0 msncwipuqpxxoqa.org
0.0.0.0 yebdbfsomgdbqu.biz
0.0.0.0 pkakvsexbmxpwxw.org
0.0.0.0 dhjicdgfykqoq.org
0.0.0.0 wjbodchhlgidofm.org
0.0.0.0 ghvoersorwsrgef.org
0.0.0.0 rttvxygkmwlqmq.net
0.0.0.0 wwfcogdgntlxw.biz
0.0.0.0 bsngfunwcpkjt.org
0.0.0.0 tmphandchtcnffy.org
0.0.0.0 qnsoiclrikwj.org
0.0.0.0 nfnfskbniyajd.org
0.0.0.0 swmbolrxyflhwm.biz
0.0.0.0 agwwcjhinwyl.org
0.0.0.0 osmhvqijsiedt.org
0.0.0.0 cmidahhutlcx.org
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD32 00BEVT-80A0RT0 SATA Disk Device +++++
--- User ---
[MBR] 6623b4aeedbf94b2ed0c4e74dc70fa2a
[BSP] e17c0e8fcc6d3e4af5e3880d500e0a90 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 164620 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 337348608 | Size: 140522 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_02162014_211047.txt >>

Edited by art248, 17 February 2014 - 05:16 AM.


#2 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 16 February 2014 - 03:50 AM

here are the required logs

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.16.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
art248 :: ART248-MPC [administrator]
 
16/2/2014 4:17:45 PM
mbam-log-2014-02-16 (16-17-45).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248759
Time elapsed: 7 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 


#3 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 16 February 2014 - 03:50 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518
Run by art248 at 16:54:51 on 2014-02-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.60.1033.18.12286.10134 [GMT 8:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AE89B32A-E89A-479B-BBBB-EAA87BE0868C} : NameServer = 208.67.222.222,208.67.222.220
TCP: Interfaces\{AE89B32A-E89A-479B-BBBB-EAA87BE0868C} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.0 lbmuvpwgcmquc.org
Hosts: 0.0.0.0 jknuotworuebip.org
Hosts: 0.0.0.0 syusdoctfpnee.org
Hosts: 0.0.0.0 msncwipuqpxxoqa.org
Hosts: 0.0.0.0 yebdbfsomgdbqu.biz
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\art248\AppData\Roaming\Mozilla\Firefox\Profiles\bretubre.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2014-1-18 141376]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-1-18 28600]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [2014-2-16 62168]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2014-1-18 379520]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-7 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2014-1-18 1012280]
R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2014-1-18 908856]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-1-18 440376]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-1-18 440376]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-1-18 1011768]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-1-18 108440]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2014-1-18 84720]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-7-26 230416]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-6-1 1403200]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2014-1-18 114608]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2014-1-18 135560]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2014-1-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2014-1-18 115312]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-1-18 202600]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-1-18 38456]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2014-1-18 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2014-1-18 35104]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-12 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-18 1255736]
.
=============== Created Last 30 ================
.
2014-02-15 16:01:25 -------- d-----w- C:\Program Files\Malwarebytes Anti-Exploit
2014-02-15 15:55:02 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-02-15 15:55:02 22776944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2014-02-15 15:55:01 276592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2014-02-15 15:55:01 170960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2014-02-12 08:42:03 -------- d-----w- C:\Users\art248\AppData\Local\ElevatedDiagnostics
2014-02-12 08:28:03 6573056 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-12 08:28:03 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-12 08:04:48 353280 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-02-12 07:54:14 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-02-12 07:53:34 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-12 07:53:34 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-12 07:53:34 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-12 07:53:34 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-12 07:53:28 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-02-12 07:53:28 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-02-11 20:04:41 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-11 20:04:40 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-11 20:02:36 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-11 20:02:36 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-11 20:02:36 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-11 20:02:36 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-08 19:14:09 -------- d-----w- C:\ProgramData\Reflexive
2014-02-06 18:07:20 -------- d-----w- C:\Program Files\Adblock Plus for IE
2014-02-06 11:09:22 1498960 ----a-w- C:\Windows\SysWow64\msvcr100d.dll
2014-02-06 11:09:21 743248 ----a-w- C:\Windows\SysWow64\msvcp100d.dll
2014-02-06 11:09:21 1858896 ----a-w- C:\Windows\System32\msvcr100d.dll
2014-02-06 11:09:21 1014096 ----a-w- C:\Windows\System32\msvcp100d.dll
2014-02-04 19:51:21 107008 ----a-w- C:\Program Files (x86)\Windows Media Player\wmp.dll
2014-02-04 19:51:21 -------- d-----w- C:\Program Files (x86)\WMP Tag Plus
2014-02-04 19:50:46 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2014-02-04 16:35:52 -------- d-----w- C:\Users\art248\AppData\Roaming\MPC-HC
2014-02-04 15:54:18 -------- d-----w- C:\Windows\ERUNT
2014-02-04 15:03:22 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-04 15:01:56 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-04 06:05:26 -------- d-----w- C:\Microsoft
2014-01-31 08:53:14 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-30 17:56:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-30 17:56:33 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-30 17:52:38 -------- d-----w- C:\Users\art248\AppData\Local\Adobe
2014-01-30 09:40:36 -------- d-----w- C:\Users\art248\AppData\Local\AMD
2014-01-30 09:38:47 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-01-30 09:38:43 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-01-30 09:37:37 -------- d-----w- C:\ProgramData\AMD
2014-01-30 09:37:33 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2014-01-30 09:35:42 -------- d-----w- C:\Program Files\AMD
2014-01-30 09:34:55 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2014-01-30 09:32:23 -------- d-----w- C:\Program Files\ATI Technologies
2014-01-30 08:57:47 -------- d-----w- C:\AMD
2014-01-28 17:13:59 5554512 ----a-w- C:\Windows\System32\d3dcsx_42.dll
2014-01-28 17:12:59 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2014-01-28 16:58:36 -------- d--h--w- C:\Windows\msdownld.tmp
2014-01-28 16:58:35 -------- d-----w- C:\Windows\SysWow64\directx
2014-01-26 17:17:24 -------- d-----w- C:\Program Files (x86)\ReClock
2014-01-26 16:46:03 -------- d-----w- C:\Program Files (x86)\KCP
2014-01-26 16:37:29 -------- d-----w- C:\ProgramData\Package Cache
2014-01-25 19:09:28 -------- d-----w- C:\Users\art248\AppData\Local\Origin
2014-01-25 18:59:32 -------- d-----w- C:\ProgramData\Electronic Arts
2014-01-25 18:59:30 -------- d-----w- C:\Program Files (x86)\Origin
2014-01-25 17:26:43 -------- d-----w- C:\Users\art248\AppData\Roaming\Origin
2014-01-25 17:16:36 -------- d-----w- C:\ProgramData\Origin
2014-01-25 17:06:47 -------- d-----w- C:\Users\art248\AppData\Local\Skyrim
2014-01-25 14:47:56 -------- d-----r- C:\Program Files (x86)\Skype
2014-01-24 09:47:53 -------- d-----w- C:\Program Files\HitmanPro
2014-01-24 09:47:25 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-23 20:14:50 -------- d-----r- C:\Sandbox
2014-01-21 16:07:45 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-20 16:43:11 -------- d-----w- C:\Program Files (x86)\Tag Support Plugin for Media Player
2014-01-20 16:29:25 -------- d-----w- C:\Program Files\CCleaner
2014-01-20 15:52:10 -------- d-----w- C:\Users\art248\AppData\Roaming\SUPERAntiSpyware.com
2014-01-20 15:51:21 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-01-20 15:51:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-01-18 20:13:36 -------- d-----w- C:\Program Files (x86)\LibreOffice 4
2014-01-18 18:44:44 -------- d-----w- C:\Program Files (x86)\CDisplay
2014-01-18 18:33:47 -------- d-----w- C:\ProgramData\FileOpen
2014-01-18 18:33:18 29712 ----a-w- C:\Windows\System32\nitrolocalmon2.dll
2014-01-18 18:33:18 17936 ----a-w- C:\Windows\System32\nitrolocalui2.dll
2014-01-18 18:33:07 -------- d-----w- C:\Program Files\Common Files\Nitro
2014-01-18 18:33:06 -------- d-----w- C:\ProgramData\Nitro
2014-01-18 18:33:06 -------- d-----w- C:\Program Files (x86)\Nitro
2014-01-18 18:33:06 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro
2014-01-18 18:20:57 -------- d-----w- C:\Users\art248\AppData\Local\ECRSC
2014-01-18 18:20:55 -------- d-----w- C:\Users\art248\AppData\Roaming\ESTsoft
2014-01-18 18:20:55 -------- d-----w- C:\ProgramData\ESTsoft
2014-01-18 18:20:55 -------- d-----w- C:\Program Files (x86)\ESTsoft
2014-01-18 18:16:48 -------- d-----w- C:\Users\art248\AppData\Roaming\IrfanView
2014-01-18 17:20:16 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-01-18 17:20:15 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-01-18 17:20:01 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-01-18 17:20:01 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-01-18 17:08:47 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2014-01-18 17:08:44 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
2014-01-18 17:08:44 30016 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2014-01-18 17:08:44 25920 ----a-w- C:\Windows\System32\authuitu.dll
2014-01-18 17:08:44 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2014-01-18 17:08:31 -------- d-----w- C:\Users\art248\AppData\Roaming\TuneUp Software
2014-01-18 17:06:25 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2010
2014-01-18 17:04:07 -------- d-----w- C:\ProgramData\TuneUp Software
2014-01-18 17:02:50 -------- d-----w- C:\Users\art248\AppData\Roaming\qualys
2014-01-18 16:51:26 -------- d-----w- C:\Users\art248\AppData\Local\ASUS
2014-01-18 15:58:47 -------- d-----w- C:\Program Files (x86)\Common Files\ControlDeck
2014-01-18 14:49:48 -------- d-----w- C:\Program Files (x86)\FileHippo.com
2014-01-18 10:21:14 -------- d-----w- C:\Program Files\Sandboxie
2014-01-18 09:55:08 -------- d-----w- C:\Users\art248\AppData\Local\Mozilla
2014-01-18 09:46:44 -------- d-----w- C:\Program Files (x86)\Foolish IT
2014-01-18 09:44:50 -------- d-----w- C:\ProgramData\Licenses
2014-01-18 09:44:47 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-01-18 09:44:47 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-01-18 09:44:46 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2014-01-18 09:27:05 -------- d-----w- C:\Users\art248\AppData\Local\Google
2014-01-18 09:15:07 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-01-18 09:15:07 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-01-18 09:09:08 -------- d-----w- C:\Users\art248\AppData\Roaming\Malwarebytes
2014-01-18 09:04:22 -------- d-----w- C:\Program Files (x86)\IrfanView
2014-01-18 09:01:56 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-18 09:01:55 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-18 09:01:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 09:01:08 -------- d-----w- C:\Users\art248\AppData\Local\Programs
2014-01-18 08:57:25 -------- d-----w- C:\Windows\Panther
2014-01-18 08:50:17 -------- d-----w- C:\Windows\pss
2014-01-18 05:04:52 -------- d-----w- C:\Users\art248\AppData\Local\Broadcom
2014-01-18 05:04:51 -------- d-----w- C:\Users\art248\AppData\Local\ATI
2014-01-18 05:00:11 0 ----a-w- C:\Windows\ativpsrm.bin
2014-01-18 04:57:24 -------- d-----w- C:\ProgramData\ASUS
2014-01-18 04:54:15 53248 ----a-w- C:\Windows\SysWow64\LogonStart.dll
2014-01-18 04:53:14 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-01-18 04:53:14 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-01-18 04:53:14 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-01-18 04:53:13 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-01-18 04:53:12 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2014-01-18 04:53:04 183296 ----a-w- C:\Windows\SysWow64\ACEngSvr.exe
2014-01-18 04:52:28 379520 ----a-w- C:\Windows\System32\FBAgent.exe
2014-01-18 04:52:28 -------- d-----w- C:\Program Files\ASUS
2014-01-18 04:51:51 -------- d-----w- C:\ProgramData\P4G
2014-01-18 04:51:51 -------- d-----w- C:\Program Files\P4G
2014-01-18 04:51:36 -------- d-----w- C:\Program Files (x86)\ASUS
2014-01-18 04:50:25 35104 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2014-01-18 04:50:24 21160 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2014-01-18 04:50:24 132648 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2014-01-18 04:50:23 98344 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2014-01-18 04:49:59 -------- d-----w- C:\Program Files\WIDCOMM
2014-01-18 04:47:10 -------- d-----w- C:\Program Files\Elantech
2014-01-18 04:46:46 -------- d-----w- C:\Users\art248\AppData\Local\SRS Labs
2014-01-18 04:46:38 -------- d-----w- C:\Program Files\SRS Labs
2014-01-18 04:46:16 -------- d-----w- C:\Windows\System32\SRSLabs
2014-01-18 04:46:14 -------- d-----w- C:\Windows\SysWow64\RTCOM
2014-01-18 04:46:14 -------- d-----w- C:\Program Files\Realtek
2014-01-18 04:42:40 -------- d-----w- C:\Program Files\ATI
2014-01-18 04:37:57 38456 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2014-01-18 04:37:57 -------- d-----w- C:\Program Files (x86)\AMD
2014-01-18 04:23:50 115312 ----a-w- C:\Windows\System32\drivers\JME.sys
2014-01-18 04:20:42 4677512 ----a-w- C:\Windows\System32\ETDUI.cpl
2014-01-18 04:20:40 135560 ----a-w- C:\Windows\System32\drivers\ETD.sys
2014-01-18 04:20:37 15416 ----a-w- C:\Windows\System32\drivers\kbfiltr.sys
2014-01-18 04:20:36 -------- d-----w- C:\eSupport
2014-01-18 00:01:35 -------- d-----w- C:\Windows\SysWow64\Wat
2014-01-18 00:01:34 -------- d-----w- C:\Windows\System32\Wat
2014-01-17 23:56:15 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-01-17 23:56:15 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-01-17 23:56:14 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-01-17 23:56:14 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-01-17 23:40:48 -------- d-----w- C:\Windows\Migration
2014-01-17 22:51:04 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-01-17 22:01:05 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-01-17 22:01:05 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-01-17 22:01:04 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-01-17 22:01:04 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-01-17 22:01:04 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-01-17 22:01:04 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-01-17 22:01:04 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-01-17 21:51:05 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-01-17 21:51:05 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-01-17 21:51:05 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-01-17 21:42:33 -------- d-----w- C:\Windows\System32\MRT
2014-01-17 20:11:37 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2014-01-17 20:10:44 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2014-01-17 20:09:28 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-01-17 20:09:27 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-01-17 20:09:17 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2014-01-17 20:09:17 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2014-01-17 20:09:17 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2014-01-17 20:07:54 70144 ----a-w- C:\Windows\System32\appinfo.dll
2014-01-17 20:07:54 111448 ----a-w- C:\Windows\System32\consent.exe
2014-01-17 20:07:45 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-01-17 20:07:31 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2014-01-17 20:07:31 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2014-01-17 20:07:31 1118720 ----a-w- C:\Windows\System32\sbe.dll
2014-01-17 20:07:30 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2014-01-17 20:07:30 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2014-01-17 20:07:30 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2014-01-17 20:05:40 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2014-01-17 20:04:37 224256 ----a-w- C:\Windows\System32\wintrust.dll
2014-01-17 20:03:57 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-01-17 20:03:57 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2014-01-17 20:03:57 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2014-01-17 20:03:57 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-01-17 20:03:57 102400 ----a-w- C:\Windows\System32\davclnt.dll
2014-01-17 20:03:49 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2014-01-17 20:03:49 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2014-01-17 20:03:45 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-17 20:03:45 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-17 20:03:45 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-17 20:03:45 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-17 20:03:44 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-17 20:03:44 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-17 20:01:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-01-17 20:00:59 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-01-17 19:51:10 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-01-17 19:51:09 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-01-17 19:51:09 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-01-17 19:51:09 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-01-17 19:51:09 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-01-17 19:49:48 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2014-01-17 19:40:45 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-01-17 19:35:07 -------- d-----w- C:\Users\art248\AppData\Local\Microsoft Games
2014-01-17 19:28:30 77312 ----a-w- C:\Windows\System32\packager.dll
2014-01-17 19:28:30 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-01-17 19:25:23 -------- d-----w- C:\Users\art248\AppData\Local\WindowsUpdate
2014-01-17 18:57:05 -------- d-----w- C:\Users\art248\AppData\Roaming\Avira
2014-01-17 18:56:07 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-01-17 18:56:07 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2014-01-17 18:56:07 141376 ----a-w- C:\Windows\System32\drivers\avfwot.sys
2014-01-17 18:56:07 114608 ----a-w- C:\Windows\System32\drivers\avfwim.sys
2014-01-17 18:56:07 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-01-17 18:55:59 -------- d-----w- C:\ProgramData\Avira
2014-01-17 18:55:59 -------- d-----w- C:\Program Files (x86)\Avira
2014-01-17 18:09:13 -------- d-sh--w- C:\Windows\Installer
2014-01-17 17:56:33 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-01-17 17:56:28 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42B62844-2782-4312-B7AE-C0C2BA2F489E}\mpengine.dll
2014-01-17 17:44:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-01-17 17:44:02 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-01-17 17:43:53 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-01-17 17:43:53 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M  ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-17 22:32:34 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll
2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll
2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll
2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe
2013-12-06 21:38:40 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-12-06 21:38:40 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-12-06 21:38:38 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-12-06 21:38:38 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-12-06 21:38:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll
2013-12-06 21:35:36 24860160 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-12-06 21:33:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-12-06 21:33:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-12-06 21:26:44 129536 ----a-w- C:\Windows\System32\coinst_13.251.dll
2013-12-06 21:16:40 26352128 ----a-w- C:\Windows\System32\atio6axx.dll
2013-12-06 21:13:02 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-12-06 21:12:52 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-12-06 21:12:50 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-12-06 21:12:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-12-06 21:12:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-12-06 21:12:26 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-12-06 21:09:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-12-06 20:58:50 22157824 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-12-06 20:53:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-12-06 20:53:10 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2013-12-06 20:53:04 588288 ----a-w- C:\Windows\System32\atieclxx.exe
2013-12-06 20:52:10 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-12-06 20:50:36 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-12-06 20:22:42 1144320 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-12-06 20:22:28 825344 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-12-06 20:22:12 74752 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-12-06 20:22:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-12-06 20:22:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-12-06 20:22:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-12-06 20:21:54 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-12-06 20:21:44 626176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-12-06 20:18:12 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-12-06 08:49:18 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-12-06 08:44:26 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 04:25:52 267936 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:55:32.01 ===============
 


#4 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 16 February 2014 - 03:51 AM

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 SpywareBlaster 5.0    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 TuneUp Utilities    
 TuneUp Utilities Language Pack (en-GB) 
 TuneUp Utilities    
 Mozilla Firefox (27.0.1) 
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Exploit mbae.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 6% 
````````````````````End of Log`````````````````````` 
 


#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,225 posts

Posted 17 February 2014 - 07:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your log. Run these additional tools and post the logs.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 17 February 2014 - 10:35 AM

hello nasdaq. thank you for responding :D
i will run those programs as requested and post those logs.

but in the meantime if you don't mind, can you explain what those registry entries in the Rogue Killer logs mean? i've searched around the net for some info but i can't find a conclusive answer. wonder if you could put my mind at ease regarding what they mean. thx



#7 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 17 February 2014 - 11:39 AM

adwcleaner log:

# AdwCleaner v3.019 - Report created 18/02/2014 at 00:42:37
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : art248 - ART248-MPC
# Running from : C:\Users\art248General\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\art248\AppData\Roaming\Mozilla\Firefox\Profiles\bretubre.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File Found : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\7131n9yy.default-1391422878471\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File Found : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\esoczcaj.default-1390322124158\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File Found : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\jdq1xmwk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File Found : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\onwj1zrm.default-1392478133748\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File Found : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\vi58c9kr.default-1391191842194\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File Found : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\ztssv1mq.default-1392029967137\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\art248\AppData\Roaming\Mozilla\Firefox\Profiles\bretubre.default\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\7131n9yy.default-1391422878471\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\esoczcaj.default-1390322124158\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\jdq1xmwk.default\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\onwj1zrm.default-1392478133748\prefs.js ]
 
Line Found : user_pref("extensions.TrafficLightSettings.ph_white", "thecrims.com\nhattrick.org\nraiffeisenonline.ro\nbrd-net.ro\ningonline.ro\nbancpost.ro\nbtrl.ro\ncrediteurope.ro\nalphabank.ro\nromexterra.ro\not[...]
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\vi58c9kr.default-1391191842194\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\ztssv1mq.default-1392029967137\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2805 octets] - [18/02/2014 00:42:37]
 
########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [2865 octets] ##########
 
clean log:
# AdwCleaner v3.019 - Report created 18/02/2014 at 00:44:39
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : art248 - ART248-MPC
# Running from : C:\Users\art248General\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\art248\AppData\Roaming\Mozilla\Firefox\Profiles\bretubre.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File Deleted : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\7131n9yy.default-1391422878471\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File Deleted : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\esoczcaj.default-1390322124158\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File Deleted : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\jdq1xmwk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File Deleted : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\onwj1zrm.default-1392478133748\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File Deleted : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\vi58c9kr.default-1391191842194\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File Deleted : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\ztssv1mq.default-1392029967137\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\art248\AppData\Roaming\Mozilla\Firefox\Profiles\bretubre.default\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\7131n9yy.default-1391422878471\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\esoczcaj.default-1390322124158\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\jdq1xmwk.default\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\onwj1zrm.default-1392478133748\prefs.js ]
 
Line Deleted : user_pref("extensions.TrafficLightSettings.ph_white", "thecrims.com\nhattrick.org\nraiffeisenonline.ro\nbrd-net.ro\ningonline.ro\nbancpost.ro\nbtrl.ro\ncrediteurope.ro\nalphabank.ro\nromexterra.ro\not[...]
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\vi58c9kr.default-1391191842194\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\ztssv1mq.default-1392029967137\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2943 octets] - [18/02/2014 00:42:37]
AdwCleaner[S0].txt - [2882 octets] - [18/02/2014 00:44:39]
 
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [2942 octets] ##########
 
 
while i'm sure those entries are false positives but well i juz let it clean anyway. the browsers can recreate those files if required. tho as usual running adw cleaner messes up my firefox abit. but no matter, resetting firefox and reinstalling all the addons take less than 5 mins. i can live with that. but may i know what are those things that adwcleaner found and cleaned?


#8 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 17 February 2014 - 11:42 AM

JRT log:

after running JRT and it created the log, somehow my laptop was unresponsive abit, my desktop icons didn't work only the start button worked also my custom logon screen changed back to the standard Win7 but restarting windows solved everything. no further issues 

also no idea what are those things that JRT deleted, could you please enlighten me on that? thx

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by art248 on Tue 18/02/2014 at  0:49:56.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\art248\AppData\Roaming\mozilla\firefox\profiles\bretubre.default\prefs.js
 
user_pref("extensions.TrafficLightSettings.firstTime", "3");
user_pref("extensions.TrafficLightSettings.ph_sign", "/****************************************************************************************\r\n****************************
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 18/02/2014 at  1:00:34.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by art248, 17 February 2014 - 12:02 PM.


#9 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 17 February 2014 - 11:47 AM

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by art248 (administrator) on ART248-MPC on 18-02-2014 01:19:49
Running from C:\Users\art248General\Desktop\FRST side
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKU\S-1-5-21-2314069899-2177616406-2157075861-1001\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-18] (Sandboxie Holdings, LLC)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0AAF5861D828CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-MY
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AE89B32A-E89A-479B-BBBB-EAA87BE0868C}: [NameServer]208.67.222.222,208.67.222.220
 
FireFox:
========
FF ProfilePath: C:\Users\art248\AppData\Roaming\Mozilla\Firefox\Profiles\bretubre.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: TrafficLight - C:\Users\art248\AppData\Roaming\Mozilla\Firefox\Profiles\bretubre.default\Extensions\trafficlight@bitdefender.com.xpi [2014-02-14]
FF Extension: NoScript - C:\Users\art248\AppData\Roaming\Mozilla\Firefox\Profiles\bretubre.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-14]
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-14]
CHR Extension: (Google Drive) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-14]
CHR Extension: (YouTube) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-14]
CHR Extension: (Adblock Plus) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-14]
CHR Extension: (TrafficLight) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2014-02-14]
CHR Extension: (Google Search) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-14]
CHR Extension: (Google Wallet) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-14]
CHR Extension: (Gmail) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [908856 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-18] (Sandboxie Holdings, LLC)
S3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2014-01-19] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-06-01] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2014-01-18] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2014-01-18] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2014-01-18] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [62168 2013-12-17] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-18] (Sandboxie Holdings, LLC)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software)
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-18 01:19 - 2014-02-18 01:19 - 00000000 ____D () C:\FRST
2014-02-18 01:00 - 2014-02-18 01:00 - 00001020 _____ () C:\Users\Public\JRT.txt
2014-02-18 00:42 - 2014-02-18 00:45 - 00000000 ____D () C:\AdwCleaner
2014-02-18 00:39 - 2014-02-18 01:19 - 00000000 ____D () C:\Users\art248General\Desktop\FRST side
2014-02-18 00:37 - 2014-02-18 00:37 - 01037530 _____ (Thisisu) C:\Users\art248General\Desktop\JRT.exe
2014-02-18 00:36 - 2014-02-18 00:37 - 01241888 _____ () C:\Users\art248General\Desktop\adwcleaner.exe
2014-02-16 21:41 - 2014-02-16 21:41 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-16 21:03 - 2014-02-16 21:04 - 04408320 _____ () C:\Users\art248General\Desktop\RogueKillerX64.exe
2014-02-16 17:05 - 2014-02-16 17:05 - 00000968 _____ () C:\Users\art248General\Desktop\checkup.txt
2014-02-16 16:55 - 2014-02-16 16:55 - 00529762 _____ () C:\Users\art248General\Desktop\attach.txt
2014-02-16 16:55 - 2014-02-16 16:55 - 00034908 _____ () C:\Users\art248General\Desktop\dds.txt
2014-02-16 16:03 - 2014-02-16 16:03 - 00987425 _____ () C:\Users\art248General\Desktop\SecurityCheck.exe
2014-02-16 16:02 - 2014-02-16 16:02 - 00688992 ____R (Swearware) C:\Users\art248General\Desktop\dds.scr
2014-02-16 02:03 - 2014-02-18 01:17 - 00000560 _____ () C:\Windows\setupact.log
2014-02-16 02:03 - 2014-02-16 02:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 01:52 - 2014-02-16 01:53 - 235351850 _____ () C:\Users\art248General\Documents\backup.reg
2014-02-16 00:01 - 2014-02-18 01:17 - 00002998 _____ () C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2014-02-16 00:01 - 2014-02-18 01:17 - 00000508 _____ () C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-02-16 00:01 - 2014-02-16 02:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-02-15 23:54 - 2014-02-15 23:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 23:52 - 2014-02-16 18:02 - 00000000 ____D () C:\Users\art248General\Downloads\Video
2014-02-15 23:42 - 2014-02-18 00:41 - 00000000 ____D () C:\Users\art248General\Downloads\Software
2014-02-15 23:34 - 2014-02-15 23:34 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\QuickScan
2014-02-14 00:29 - 2014-02-14 00:29 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Macromedia
2014-02-12 16:28 - 2013-11-27 07:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-12 16:28 - 2013-11-27 06:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-12 16:11 - 2013-10-02 10:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-12 16:11 - 2013-10-02 10:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-12 16:11 - 2013-10-02 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-12 16:11 - 2013-10-02 09:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-12 16:11 - 2013-10-02 09:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-12 16:11 - 2013-10-02 09:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-12 16:11 - 2013-10-02 09:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-12 16:11 - 2013-10-02 08:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-12 16:11 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-12 16:11 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-12 16:11 - 2013-10-02 08:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-12 16:11 - 2013-10-02 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-12 16:11 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-12 16:11 - 2013-10-02 07:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-12 16:11 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-12 16:11 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-12 16:04 - 2014-02-06 20:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 16:04 - 2014-02-06 19:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 16:04 - 2014-02-06 19:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 16:04 - 2014-02-06 19:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 16:04 - 2014-02-06 19:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 16:04 - 2014-02-06 19:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 16:04 - 2014-02-06 18:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 16:04 - 2014-02-06 18:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 16:04 - 2014-02-06 18:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:04 - 2014-02-06 18:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 16:04 - 2014-02-06 18:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 16:04 - 2014-02-06 18:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 16:04 - 2014-02-06 18:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 16:04 - 2014-02-06 18:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 16:04 - 2014-02-06 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 16:04 - 2014-02-06 18:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 16:04 - 2014-02-06 18:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 16:04 - 2014-02-06 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 16:04 - 2014-02-06 18:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 16:04 - 2014-02-06 17:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 16:04 - 2014-02-06 17:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 16:04 - 2014-02-06 17:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 16:04 - 2014-02-06 17:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 16:04 - 2014-02-06 17:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 16:04 - 2014-02-06 17:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 16:04 - 2014-02-06 17:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 16:04 - 2014-02-06 17:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 16:04 - 2014-02-06 17:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 16:04 - 2014-02-06 17:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 16:04 - 2014-02-06 17:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 16:04 - 2014-02-06 17:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 16:04 - 2014-02-06 17:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 16:04 - 2014-02-06 17:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 16:04 - 2014-02-06 17:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 16:04 - 2014-02-06 16:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 16:04 - 2014-02-06 16:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 16:04 - 2014-02-06 16:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 16:04 - 2014-02-06 16:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 16:04 - 2014-02-06 16:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 15:54 - 2013-12-04 10:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 15:54 - 2013-12-04 10:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 15:54 - 2013-12-04 10:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 15:54 - 2013-12-04 10:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 15:54 - 2013-12-04 10:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 15:54 - 2013-12-04 10:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 15:54 - 2013-12-04 10:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 15:54 - 2013-12-04 10:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 15:54 - 2013-12-04 10:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 15:54 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 15:54 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 15:54 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 15:54 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 15:54 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 15:54 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 15:54 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 15:54 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 15:54 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 15:53 - 2013-12-25 07:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 15:53 - 2013-12-25 06:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 15:53 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 15:53 - 2013-11-23 06:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 15:53 - 2013-09-25 10:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-12 15:53 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-12 15:50 - 2014-01-01 07:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 15:50 - 2014-01-01 07:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 04:04 - 2013-12-21 17:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 04:04 - 2013-12-21 16:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 04:02 - 2013-12-06 10:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 04:02 - 2013-12-06 10:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 04:02 - 2013-12-06 10:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 04:02 - 2013-12-06 10:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-09 03:14 - 2014-02-09 03:14 - 00000000 ____D () C:\ProgramData\Reflexive
2014-02-08 01:43 - 2014-02-08 01:55 - 83613128 _____ (Sophos Limited) C:\Users\art248General\Downloads\Sophos Virus Removal Tool.exe
2014-02-07 02:07 - 2014-02-07 02:07 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-02-06 19:09 - 2013-07-16 03:41 - 01858896 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100d.dll
2014-02-06 19:09 - 2013-07-16 03:41 - 01498960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100d.dll
2014-02-06 19:09 - 2013-07-16 03:41 - 01014096 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100d.dll
2014-02-06 19:09 - 2013-07-16 03:41 - 00743248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100d.dll
2014-02-06 19:03 - 2014-02-06 19:06 - 01768696 _____ (Malwarebytes ) C:\Users\art248General\Downloads\mbae-setup-0.09.5.0250.exe
2014-02-05 03:51 - 2014-02-05 03:51 - 00000000 ____D () C:\Program Files (x86)\WMP Tag Plus
2014-02-05 03:50 - 2014-02-05 03:50 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-02-05 03:47 - 2014-02-05 03:47 - 02653944 _____ (Xiph.Org) C:\Users\art248General\Downloads\opencodecs_0.85.17777.exe
2014-02-05 03:47 - 2014-02-05 03:47 - 00974301 _____ (BM-productions ) C:\Users\art248General\Downloads\WMPTagPlus-2.2.exe
2014-02-05 00:35 - 2014-02-05 00:35 - 00000000 ____D () C:\Users\art248\AppData\Roaming\MPC-HC
2014-02-04 23:54 - 2014-02-04 23:54 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 23:03 - 2014-02-16 21:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-04 23:01 - 2014-02-16 21:37 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-04 19:46 - 2014-02-04 19:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance
2014-02-03 00:39 - 2014-02-03 00:39 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Macromedia
2014-02-01 01:50 - 2014-02-01 01:50 - 00000181 _____ () C:\Users\art248General\Desktop\scans.txt
2014-01-31 16:53 - 2014-01-31 16:53 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-31 16:50 - 2014-01-31 16:51 - 02347384 _____ (ESET) C:\Users\art248General\Desktop\esetsmartinstaller_enu.exe
2014-01-31 01:56 - 2014-02-17 20:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 01:56 - 2014-02-06 01:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-31 01:56 - 2014-02-06 01:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-31 01:56 - 2014-02-06 01:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-31 01:56 - 2014-01-31 01:56 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-31 01:52 - 2014-01-31 01:57 - 00000000 ____D () C:\Users\art248\AppData\Local\Adobe
2014-01-30 18:06 - 2014-01-30 18:06 - 00000000 ____D () C:\Users\art248General\AppData\Local\AMD
2014-01-30 17:40 - 2014-01-30 17:40 - 00000000 ____D () C:\Users\art248\AppData\Local\AMD
2014-01-30 17:40 - 2014-01-30 17:40 - 00000000 ____D () C:\ProgramData\ATI
2014-01-30 17:38 - 2014-01-30 17:38 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201401301738359299.log
2014-01-30 17:38 - 2014-01-30 17:38 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-01-30 17:37 - 2014-01-30 17:38 - 00000000 ____D () C:\ProgramData\AMD
2014-01-30 17:37 - 2014-01-30 17:37 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-30 17:36 - 2014-01-30 17:36 - 00017009 _____ () C:\Windows\SysWOW64\CCCInstall_201401301736314105.log
2014-01-30 17:35 - 2014-01-30 17:35 - 00000000 ____D () C:\Program Files\AMD
2014-01-30 17:34 - 2014-01-30 17:34 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-01-30 17:32 - 2014-01-30 17:38 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-01-30 16:57 - 2014-01-30 17:31 - 00000000 ____D () C:\AMD
2014-01-30 16:19 - 2013-12-16 16:42 - 00020420 _____ () C:\Users\art248General\Desktop\settings.mo
2014-01-30 16:04 - 2014-01-30 16:04 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Wargaming.net
2014-01-29 16:23 - 2014-01-29 16:23 - 00000000 ____D () C:\Users\art248General\AppData\Local\Skyrim
2014-01-29 16:13 - 2014-01-29 16:13 - 00000000 ____D () C:\Users\art248General\AppData\Local\BigHugeEngine
2014-01-29 01:14 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-01-29 01:14 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-01-29 01:14 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-01-29 01:14 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-01-29 01:14 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-01-29 01:14 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-01-29 01:14 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-01-29 01:14 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-01-29 01:14 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-01-29 01:14 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-01-29 01:14 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-01-29 01:14 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-01-29 01:13 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-01-29 01:13 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-01-29 01:13 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-01-29 01:13 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-01-29 01:13 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-01-29 01:13 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-01-29 01:13 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-01-29 01:13 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-01-29 01:13 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-01-29 01:13 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-01-29 01:13 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-01-29 01:13 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-01-29 01:13 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-01-29 01:13 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-01-29 01:13 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-01-29 01:13 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-01-29 01:13 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-01-29 01:13 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-01-29 01:13 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-01-29 01:13 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-01-29 01:13 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-01-29 01:13 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-01-29 01:13 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-01-29 01:13 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-01-29 01:13 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-01-29 01:13 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-01-29 01:13 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-01-29 01:13 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-01-29 01:13 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-01-29 01:13 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-01-29 01:13 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-01-29 01:13 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-01-29 01:13 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-01-29 01:13 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-01-29 01:13 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-01-29 01:13 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-01-29 01:13 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-01-29 01:13 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-01-29 01:13 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-01-29 01:13 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-01-29 01:13 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-01-29 01:13 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-01-29 01:13 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-01-29 01:13 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-01-29 01:13 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-01-29 01:13 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-01-29 01:13 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-01-29 01:13 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-01-29 01:13 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-01-29 01:13 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-01-29 01:13 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-01-29 01:13 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-01-29 01:13 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-01-29 01:13 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-01-29 01:13 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-01-29 01:13 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-01-29 01:13 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-01-29 01:13 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-01-29 01:13 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-01-29 01:13 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-01-29 01:13 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-01-29 01:13 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-01-29 01:13 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-01-29 01:13 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-01-29 01:13 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-01-29 01:13 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-01-29 01:13 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-01-29 01:13 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-01-29 01:13 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-01-29 01:13 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-01-29 01:13 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-01-29 01:13 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-01-29 01:13 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-01-29 01:13 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-01-29 01:13 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-01-29 01:13 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-01-29 01:13 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-01-29 01:13 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-01-29 01:13 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-01-29 01:13 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-01-29 01:13 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-01-29 01:13 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-01-29 01:13 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-01-29 01:13 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-01-29 01:12 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-01-29 01:12 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-01-29 01:12 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-01-29 01:12 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-01-29 01:12 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-01-29 01:12 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-01-29 01:12 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-01-29 01:12 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-01-29 01:12 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-01-29 01:12 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-01-29 01:12 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-01-29 01:12 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-01-29 01:12 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-01-29 01:12 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-01-29 01:12 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-01-29 01:12 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-01-29 01:12 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-01-29 01:12 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-01-29 01:12 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-01-29 01:12 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-01-29 01:12 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-01-29 01:12 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-01-29 01:12 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-01-29 01:12 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-01-29 01:12 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-01-29 01:12 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-01-29 01:12 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-01-29 01:12 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-01-29 00:58 - 2014-01-29 02:49 - 00000000 ____D () C:\Windows\SysWOW64\directx

Attached Files


Edited by art248, 17 February 2014 - 11:50 AM.


#10 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 17 February 2014 - 11:51 AM

seems like FRST got cut halfway. i'll post the rest here

 

2014-01-28 03:06 - 2014-01-30 16:28 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-28 03:05 - 2014-01-28 03:05 - 00000000 ____D () C:\Users\art248\Documents\NFS Carbon
2014-01-28 03:04 - 2014-01-28 03:04 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-28 02:51 - 2014-01-28 02:51 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-01-28 02:51 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-01-28 02:51 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-01-28 02:51 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-01-28 02:51 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-01-28 02:51 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-01-28 02:51 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-01-28 02:50 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-01-28 02:50 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-01-28 02:50 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-01-28 02:50 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-01-28 02:50 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-01-28 02:50 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-01-28 02:50 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-01-28 02:50 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-01-28 02:50 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-01-28 02:50 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-01-28 02:50 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-01-28 02:50 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-01-28 02:50 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-01-28 02:50 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-01-28 02:50 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-01-28 02:50 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-01-28 02:50 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-01-28 02:50 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-01-27 01:17 - 2014-02-10 02:01 - 00000990 _____ () C:\Users\Public\Desktop\Configure ReClock.lnk
2014-01-27 01:17 - 2014-02-10 02:01 - 00000000 ____D () C:\Program Files (x86)\ReClock
2014-01-27 00:46 - 2014-02-10 01:55 - 00000000 ____D () C:\Program Files (x86)\KCP
2014-01-27 00:37 - 2014-02-07 02:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-26 03:09 - 2014-01-26 03:10 - 00000000 ____D () C:\Users\art248\AppData\Local\Origin
2014-01-26 02:59 - 2014-01-31 17:15 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-01-26 02:59 - 2014-01-26 02:59 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-01-26 01:40 - 2014-01-26 02:49 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Origin
2014-01-26 01:40 - 2014-01-26 01:41 - 00000000 ____D () C:\Users\art248General\AppData\Local\Origin
2014-01-26 01:26 - 2014-01-26 02:24 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Origin
2014-01-26 01:16 - 2014-01-30 14:27 - 00000000 ____D () C:\ProgramData\Origin
2014-01-26 01:09 - 2014-01-26 01:09 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\RenPy
2014-01-26 01:06 - 2014-01-26 01:06 - 00000000 ____D () C:\Users\art248\Documents\My Games
2014-01-26 01:06 - 2014-01-26 01:06 - 00000000 ____D () C:\Users\art248\AppData\Local\Skyrim
2014-01-25 22:48 - 2014-01-25 22:48 - 00000000 ____D () C:\Users\art248General\AppData\Local\Skype
2014-01-25 22:47 - 2014-01-25 22:47 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-01-25 22:47 - 2014-01-25 22:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-24 17:47 - 2014-01-24 17:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-01-24 17:47 - 2014-01-24 17:47 - 00000000 ____D () C:\Program Files\HitmanPro
2014-01-24 17:41 - 2014-02-03 17:56 - 10820032 _____ (SurfRight B.V.) C:\Users\art248General\Downloads\HitmanPro_x64.exe
2014-01-24 04:14 - 2014-01-24 04:14 - 00000000 ___RD () C:\Sandbox
2014-01-22 17:58 - 2014-02-14 00:19 - 00002259 _____ () C:\Users\art248\Desktop\Google Chrome.lnk
2014-01-22 00:07 - 2014-02-16 20:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-22 00:07 - 2014-01-22 00:08 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Mozilla
2014-01-21 23:32 - 2014-02-18 01:17 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 23:32 - 2014-02-18 00:44 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 23:32 - 2014-02-09 03:52 - 00004014 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-21 23:32 - 2014-02-09 03:52 - 00003762 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-21 03:07 - 2014-01-21 03:07 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\SUPERAntiSpyware.com
2014-01-21 00:43 - 2014-01-21 00:43 - 00000000 ____D () C:\Program Files (x86)\Tag Support Plugin for Media Player
2014-01-21 00:29 - 2014-01-25 22:48 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-21 00:29 - 2014-01-25 22:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-21 00:29 - 2014-01-21 00:29 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-21 00:24 - 2014-02-11 00:41 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Skype
2014-01-21 00:24 - 2014-01-25 22:47 - 00000000 ____D () C:\ProgramData\Skype
2014-01-20 23:52 - 2014-01-20 23:52 - 00000000 ____D () C:\Users\art248\AppData\Roaming\SUPERAntiSpyware.com
2014-01-20 23:51 - 2014-01-20 23:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-20 23:51 - 2014-01-20 23:51 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-20 23:51 - 2014-01-20 23:51 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-01-20 19:18 - 2014-02-16 18:55 - 00036352 _____ () C:\Users\art248General\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-20 18:12 - 2009-05-10 23:42 - 04150563 _____ () C:\Users\art248General\Documents\Mother's Day.rar
2014-01-20 02:26 - 2014-01-20 02:36 - 00000000 ____D () C:\Users\art248General\AppData\Local\Microsoft Games
2014-01-20 02:04 - 2014-01-20 02:04 - 00000000 ____D () C:\Users\art248General\Downloads\DAZ Studio
2014-01-20 02:00 - 2014-01-24 03:03 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Nitro PDF
2014-01-19 23:44 - 2014-01-20 04:22 - 01430011 _____ () C:\Users\art248General\AppData\Roaming\ICARE.LOG
2014-01-19 23:42 - 2014-01-19 23:43 - 00017028 _____ () C:\Users\art248General\Downloads\AutoRunExterminator-1.8.zip
2014-01-19 04:15 - 2014-01-19 04:15 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\LibreOffice
2014-01-19 04:14 - 2014-01-19 04:14 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2014-01-19 04:13 - 2014-01-19 04:14 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-01-19 03:25 - 2014-01-19 03:25 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\MPC-HC
2014-01-19 03:03 - 2014-01-19 03:03 - 00001542 _____ () C:\Users\art248General\Desktop\UpdateChecker.lnk
2014-01-19 03:01 - 2014-01-19 03:01 - 00002003 _____ () C:\Users\art248\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-01-19 03:01 - 2014-01-19 03:01 - 00001973 _____ () C:\Users\art248\Desktop\Update Checker.lnk
2014-01-19 02:44 - 2014-01-19 02:44 - 00000947 _____ () C:\Users\art248\Desktop\CDisplay.lnk
2014-01-19 02:44 - 2014-01-19 02:44 - 00000000 ____D () C:\Program Files (x86)\CDisplay
2014-01-19 02:40 - 2014-01-19 02:41 - 01158444 _____ () C:\Users\art248General\Downloads\setupCDisplay.zip
2014-01-19 02:33 - 2014-01-28 23:45 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Nitro
2014-01-19 02:33 - 2014-01-19 02:33 - 00002003 _____ () C:\Users\Public\Desktop\Nitro Reader.lnk
2014-01-19 02:33 - 2014-01-19 02:33 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\FileOpen
2014-01-19 02:33 - 2014-01-19 02:33 - 00000000 ____D () C:\ProgramData\Nitro
2014-01-19 02:33 - 2014-01-19 02:33 - 00000000 ____D () C:\ProgramData\FileOpen
2014-01-19 02:33 - 2014-01-19 02:33 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-01-19 02:33 - 2014-01-19 02:33 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-01-19 02:33 - 2013-07-26 06:48 - 00029712 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll
2014-01-19 02:33 - 2013-07-26 06:48 - 00017936 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll
2014-01-19 02:31 - 2014-01-19 02:31 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Downloaded Installations
2014-01-19 02:28 - 2014-01-19 02:28 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\qualys
2014-01-19 02:24 - 2014-01-19 02:25 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Estsoft
2014-01-19 02:24 - 2014-01-19 02:24 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\TuneUp Software
2014-01-19 02:24 - 2014-01-19 02:24 - 00000000 ____D () C:\Users\art248General\AppData\Local\ECRSC
2014-01-19 02:21 - 2014-01-19 03:22 - 00001869 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-01-19 02:21 - 2014-01-19 02:21 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-01-19 02:20 - 2014-01-19 02:20 - 00000000 ____D () C:\Users\art248\AppData\Roaming\ESTsoft
2014-01-19 02:20 - 2014-01-19 02:20 - 00000000 ____D () C:\Users\art248\AppData\Local\ECRSC
2014-01-19 02:20 - 2014-01-19 02:20 - 00000000 ____D () C:\ProgramData\ESTsoft
2014-01-19 02:20 - 2014-01-19 02:20 - 00000000 ____D () C:\Program Files (x86)\ESTsoft
2014-01-19 02:17 - 2014-02-14 03:42 - 00000000 ____D () C:\Users\art248General\Desktop\WOT
2014-01-19 02:16 - 2014-01-19 02:16 - 00000000 ____D () C:\Users\art248\AppData\Roaming\IrfanView
2014-01-19 02:06 - 2014-01-19 02:06 - 00000000 ____D () C:\Users\art248General\AppData\Local\ASUS
2014-01-19 01:20 - 2013-11-24 02:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-19 01:20 - 2013-11-24 01:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-19 01:20 - 2013-04-17 15:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-01-19 01:20 - 2013-04-17 14:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-01-19 01:19 - 2012-07-07 04:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-01-19 01:19 - 2012-02-11 14:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-01-19 01:19 - 2012-02-11 14:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2014-01-19 01:19 - 2011-04-28 11:54 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2014-01-19 01:19 - 2011-03-11 14:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-01-19 01:19 - 2011-03-11 14:41 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-01-19 01:19 - 2011-03-11 14:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-01-19 01:19 - 2011-03-11 14:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-01-19 01:19 - 2011-03-11 14:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-01-19 01:19 - 2011-03-11 14:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-01-19 01:19 - 2011-03-11 13:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-01-19 01:19 - 2011-03-11 13:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-01-19 01:19 - 2011-03-11 12:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-01-19 01:19 - 2011-02-25 14:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-01-19 01:19 - 2011-02-25 13:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-01-19 01:08 - 2014-01-19 01:13 - 00002181 _____ () C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2014-01-19 01:08 - 2014-01-19 01:13 - 00002163 _____ () C:\Users\Public\Desktop\TuneUp Utilities.lnk
2014-01-19 01:08 - 2014-01-19 01:08 - 00000000 ____D () C:\Users\art248\AppData\Roaming\TuneUp Software
2014-01-19 01:08 - 2011-06-01 02:40 - 00034624 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-01-19 01:08 - 2011-06-01 02:35 - 00025920 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-01-19 01:08 - 2011-06-01 02:35 - 00021312 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2014-01-19 01:08 - 2011-06-01 02:34 - 00036160 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-01-19 01:08 - 2011-06-01 02:34 - 00030016 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2014-01-19 01:06 - 2014-01-19 01:13 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2010
2014-01-19 01:04 - 2014-01-19 01:06 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-01-19 01:02 - 2014-01-19 01:02 - 00000000 ____D () C:\Users\art248\AppData\Roaming\qualys
2014-01-19 00:51 - 2014-01-19 00:51 - 00000000 ____D () C:\Users\art248\Documents\ASUS
2014-01-19 00:51 - 2014-01-19 00:51 - 00000000 ____D () C:\Users\art248\AppData\Local\ASUS
 
==================== One Month Modified Files and Folders =======
 
2014-02-18 01:19 - 2014-02-18 01:19 - 00000000 ____D () C:\FRST
2014-02-18 01:19 - 2014-02-18 00:39 - 00000000 ____D () C:\Users\art248General\Desktop\FRST side
2014-02-18 01:17 - 2014-02-16 02:03 - 00000560 _____ () C:\Windows\setupact.log
2014-02-18 01:17 - 2014-02-16 00:01 - 00002998 _____ () C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2014-02-18 01:17 - 2014-02-16 00:01 - 00000508 _____ () C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-02-18 01:17 - 2014-01-21 23:32 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-18 01:17 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-18 01:16 - 2014-01-18 01:00 - 01692115 _____ () C:\Windows\WindowsUpdate.log
2014-02-18 01:16 - 2009-07-14 12:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-18 01:16 - 2009-07-14 12:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-18 01:00 - 2014-02-18 01:00 - 00001020 _____ () C:\Users\Public\JRT.txt
2014-02-18 00:45 - 2014-02-18 00:42 - 00000000 ____D () C:\AdwCleaner
2014-02-18 00:44 - 2014-01-21 23:32 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-18 00:41 - 2014-02-15 23:42 - 00000000 ____D () C:\Users\art248General\Downloads\Software
2014-02-18 00:37 - 2014-02-18 00:37 - 01037530 _____ (Thisisu) C:\Users\art248General\Desktop\JRT.exe
2014-02-18 00:37 - 2014-02-18 00:36 - 01241888 _____ () C:\Users\art248General\Desktop\adwcleaner.exe
2014-02-17 20:46 - 2014-01-31 01:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 20:31 - 2014-01-18 02:08 - 00007631 _____ () C:\Users\art248\AppData\Local\Resmon.ResmonCfg
2014-02-16 21:59 - 2014-02-04 23:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-16 21:41 - 2014-02-16 21:41 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-16 21:37 - 2014-02-04 23:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-16 21:04 - 2014-02-16 21:03 - 04408320 _____ () C:\Users\art248General\Desktop\RogueKillerX64.exe
2014-02-16 20:52 - 2014-01-22 00:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 18:55 - 2014-01-20 19:18 - 00036352 _____ () C:\Users\art248General\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-16 18:02 - 2014-02-15 23:52 - 00000000 ____D () C:\Users\art248General\Downloads\Video
2014-02-16 17:05 - 2014-02-16 17:05 - 00000968 _____ () C:\Users\art248General\Desktop\checkup.txt
2014-02-16 16:55 - 2014-02-16 16:55 - 00529762 _____ () C:\Users\art248General\Desktop\attach.txt
2014-02-16 16:55 - 2014-02-16 16:55 - 00034908 _____ () C:\Users\art248General\Desktop\dds.txt
2014-02-16 16:03 - 2014-02-16 16:03 - 00987425 _____ () C:\Users\art248General\Desktop\SecurityCheck.exe
2014-02-16 16:02 - 2014-02-16 16:02 - 00688992 ____R (Swearware) C:\Users\art248General\Desktop\dds.scr
2014-02-16 03:27 - 2009-07-14 13:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-16 02:03 - 2014-02-16 02:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 02:03 - 2014-02-16 00:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-02-16 01:53 - 2014-02-16 01:52 - 235351850 _____ () C:\Users\art248General\Documents\backup.reg
2014-02-15 23:55 - 2014-02-15 23:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 23:34 - 2014-02-15 23:34 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\QuickScan
2014-02-15 23:30 - 2014-01-18 17:44 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-02-14 03:42 - 2014-01-19 02:17 - 00000000 ____D () C:\Users\art248General\Desktop\WOT
2014-02-14 00:29 - 2014-02-14 00:29 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Macromedia
2014-02-14 00:19 - 2014-01-22 17:58 - 00002259 _____ () C:\Users\art248\Desktop\Google Chrome.lnk
2014-02-14 00:19 - 2014-01-18 17:27 - 00000000 ____D () C:\Users\art248\AppData\Local\Google
2014-02-14 00:13 - 2014-01-18 01:27 - 00000000 ____D () C:\Users\art248\AppData\Local\VirtualStore
2014-02-12 16:18 - 2014-01-18 01:27 - 00000000 ____D () C:\Users\art248
2014-02-12 16:14 - 2014-01-18 05:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 16:12 - 2014-01-18 05:42 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 16:07 - 2014-01-18 07:42 - 00765700 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-11 00:41 - 2014-01-21 00:24 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Skype
2014-02-10 02:01 - 2014-01-27 01:17 - 00000990 _____ () C:\Users\Public\Desktop\Configure ReClock.lnk
2014-02-10 02:01 - 2014-01-27 01:17 - 00000000 ____D () C:\Program Files (x86)\ReClock
2014-02-10 01:55 - 2014-01-27 00:46 - 00000000 ____D () C:\Program Files (x86)\KCP
2014-02-09 22:15 - 2014-01-18 16:58 - 00000000 ____D () C:\Users\art248General\Documents\Cell Group
2014-02-09 21:45 - 2014-01-18 18:21 - 00001398 _____ () C:\Windows\Sandboxie.ini
2014-02-09 03:52 - 2014-01-21 23:32 - 00004014 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-09 03:52 - 2014-01-21 23:32 - 00003762 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-09 03:14 - 2014-02-09 03:14 - 00000000 ____D () C:\ProgramData\Reflexive
2014-02-08 01:55 - 2014-02-08 01:43 - 83613128 _____ (Sophos Limited) C:\Users\art248General\Downloads\Sophos Virus Removal Tool.exe
2014-02-07 02:07 - 2014-02-07 02:07 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-02-07 02:07 - 2014-01-27 00:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-06 20:16 - 2014-02-12 16:04 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 20:13 - 2014-01-16 23:36 - 00000220 _____ () C:\Users\art248General\Desktop\stuff to download.txt
2014-02-06 19:30 - 2014-02-12 16:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 19:30 - 2014-02-12 16:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 19:12 - 2014-02-12 16:04 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 19:07 - 2014-02-12 16:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 19:06 - 2014-02-12 16:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 19:06 - 2014-02-06 19:03 - 01768696 _____ (Malwarebytes ) C:\Users\art248General\Downloads\mbae-setup-0.09.5.0250.exe
2014-02-06 18:57 - 2014-02-12 16:04 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 18:56 - 2014-02-12 16:04 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 18:52 - 2014-02-12 16:04 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 18:49 - 2014-02-12 16:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 18:48 - 2014-02-12 16:04 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 18:48 - 2014-02-12 16:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 18:38 - 2014-02-12 16:04 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 18:32 - 2014-02-12 16:04 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 18:20 - 2014-02-12 16:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 18:17 - 2014-02-12 16:04 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 18:11 - 2014-02-12 16:04 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 18:01 - 2014-02-12 16:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 18:00 - 2014-02-12 16:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 17:57 - 2014-02-12 16:04 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 17:57 - 2014-02-12 16:04 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 17:52 - 2014-02-12 16:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 17:52 - 2014-02-12 16:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 17:50 - 2014-02-12 16:04 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 17:49 - 2014-02-12 16:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 17:47 - 2014-02-12 16:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 17:46 - 2014-02-12 16:04 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 17:25 - 2014-02-12 16:04 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 17:25 - 2014-02-12 16:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 17:24 - 2014-02-12 16:04 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 17:22 - 2014-02-12 16:04 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 17:13 - 2014-02-12 16:04 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 17:09 - 2014-02-12 16:04 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 17:03 - 2014-02-12 16:04 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 16:55 - 2014-02-12 16:04 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 16:41 - 2014-02-12 16:04 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 16:40 - 2014-02-12 16:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 16:36 - 2014-02-12 16:04 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 16:34 - 2014-02-12 16:04 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-06 01:47 - 2014-01-31 01:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-06 01:47 - 2014-01-31 01:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-06 01:47 - 2014-01-31 01:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 03:51 - 2014-02-05 03:51 - 00000000 ____D () C:\Program Files (x86)\WMP Tag Plus
2014-02-05 03:50 - 2014-02-05 03:50 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-02-05 03:47 - 2014-02-05 03:47 - 02653944 _____ (Xiph.Org) C:\Users\art248General\Downloads\opencodecs_0.85.17777.exe
2014-02-05 03:47 - 2014-02-05 03:47 - 00974301 _____ (BM-productions ) C:\Users\art248General\Downloads\WMPTagPlus-2.2.exe
2014-02-05 00:35 - 2014-02-05 00:35 - 00000000 ____D () C:\Users\art248\AppData\Roaming\MPC-HC
2014-02-04 23:54 - 2014-02-04 23:54 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 19:46 - 2014-02-04 19:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance
2014-02-03 17:56 - 2014-01-24 17:41 - 10820032 _____ (SurfRight B.V.) C:\Users\art248General\Downloads\HitmanPro_x64.exe
2014-02-03 00:39 - 2014-02-03 00:39 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Macromedia
2014-02-02 20:20 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-02-01 01:50 - 2014-02-01 01:50 - 00000181 _____ () C:\Users\art248General\Desktop\scans.txt
2014-01-31 22:09 - 2014-01-18 17:25 - 00000000 ____D () C:\Users\art248General\Documents\NHF
2014-01-31 17:15 - 2014-01-26 02:59 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-01-31 16:53 - 2014-01-31 16:53 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-31 16:51 - 2014-01-31 16:50 - 02347384 _____ (ESET) C:\Users\art248General\Desktop\esetsmartinstaller_enu.exe
2014-01-31 03:28 - 2014-01-18 12:52 - 00001410 _____ () C:\Windows\system32\ServiceFilter.ini
2014-01-31 01:57 - 2014-01-31 01:52 - 00000000 ____D () C:\Users\art248\AppData\Local\Adobe
2014-01-31 01:56 - 2014-01-31 01:56 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-30 18:06 - 2014-01-30 18:06 - 00000000 ____D () C:\Users\art248General\AppData\Local\AMD
2014-01-30 17:59 - 2009-07-14 12:45 - 00330472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-30 17:40 - 2014-01-30 17:40 - 00000000 ____D () C:\Users\art248\AppData\Local\AMD
2014-01-30 17:40 - 2014-01-30 17:40 - 00000000 ____D () C:\ProgramData\ATI
2014-01-30 17:40 - 2014-01-18 01:35 - 00072000 _____ () C:\Users\art248\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-30 17:38 - 2014-01-30 17:38 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201401301738359299.log
2014-01-30 17:38 - 2014-01-30 17:38 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-01-30 17:38 - 2014-01-30 17:37 - 00000000 ____D () C:\ProgramData\AMD
2014-01-30 17:38 - 2014-01-30 17:32 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-01-30 17:37 - 2014-01-30 17:37 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-30 17:36 - 2014-01-30 17:36 - 00017009 _____ () C:\Windows\SysWOW64\CCCInstall_201401301736314105.log
2014-01-30 17:35 - 2014-01-30 17:35 - 00000000 ____D () C:\Program Files\AMD
2014-01-30 17:34 - 2014-01-30 17:34 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-01-30 17:31 - 2014-01-30 16:57 - 00000000 ____D () C:\AMD
2014-01-30 16:28 - 2014-01-28 03:06 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-30 16:28 - 2014-01-18 13:01 - 00072000 _____ () C:\Users\art248General\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-30 16:04 - 2014-01-30 16:04 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Wargaming.net
2014-01-30 14:27 - 2014-01-26 01:16 - 00000000 ____D () C:\ProgramData\Origin
2014-01-29 16:23 - 2014-01-29 16:23 - 00000000 ____D () C:\Users\art248General\AppData\Local\Skyrim
2014-01-29 16:13 - 2014-01-29 16:13 - 00000000 ____D () C:\Users\art248General\AppData\Local\BigHugeEngine
2014-01-29 02:49 - 2014-01-29 00:58 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-01-28 23:45 - 2014-01-19 02:33 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Nitro
2014-01-28 04:06 - 2014-01-18 12:52 - 00001298 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-01-28 03:05 - 2014-01-28 03:05 - 00000000 ____D () C:\Users\art248\Documents\NFS Carbon
2014-01-28 03:04 - 2014-01-28 03:04 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-28 02:51 - 2014-01-28 02:51 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-01-26 03:10 - 2014-01-26 03:09 - 00000000 ____D () C:\Users\art248\AppData\Local\Origin
2014-01-26 02:59 - 2014-01-26 02:59 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-01-26 02:49 - 2014-01-26 01:40 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Origin
2014-01-26 02:24 - 2014-01-26 01:26 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Origin
2014-01-26 01:41 - 2014-01-26 01:40 - 00000000 ____D () C:\Users\art248General\AppData\Local\Origin
2014-01-26 01:09 - 2014-01-26 01:09 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\RenPy
2014-01-26 01:06 - 2014-01-26 01:06 - 00000000 ____D () C:\Users\art248\Documents\My Games
2014-01-26 01:06 - 2014-01-26 01:06 - 00000000 ____D () C:\Users\art248\AppData\Local\Skyrim
2014-01-25 22:48 - 2014-01-25 22:48 - 00000000 ____D () C:\Users\art248General\AppData\Local\Skype
2014-01-25 22:48 - 2014-01-21 00:29 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-25 22:48 - 2014-01-21 00:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-25 22:47 - 2014-01-25 22:47 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-01-25 22:47 - 2014-01-25 22:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-25 22:47 - 2014-01-21 00:24 - 00000000 ____D () C:\ProgramData\Skype
2014-01-24 17:58 - 2014-01-24 17:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-01-24 17:47 - 2014-01-24 17:47 - 00000000 ____D () C:\Program Files\HitmanPro
2014-01-24 04:14 - 2014-01-24 04:14 - 00000000 ___RD () C:\Sandbox
2014-01-24 03:03 - 2014-01-20 02:00 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Nitro PDF
2014-01-22 00:08 - 2014-01-22 00:07 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Mozilla
2014-01-21 23:37 - 2014-01-18 17:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-21 03:07 - 2014-01-21 03:07 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\SUPERAntiSpyware.com
2014-01-21 00:43 - 2014-01-21 00:43 - 00000000 ____D () C:\Program Files (x86)\Tag Support Plugin for Media Player
2014-01-21 00:30 - 2014-01-18 16:57 - 00000000 ____D () C:\Windows\Panther
2014-01-21 00:29 - 2014-01-21 00:29 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-21 00:23 - 2014-01-18 12:54 - 00003092 _____ () C:\Windows\System32\Tasks\AIRecoveryRemind
2014-01-21 00:23 - 2014-01-18 12:53 - 00003000 _____ () C:\Windows\System32\Tasks\ASUS Live Update
2014-01-20 23:52 - 2014-01-20 23:52 - 00000000 ____D () C:\Users\art248\AppData\Roaming\SUPERAntiSpyware.com
2014-01-20 23:52 - 2014-01-20 23:51 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-20 23:51 - 2014-01-20 23:51 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-20 23:51 - 2014-01-20 23:51 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-01-20 19:23 - 2014-01-16 23:36 - 00000000 ____D () C:\Users\art248General\Desktop\Important docs
2014-01-20 04:22 - 2014-01-19 23:44 - 01430011 _____ () C:\Users\art248General\AppData\Roaming\ICARE.LOG
2014-01-20 02:36 - 2014-01-20 02:26 - 00000000 ____D () C:\Users\art248General\AppData\Local\Microsoft Games
2014-01-20 02:04 - 2014-01-20 02:04 - 00000000 ____D () C:\Users\art248General\Downloads\DAZ Studio
2014-01-20 02:03 - 2014-01-18 16:59 - 00000000 ____D () C:\Users\art248General\Documents\Engineering
2014-01-19 23:43 - 2014-01-19 23:42 - 00017028 _____ () C:\Users\art248General\Downloads\AutoRunExterminator-1.8.zip
2014-01-19 04:15 - 2014-01-19 04:15 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\LibreOffice
2014-01-19 04:14 - 2014-01-19 04:14 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2014-01-19 04:14 - 2014-01-19 04:13 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-01-19 03:29 - 2009-07-14 13:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-19 03:25 - 2014-01-19 03:25 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\MPC-HC
2014-01-19 03:22 - 2014-01-19 02:21 - 00001869 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-01-19 03:03 - 2014-01-19 03:03 - 00001542 _____ () C:\Users\art248General\Desktop\UpdateChecker.lnk
2014-01-19 03:01 - 2014-01-19 03:01 - 00002003 _____ () C:\Users\art248\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-01-19 03:01 - 2014-01-19 03:01 - 00001973 _____ () C:\Users\art248\Desktop\Update Checker.lnk
2014-01-19 03:01 - 2014-01-18 22:49 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-01-19 02:44 - 2014-01-19 02:44 - 00000947 _____ () C:\Users\art248\Desktop\CDisplay.lnk
2014-01-19 02:44 - 2014-01-19 02:44 - 00000000 ____D () C:\Program Files (x86)\CDisplay
2014-01-19 02:41 - 2014-01-19 02:40 - 01158444 _____ () C:\Users\art248General\Downloads\setupCDisplay.zip
2014-01-19 02:33 - 2014-01-19 02:33 - 00002003 _____ () C:\Users\Public\Desktop\Nitro Reader.lnk
2014-01-19 02:33 - 2014-01-19 02:33 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\FileOpen
2014-01-19 02:33 - 2014-01-19 02:33 - 00000000 ____D () C:\ProgramData\Nitro
2014-01-19 02:33 - 2014-01-19 02:33 - 00000000 ____D () C:\ProgramData\FileOpen
2014-01-19 02:33 - 2014-01-19 02:33 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-01-19 02:33 - 2014-01-19 02:33 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-01-19 02:31 - 2014-01-19 02:31 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Downloaded Installations
2014-01-19 02:28 - 2014-01-19 02:28 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\qualys
2014-01-19 02:25 - 2014-01-19 02:24 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Estsoft
2014-01-19 02:24 - 2014-01-19 02:24 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\TuneUp Software
2014-01-19 02:24 - 2014-01-19 02:24 - 00000000 ____D () C:\Users\art248General\AppData\Local\ECRSC
2014-01-19 02:21 - 2014-01-19 02:21 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-01-19 02:20 - 2014-01-19 02:20 - 00000000 ____D () C:\Users\art248\AppData\Roaming\ESTsoft
2014-01-19 02:20 - 2014-01-19 02:20 - 00000000 ____D () C:\Users\art248\AppData\Local\ECRSC
2014-01-19 02:20 - 2014-01-19 02:20 - 00000000 ____D () C:\ProgramData\ESTsoft
2014-01-19 02:20 - 2014-01-19 02:20 - 00000000 ____D () C:\Program Files (x86)\ESTsoft
2014-01-19 02:20 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Resources
2014-01-19 02:16 - 2014-01-19 02:16 - 00000000 ____D () C:\Users\art248\AppData\Roaming\IrfanView
2014-01-19 02:06 - 2014-01-19 02:06 - 00000000 ____D () C:\Users\art248General\AppData\Local\ASUS
2014-01-19 02:06 - 2014-01-18 13:10 - 00000000 ____D () C:\Users\art248General\Desktop\ASUS Software
2014-01-19 02:06 - 2014-01-18 12:17 - 00000000 ____D () C:\Users\art248General\AppData\Local\VirtualStore
2014-01-19 01:56 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-01-19 01:13 - 2014-01-19 01:08 - 00002181 _____ () C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2014-01-19 01:13 - 2014-01-19 01:08 - 00002163 _____ () C:\Users\Public\Desktop\TuneUp Utilities.lnk
2014-01-19 01:13 - 2014-01-19 01:06 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2010
2014-01-19 01:08 - 2014-01-19 01:08 - 00000000 ____D () C:\Users\art248\AppData\Roaming\TuneUp Software
2014-01-19 01:06 - 2014-01-19 01:04 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-01-19 01:02 - 2014-01-19 01:02 - 00000000 ____D () C:\Users\art248\AppData\Roaming\qualys
2014-01-19 00:51 - 2014-01-19 00:51 - 00000000 ____D () C:\Users\art248\Documents\ASUS
2014-01-19 00:51 - 2014-01-19 00:51 - 00000000 ____D () C:\Users\art248\AppData\Local\ASUS
2014-01-19 00:51 - 2014-01-18 12:57 - 00000000 ____D () C:\ProgramData\ASUS
2014-01-19 00:00 - 2014-01-18 12:51 - 00000000 ____D () C:\Program Files (x86)\ASUS
 
Some content of TEMP:
====================
C:\Users\art248\AppData\Local\Temp\avgnt.exe
C:\Users\art248\AppData\Local\Temp\Quarantine.exe
C:\Users\art248General\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 00:27
 
==================== End Of Log ============================


#11 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 17 February 2014 - 11:57 AM

i should note that the group policy changes ware made by running crypto prevent.

 

no further issues although as usual windows action center sometimes reports that avira and firewall is turned off and asked me to look at a list of antispyware programs online even though avira reports all serivces are working correctly. well disabling and reenabling avira solves this issue after disconnecting from the internet of course. i suspect this is some kind of bug on avira side maybe some kind if compatibility with win7. but it doesn't happen often although i did happen once when running farbar, i can live with it, might just switch to a different av once my license runs out.

 

otherwise all appears to be fine


Edited by art248, 18 February 2014 - 12:27 AM.


#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,225 posts

Posted 18 February 2014 - 07:10 AM

We normally fix this Google policy restriction with FRST but in you case I'm not sure.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Will leave it alone.

==

Will leave this topic open for 6 days. If you need to return please do.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 18 February 2014 - 09:46 AM

nasdaq thx for taking the time to look at my logs.
 

 

 

We normally fix this Google policy restriction with FRST but in you case I'm not sure.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

ic, but what does it actually mean?

 

 

will it cause any issue? nothing actually bad is it?

 

so my other query is, can the system be considered clean then, i mean if there is nothing suspicious in the logs that indicate that i have an infection, i suppose i hv nothing to worry about? and what are those things that adwcleaner and JRT cleared? also i also assume that the entries from the RogueKiller logs are nothing to worry about? sorry for bugging with so many queries but i'm just really curious

thx


Edited by art248, 18 February 2014 - 10:28 AM.


#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,225 posts

Posted 19 February 2014 - 07:09 AM

The only way I can e sure that these <======= ATTENTION notice are caused by the crypto prevent it to remove them if possible.

Then run the FRST tool and post a fresh log if you want me to check it further.
===

You can run the RogueKiller tool and fix these. They will be fix.
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Restart the system if required.

The items removed with the AdwCleaner tool are Adware as far as I am concerned.
I will keep your remarks about Firefox in mind.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 19 February 2014 - 10:09 AM

alright i will disable cryptoprevent and make a new FRST log.

 

hmm but aren't those items from adwcleaner all refer to preferences and extensions of sorts? 



#16 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 19 February 2014 - 10:12 AM

and the roguekiller entries, what do they represent?



#17 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 19 February 2014 - 12:27 PM

anyway i reran frst and here is the log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by art248 (administrator) on ART248-MPC on 20-02-2014 01:53:05
Running from C:\Users\art248General\Desktop\FRST side
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer) C:\Program Files\ASUS\NB Probe\NBProbe.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2314069899-2177616406-2157075861-1000\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S5].txt [2518 2014-02-20] ()
HKU\S-1-5-21-2314069899-2177616406-2157075861-1001\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-18] (Sandboxie Holdings, LLC)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0AAF5861D828CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-MY
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AE89B32A-E89A-479B-BBBB-EAA87BE0868C}: [NameServer]208.67.222.222,208.67.222.220
 
FireFox:
========
FF ProfilePath: C:\Users\art248\AppData\Roaming\Mozilla\Firefox\Profiles\bretubre.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: NoScript - C:\Users\art248\AppData\Roaming\Mozilla\Firefox\Profiles\bretubre.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-14]
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-14]
CHR Extension: (Google Drive) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-14]
CHR Extension: (YouTube) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-14]
CHR Extension: (Adblock Plus) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-14]
CHR Extension: (Google Search) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-14]
CHR Extension: (Google Wallet) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-14]
CHR Extension: (Gmail) - C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [908856 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-18] (Sandboxie Holdings, LLC)
R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2014-01-19] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-06-01] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2014-01-18] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2014-01-18] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2014-01-18] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [62168 2013-12-17] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-18] (Sandboxie Holdings, LLC)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software)
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-20 00:17 - 2014-02-19 17:50 - 04413952 _____ () C:\Users\art248General\Desktop\RogueKillerX64.exe
2014-02-19 18:26 - 2014-02-19 18:26 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-02-19 18:19 - 2014-02-19 18:19 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2014-02-19 00:20 - 2014-02-19 00:20 - 00006244 _____ () C:\Windows\PFRO.log
2014-02-18 20:19 - 2014-02-18 20:19 - 00000000 ____D () C:\SUPERDelete
2014-02-18 16:34 - 2014-02-18 16:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-18 01:26 - 2014-02-18 01:22 - 00016864 _____ () C:\Users\art248General\Desktop\Addition.txt
2014-02-18 01:25 - 2014-02-18 01:22 - 00096857 _____ () C:\Users\art248General\Desktop\FRST.txt
2014-02-18 01:19 - 2014-02-20 01:53 - 00000000 ____D () C:\FRST
2014-02-18 01:00 - 2014-02-18 01:00 - 00001020 _____ () C:\Users\art248General\Desktop\JRT.txt
2014-02-18 00:42 - 2014-02-20 01:36 - 00000000 ____D () C:\AdwCleaner
2014-02-18 00:39 - 2014-02-20 01:53 - 00000000 ____D () C:\Users\art248General\Desktop\FRST side
2014-02-18 00:37 - 2014-02-18 00:37 - 01037530 _____ (Thisisu) C:\Users\art248General\Desktop\JRT.exe
2014-02-18 00:36 - 2014-02-18 00:37 - 01241888 _____ () C:\Users\art248General\Desktop\adwcleaner.exe
2014-02-16 17:05 - 2014-02-16 17:05 - 00000968 _____ () C:\Users\art248General\Desktop\checkup.txt
2014-02-16 16:55 - 2014-02-16 16:55 - 00529762 _____ () C:\Users\art248General\Desktop\attach.txt
2014-02-16 16:55 - 2014-02-16 16:55 - 00034908 _____ () C:\Users\art248General\Desktop\dds.txt
2014-02-16 16:03 - 2014-02-16 16:03 - 00987425 _____ () C:\Users\art248General\Desktop\SecurityCheck.exe
2014-02-16 16:02 - 2014-02-16 16:02 - 00688992 ____R (Swearware) C:\Users\art248General\Desktop\dds.scr
2014-02-16 02:03 - 2014-02-20 01:37 - 00002736 _____ () C:\Windows\setupact.log
2014-02-16 02:03 - 2014-02-16 02:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 01:52 - 2014-02-16 01:53 - 235351850 _____ () C:\Users\art248General\Documents\backup.reg
2014-02-16 00:01 - 2014-02-20 01:38 - 00002998 _____ () C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2014-02-16 00:01 - 2014-02-20 01:38 - 00000508 _____ () C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-02-16 00:01 - 2014-02-16 02:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-02-15 23:54 - 2014-02-15 23:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 23:52 - 2014-02-19 16:57 - 00000000 ____D () C:\Users\art248General\Downloads\Video
2014-02-15 23:42 - 2014-02-20 00:18 - 00000000 ____D () C:\Users\art248General\Downloads\Software
2014-02-15 23:34 - 2014-02-15 23:34 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\QuickScan
2014-02-14 00:29 - 2014-02-14 00:29 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Macromedia
2014-02-12 16:28 - 2013-11-27 07:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-12 16:28 - 2013-11-27 06:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-12 16:11 - 2013-10-02 10:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-12 16:11 - 2013-10-02 10:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-12 16:11 - 2013-10-02 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-12 16:11 - 2013-10-02 09:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-12 16:11 - 2013-10-02 09:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-12 16:11 - 2013-10-02 09:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-12 16:11 - 2013-10-02 09:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-12 16:11 - 2013-10-02 08:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-12 16:11 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-12 16:11 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-12 16:11 - 2013-10-02 08:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-12 16:11 - 2013-10-02 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-12 16:11 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-12 16:11 - 2013-10-02 07:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-12 16:11 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-12 16:11 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-12 16:04 - 2014-02-06 20:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 16:04 - 2014-02-06 19:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 16:04 - 2014-02-06 19:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 16:04 - 2014-02-06 19:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 16:04 - 2014-02-06 19:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 16:04 - 2014-02-06 19:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 16:04 - 2014-02-06 18:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 16:04 - 2014-02-06 18:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 16:04 - 2014-02-06 18:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:04 - 2014-02-06 18:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 16:04 - 2014-02-06 18:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 16:04 - 2014-02-06 18:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 16:04 - 2014-02-06 18:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 16:04 - 2014-02-06 18:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 16:04 - 2014-02-06 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 16:04 - 2014-02-06 18:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 16:04 - 2014-02-06 18:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 16:04 - 2014-02-06 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 16:04 - 2014-02-06 18:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 16:04 - 2014-02-06 17:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 16:04 - 2014-02-06 17:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 16:04 - 2014-02-06 17:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 16:04 - 2014-02-06 17:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 16:04 - 2014-02-06 17:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 16:04 - 2014-02-06 17:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 16:04 - 2014-02-06 17:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 16:04 - 2014-02-06 17:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 16:04 - 2014-02-06 17:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 16:04 - 2014-02-06 17:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 16:04 - 2014-02-06 17:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 16:04 - 2014-02-06 17:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 16:04 - 2014-02-06 17:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 16:04 - 2014-02-06 17:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 16:04 - 2014-02-06 17:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 16:04 - 2014-02-06 16:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 16:04 - 2014-02-06 16:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 16:04 - 2014-02-06 16:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 16:04 - 2014-02-06 16:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 16:04 - 2014-02-06 16:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 15:54 - 2013-12-04 10:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 15:54 - 2013-12-04 10:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 15:54 - 2013-12-04 10:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 15:54 - 2013-12-04 10:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 15:54 - 2013-12-04 10:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 15:54 - 2013-12-04 10:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 15:54 - 2013-12-04 10:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 15:54 - 2013-12-04 10:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 15:54 - 2013-12-04 10:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 15:54 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 15:54 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 15:54 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 15:54 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 15:54 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 15:54 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 15:54 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 15:54 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 15:54 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 15:53 - 2013-12-25 07:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 15:53 - 2013-12-25 06:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 15:53 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 15:53 - 2013-11-23 06:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 15:53 - 2013-09-25 10:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-12 15:53 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-12 15:50 - 2014-01-01 07:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 15:50 - 2014-01-01 07:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 04:04 - 2013-12-21 17:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 04:04 - 2013-12-21 16:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 04:02 - 2013-12-06 10:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 04:02 - 2013-12-06 10:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 04:02 - 2013-12-06 10:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 04:02 - 2013-12-06 10:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-09 03:14 - 2014-02-09 03:14 - 00000000 ____D () C:\ProgramData\Reflexive
2014-02-08 01:43 - 2014-02-08 01:55 - 83613128 _____ (Sophos Limited) C:\Users\art248General\Downloads\Sophos Virus Removal Tool.exe
2014-02-07 02:07 - 2014-02-07 02:07 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-02-06 19:09 - 2013-07-16 03:41 - 01858896 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100d.dll
2014-02-06 19:09 - 2013-07-16 03:41 - 01498960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100d.dll
2014-02-06 19:09 - 2013-07-16 03:41 - 01014096 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100d.dll
2014-02-06 19:09 - 2013-07-16 03:41 - 00743248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100d.dll
2014-02-06 19:03 - 2014-02-06 19:06 - 01768696 _____ (Malwarebytes ) C:\Users\art248General\Downloads\mbae-setup-0.09.5.0250.exe
2014-02-05 03:51 - 2014-02-05 03:51 - 00000000 ____D () C:\Program Files (x86)\WMP Tag Plus
2014-02-05 03:50 - 2014-02-05 03:50 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-02-05 03:47 - 2014-02-05 03:47 - 02653944 _____ (Xiph.Org) C:\Users\art248General\Downloads\opencodecs_0.85.17777.exe
2014-02-05 03:47 - 2014-02-05 03:47 - 00974301 _____ (BM-productions ) C:\Users\art248General\Downloads\WMPTagPlus-2.2.exe
2014-02-05 00:35 - 2014-02-05 00:35 - 00000000 ____D () C:\Users\art248\AppData\Roaming\MPC-HC
2014-02-04 23:54 - 2014-02-04 23:54 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 23:03 - 2014-02-16 21:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-04 23:01 - 2014-02-16 21:37 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-04 19:46 - 2014-02-04 19:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance
2014-02-03 00:39 - 2014-02-03 00:39 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Macromedia
2014-02-01 01:50 - 2014-02-01 01:50 - 00000181 _____ () C:\Users\art248General\Desktop\scans.txt
2014-01-31 16:53 - 2014-01-31 16:53 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-31 16:50 - 2014-01-31 16:51 - 02347384 _____ (ESET) C:\Users\art248General\Desktop\esetsmartinstaller_enu.exe
2014-01-31 01:56 - 2014-02-20 01:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 01:56 - 2014-02-06 01:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-31 01:56 - 2014-02-06 01:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-31 01:56 - 2014-02-06 01:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-31 01:56 - 2014-01-31 01:56 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-31 01:52 - 2014-01-31 01:57 - 00000000 ____D () C:\Users\art248\AppData\Local\Adobe
2014-01-30 18:06 - 2014-01-30 18:06 - 00000000 ____D () C:\Users\art248General\AppData\Local\AMD
2014-01-30 17:40 - 2014-01-30 17:40 - 00000000 ____D () C:\Users\art248\AppData\Local\AMD
2014-01-30 17:40 - 2014-01-30 17:40 - 00000000 ____D () C:\ProgramData\ATI
2014-01-30 17:38 - 2014-01-30 17:38 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201401301738359299.log
2014-01-30 17:38 - 2014-01-30 17:38 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-01-30 17:37 - 2014-01-30 17:38 - 00000000 ____D () C:\ProgramData\AMD
2014-01-30 17:37 - 2014-01-30 17:37 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-30 17:36 - 2014-01-30 17:36 - 00017009 _____ () C:\Windows\SysWOW64\CCCInstall_201401301736314105.log
2014-01-30 17:35 - 2014-01-30 17:35 - 00000000 ____D () C:\Program Files\AMD
2014-01-30 17:34 - 2014-01-30 17:34 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-01-30 17:32 - 2014-01-30 17:38 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-01-30 16:57 - 2014-01-30 17:31 - 00000000 ____D () C:\AMD
2014-01-30 16:04 - 2014-01-30 16:04 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Wargaming.net
2014-01-29 16:23 - 2014-01-29 16:23 - 00000000 ____D () C:\Users\art248General\AppData\Local\Skyrim
2014-01-29 16:13 - 2014-01-29 16:13 - 00000000 ____D () C:\Users\art248General\AppData\Local\BigHugeEngine
2014-01-29 01:14 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-01-29 01:14 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-01-29 01:14 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-01-29 01:14 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-01-29 01:14 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-01-29 01:14 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-29 01:14 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-01-29 01:14 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-01-29 01:14 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-01-29 01:14 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-01-29 01:14 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-01-29 01:14 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-01-29 01:14 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-01-29 01:14 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-01-29 01:13 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-01-29 01:13 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-01-29 01:13 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-01-29 01:13 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-01-29 01:13 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-01-29 01:13 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-01-29 01:13 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-01-29 01:13 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-01-29 01:13 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-01-29 01:13 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-01-29 01:13 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-01-29 01:13 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-01-29 01:13 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-01-29 01:13 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-01-29 01:13 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-01-29 01:13 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-01-29 01:13 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-01-29 01:13 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-01-29 01:13 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-01-29 01:13 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-01-29 01:13 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-01-29 01:13 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-01-29 01:13 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-01-29 01:13 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-01-29 01:13 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-01-29 01:13 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-01-29 01:13 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-01-29 01:13 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-01-29 01:13 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-01-29 01:13 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-01-29 01:13 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-01-29 01:13 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-01-29 01:13 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-01-29 01:13 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-01-29 01:13 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-01-29 01:13 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-01-29 01:13 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-01-29 01:13 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-01-29 01:13 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-01-29 01:13 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-01-29 01:13 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-01-29 01:13 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-01-29 01:13 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-01-29 01:13 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-01-29 01:13 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-01-29 01:13 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-01-29 01:13 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-01-29 01:13 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-01-29 01:13 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-01-29 01:13 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-01-29 01:13 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-01-29 01:13 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-01-29 01:13 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-01-29 01:13 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-01-29 01:13 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-01-29 01:13 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-01-29 01:13 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-01-29 01:13 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-01-29 01:13 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-01-29 01:13 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-01-29 01:13 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-01-29 01:13 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-01-29 01:13 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-01-29 01:13 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-01-29 01:13 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-01-29 01:13 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-01-29 01:13 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-01-29 01:13 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-01-29 01:13 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-01-29 01:13 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-01-29 01:13 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-01-29 01:13 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-01-29 01:13 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-01-29 01:13 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-01-29 01:13 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-01-29 01:13 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-01-29 01:13 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-01-29 01:13 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-01-29 01:13 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-01-29 01:13 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-01-29 01:13 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-01-29 01:13 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-01-29 01:13 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-01-29 01:13 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-01-29 01:13 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-01-29 01:13 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-01-29 01:12 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-01-29 01:12 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-01-29 01:12 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-01-29 01:12 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-01-29 01:12 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-01-29 01:12 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-01-29 01:12 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-01-29 01:12 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-01-29 01:12 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-01-29 01:12 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-01-29 01:12 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-01-29 01:12 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-01-29 01:12 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-01-29 01:12 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-01-29 01:12 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-01-29 01:12 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-01-29 01:12 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-01-29 01:12 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-01-29 01:12 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-01-29 01:12 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-01-29 01:12 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-01-29 01:12 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-01-29 01:12 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-01-29 01:12 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-01-29 01:12 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-01-29 01:12 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-01-29 01:12 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-01-29 01:12 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-01-29 00:58 - 2014-01-29 02:49 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-01-28 03:06 - 2014-01-30 16:28 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-28 03:05 - 2014-01-28 03:05 - 00000000 ____D () C:\Users\art248\Documents\NFS Carbon
2014-01-28 03:04 - 2014-01-28 03:04 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-28 02:51 - 2014-01-28 02:51 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-01-28 02:51 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-01-28 02:51 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-01-28 02:51 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-01-28 02:51 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-01-28 02:51 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-01-28 02:51 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-01-28 02:50 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-01-28 02:50 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-01-28 02:50 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-01-28 02:50 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-01-28 02:50 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-01-28 02:50 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-01-28 02:50 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-01-28 02:50 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-01-28 02:50 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-01-28 02:50 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-01-28 02:50 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-01-28 02:50 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-01-28 02:50 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-01-28 02:50 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-01-28 02:50 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-01-28 02:50 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-01-28 02:50 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-01-28 02:50 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-01-27 01:17 - 2014-02-10 02:01 - 00000990 _____ () C:\Users\Public\Desktop\Configure ReClock.lnk
2014-01-27 01:17 - 2014-02-10 02:01 - 00000000 ____D () C:\Program Files (x86)\ReClock
2014-01-27 00:46 - 2014-02-10 01:55 - 00000000 ____D () C:\Program Files (x86)\KCP
2014-01-27 00:37 - 2014-02-07 02:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-26 03:09 - 2014-01-26 03:10 - 00000000 ____D () C:\Users\art248\AppData\Local\Origin
2014-01-26 02:59 - 2014-01-31 17:15 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-01-26 02:59 - 2014-01-26 02:59 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-01-26 01:40 - 2014-01-26 02:49 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Origin
2014-01-26 01:40 - 2014-01-26 01:41 - 00000000 ____D () C:\Users\art248General\AppData\Local\Origin
2014-01-26 01:26 - 2014-01-26 02:24 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Origin
2014-01-26 01:16 - 2014-01-30 14:27 - 00000000 ____D () C:\ProgramData\Origin
2014-01-26 01:09 - 2014-01-26 01:09 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\RenPy
2014-01-26 01:06 - 2014-01-26 01:06 - 00000000 ____D () C:\Users\art248\Documents\My Games
2014-01-26 01:06 - 2014-01-26 01:06 - 00000000 ____D () C:\Users\art248\AppData\Local\Skyrim
2014-01-25 22:48 - 2014-01-25 22:48 - 00000000 ____D () C:\Users\art248General\AppData\Local\Skype
2014-01-25 22:47 - 2014-01-25 22:47 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-01-25 22:47 - 2014-01-25 22:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-24 17:47 - 2014-01-24 17:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-01-24 17:47 - 2014-01-24 17:47 - 00000000 ____D () C:\Program Files\HitmanPro
2014-01-24 17:41 - 2014-02-03 17:56 - 10820032 _____ (SurfRight B.V.) C:\Users\art248General\Downloads\HitmanPro_x64.exe
2014-01-24 04:14 - 2014-01-24 04:14 - 00000000 ___RD () C:\Sandbox
2014-01-22 17:58 - 2014-02-14 00:19 - 00002259 _____ () C:\Users\art248\Desktop\Google Chrome.lnk
2014-01-22 00:07 - 2014-02-16 20:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-22 00:07 - 2014-01-22 00:08 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Mozilla
2014-01-21 23:32 - 2014-02-20 01:44 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 23:32 - 2014-02-20 01:38 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 23:32 - 2014-02-09 03:52 - 00004014 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-21 23:32 - 2014-02-09 03:52 - 00003762 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-21 03:07 - 2014-01-21 03:07 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\SUPERAntiSpyware.com
2014-01-21 00:43 - 2014-01-21 00:43 - 00000000 ____D () C:\Program Files (x86)\Tag Support Plugin for Media Player
2014-01-21 00:29 - 2014-01-25 22:48 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-21 00:29 - 2014-01-25 22:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-21 00:29 - 2014-01-21 00:29 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-21 00:24 - 2014-02-18 02:18 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Skype
2014-01-21 00:24 - 2014-01-25 22:47 - 00000000 ____D () C:\ProgramData\Skype
 
==================== One Month Modified Files and Folders =======
 
2014-02-20 01:53 - 2014-02-18 01:19 - 00000000 ____D () C:\FRST
2014-02-20 01:53 - 2014-02-18 00:39 - 00000000 ____D () C:\Users\art248General\Desktop\FRST side
2014-02-20 01:46 - 2014-01-31 01:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-20 01:46 - 2009-07-14 12:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-20 01:46 - 2009-07-14 12:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-20 01:44 - 2014-01-21 23:32 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-20 01:38 - 2014-02-16 00:01 - 00002998 _____ () C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2014-02-20 01:38 - 2014-02-16 00:01 - 00000508 _____ () C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-02-20 01:38 - 2014-01-21 23:32 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-20 01:38 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-20 01:37 - 2014-02-16 02:03 - 00002736 _____ () C:\Windows\setupact.log
2014-02-20 01:37 - 2014-01-18 01:00 - 01805717 _____ () C:\Windows\WindowsUpdate.log
2014-02-20 01:36 - 2014-02-18 00:42 - 00000000 ____D () C:\AdwCleaner
2014-02-20 01:17 - 2009-07-14 13:08 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-20 00:18 - 2014-02-15 23:42 - 00000000 ____D () C:\Users\art248General\Downloads\Software
2014-02-19 18:26 - 2014-02-19 18:26 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-02-19 18:26 - 2014-01-18 16:58 - 00000000 ____D () C:\Users\art248General\Documents\Cell Group
2014-02-19 18:19 - 2014-02-19 18:19 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2014-02-19 18:18 - 2014-01-19 04:13 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-02-19 17:50 - 2014-02-20 00:17 - 04413952 _____ () C:\Users\art248General\Desktop\RogueKillerX64.exe
2014-02-19 17:43 - 2014-01-20 19:18 - 00035328 _____ () C:\Users\art248General\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-19 16:57 - 2014-02-15 23:52 - 00000000 ____D () C:\Users\art248General\Downloads\Video
2014-02-19 02:19 - 2009-07-14 13:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-19 00:20 - 2014-02-19 00:20 - 00006244 _____ () C:\Windows\PFRO.log
2014-02-18 20:19 - 2014-02-18 20:19 - 00000000 ____D () C:\SUPERDelete
2014-02-18 16:42 - 2014-01-18 18:21 - 00001436 _____ () C:\Windows\Sandboxie.ini
2014-02-18 16:34 - 2014-02-18 16:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-18 14:32 - 2014-01-18 02:08 - 00007598 _____ () C:\Users\art248\AppData\Local\Resmon.ResmonCfg
2014-02-18 03:52 - 2014-01-18 17:44 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-02-18 03:45 - 2014-01-19 02:17 - 00000000 ____D () C:\Users\art248General\Desktop\WOT
2014-02-18 02:18 - 2014-01-21 00:24 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Skype
2014-02-18 01:22 - 2014-02-18 01:26 - 00016864 _____ () C:\Users\art248General\Desktop\Addition.txt
2014-02-18 01:22 - 2014-02-18 01:25 - 00096857 _____ () C:\Users\art248General\Desktop\FRST.txt
2014-02-18 01:00 - 2014-02-18 01:00 - 00001020 _____ () C:\Users\art248General\Desktop\JRT.txt
2014-02-18 00:37 - 2014-02-18 00:37 - 01037530 _____ (Thisisu) C:\Users\art248General\Desktop\JRT.exe
2014-02-18 00:37 - 2014-02-18 00:36 - 01241888 _____ () C:\Users\art248General\Desktop\adwcleaner.exe
2014-02-16 21:59 - 2014-02-04 23:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-16 21:37 - 2014-02-04 23:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-16 20:52 - 2014-01-22 00:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 17:05 - 2014-02-16 17:05 - 00000968 _____ () C:\Users\art248General\Desktop\checkup.txt
2014-02-16 16:55 - 2014-02-16 16:55 - 00529762 _____ () C:\Users\art248General\Desktop\attach.txt
2014-02-16 16:55 - 2014-02-16 16:55 - 00034908 _____ () C:\Users\art248General\Desktop\dds.txt
2014-02-16 16:03 - 2014-02-16 16:03 - 00987425 _____ () C:\Users\art248General\Desktop\SecurityCheck.exe
2014-02-16 16:02 - 2014-02-16 16:02 - 00688992 ____R (Swearware) C:\Users\art248General\Desktop\dds.scr
2014-02-16 02:03 - 2014-02-16 02:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 02:03 - 2014-02-16 00:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-02-16 01:53 - 2014-02-16 01:52 - 235351850 _____ () C:\Users\art248General\Documents\backup.reg
2014-02-15 23:55 - 2014-02-15 23:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 23:34 - 2014-02-15 23:34 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\QuickScan
2014-02-14 00:29 - 2014-02-14 00:29 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Macromedia
2014-02-14 00:19 - 2014-01-22 17:58 - 00002259 _____ () C:\Users\art248\Desktop\Google Chrome.lnk
2014-02-14 00:19 - 2014-01-18 17:27 - 00000000 ____D () C:\Users\art248\AppData\Local\Google
2014-02-14 00:13 - 2014-01-18 01:27 - 00000000 ____D () C:\Users\art248\AppData\Local\VirtualStore
2014-02-12 16:18 - 2014-01-18 01:27 - 00000000 ____D () C:\Users\art248
2014-02-12 16:14 - 2014-01-18 05:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 16:12 - 2014-01-18 05:42 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 16:07 - 2014-01-18 07:42 - 00765700 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-10 02:01 - 2014-01-27 01:17 - 00000990 _____ () C:\Users\Public\Desktop\Configure ReClock.lnk
2014-02-10 02:01 - 2014-01-27 01:17

#18 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 19 February 2014 - 12:32 PM

2014-02-10 02:01 - 2014-01-27 01:17 - 00000000 ____D () C:\Program Files (x86)\ReClock
2014-02-10 01:55 - 2014-01-27 00:46 - 00000000 ____D () C:\Program Files (x86)\KCP
2014-02-09 03:52 - 2014-01-21 23:32 - 00004014 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-09 03:52 - 2014-01-21 23:32 - 00003762 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-09 03:14 - 2014-02-09 03:14 - 00000000 ____D () C:\ProgramData\Reflexive
2014-02-08 01:55 - 2014-02-08 01:43 - 83613128 _____ (Sophos Limited) C:\Users\art248General\Downloads\Sophos Virus Removal Tool.exe
2014-02-07 02:07 - 2014-02-07 02:07 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-02-07 02:07 - 2014-01-27 00:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-06 20:16 - 2014-02-12 16:04 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 20:13 - 2014-01-16 23:36 - 00000220 _____ () C:\Users\art248General\Desktop\stuff to download.txt
2014-02-06 19:30 - 2014-02-12 16:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 19:30 - 2014-02-12 16:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 19:12 - 2014-02-12 16:04 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 19:07 - 2014-02-12 16:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 19:06 - 2014-02-12 16:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 19:06 - 2014-02-06 19:03 - 01768696 _____ (Malwarebytes ) C:\Users\art248General\Downloads\mbae-setup-0.09.5.0250.exe
2014-02-06 18:57 - 2014-02-12 16:04 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 18:56 - 2014-02-12 16:04 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 18:52 - 2014-02-12 16:04 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 18:49 - 2014-02-12 16:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 18:48 - 2014-02-12 16:04 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 18:48 - 2014-02-12 16:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 18:38 - 2014-02-12 16:04 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 18:32 - 2014-02-12 16:04 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 18:20 - 2014-02-12 16:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 18:17 - 2014-02-12 16:04 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 18:11 - 2014-02-12 16:04 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 18:01 - 2014-02-12 16:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 18:00 - 2014-02-12 16:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 17:57 - 2014-02-12 16:04 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 17:57 - 2014-02-12 16:04 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 17:52 - 2014-02-12 16:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 17:52 - 2014-02-12 16:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 17:50 - 2014-02-12 16:04 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 17:49 - 2014-02-12 16:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 17:47 - 2014-02-12 16:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 17:46 - 2014-02-12 16:04 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 17:25 - 2014-02-12 16:04 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 17:25 - 2014-02-12 16:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 17:24 - 2014-02-12 16:04 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 17:22 - 2014-02-12 16:04 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 17:13 - 2014-02-12 16:04 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 17:09 - 2014-02-12 16:04 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 17:03 - 2014-02-12 16:04 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 16:55 - 2014-02-12 16:04 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 16:41 - 2014-02-12 16:04 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 16:40 - 2014-02-12 16:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 16:36 - 2014-02-12 16:04 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 16:34 - 2014-02-12 16:04 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-06 01:47 - 2014-01-31 01:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-06 01:47 - 2014-01-31 01:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-06 01:47 - 2014-01-31 01:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 03:51 - 2014-02-05 03:51 - 00000000 ____D () C:\Program Files (x86)\WMP Tag Plus
2014-02-05 03:50 - 2014-02-05 03:50 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-02-05 03:47 - 2014-02-05 03:47 - 02653944 _____ (Xiph.Org) C:\Users\art248General\Downloads\opencodecs_0.85.17777.exe
2014-02-05 03:47 - 2014-02-05 03:47 - 00974301 _____ (BM-productions ) C:\Users\art248General\Downloads\WMPTagPlus-2.2.exe
2014-02-05 00:35 - 2014-02-05 00:35 - 00000000 ____D () C:\Users\art248\AppData\Roaming\MPC-HC
2014-02-04 23:54 - 2014-02-04 23:54 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 19:46 - 2014-02-04 19:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance
2014-02-03 17:56 - 2014-01-24 17:41 - 10820032 _____ (SurfRight B.V.) C:\Users\art248General\Downloads\HitmanPro_x64.exe
2014-02-03 00:39 - 2014-02-03 00:39 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Macromedia
2014-02-02 20:20 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-02-01 01:50 - 2014-02-01 01:50 - 00000181 _____ () C:\Users\art248General\Desktop\scans.txt
2014-01-31 22:09 - 2014-01-18 17:25 - 00000000 ____D () C:\Users\art248General\Documents\NHF
2014-01-31 17:15 - 2014-01-26 02:59 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-01-31 16:53 - 2014-01-31 16:53 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-31 16:51 - 2014-01-31 16:50 - 02347384 _____ (ESET) C:\Users\art248General\Desktop\esetsmartinstaller_enu.exe
2014-01-31 03:28 - 2014-01-18 12:52 - 00001410 _____ () C:\Windows\system32\ServiceFilter.ini
2014-01-31 01:57 - 2014-01-31 01:52 - 00000000 ____D () C:\Users\art248\AppData\Local\Adobe
2014-01-31 01:56 - 2014-01-31 01:56 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-30 18:06 - 2014-01-30 18:06 - 00000000 ____D () C:\Users\art248General\AppData\Local\AMD
2014-01-30 17:59 - 2009-07-14 12:45 - 00330472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-30 17:40 - 2014-01-30 17:40 - 00000000 ____D () C:\Users\art248\AppData\Local\AMD
2014-01-30 17:40 - 2014-01-30 17:40 - 00000000 ____D () C:\ProgramData\ATI
2014-01-30 17:40 - 2014-01-18 01:35 - 00072000 _____ () C:\Users\art248\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-30 17:38 - 2014-01-30 17:38 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201401301738359299.log
2014-01-30 17:38 - 2014-01-30 17:38 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-01-30 17:38 - 2014-01-30 17:37 - 00000000 ____D () C:\ProgramData\AMD
2014-01-30 17:38 - 2014-01-30 17:32 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-01-30 17:37 - 2014-01-30 17:37 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-30 17:36 - 2014-01-30 17:36 - 00017009 _____ () C:\Windows\SysWOW64\CCCInstall_201401301736314105.log
2014-01-30 17:35 - 2014-01-30 17:35 - 00000000 ____D () C:\Program Files\AMD
2014-01-30 17:34 - 2014-01-30 17:34 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-01-30 17:31 - 2014-01-30 16:57 - 00000000 ____D () C:\AMD
2014-01-30 16:28 - 2014-01-28 03:06 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-30 16:28 - 2014-01-18 13:01 - 00072000 _____ () C:\Users\art248General\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-30 16:04 - 2014-01-30 16:04 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Wargaming.net
2014-01-30 14:27 - 2014-01-26 01:16 - 00000000 ____D () C:\ProgramData\Origin
2014-01-29 16:23 - 2014-01-29 16:23 - 00000000 ____D () C:\Users\art248General\AppData\Local\Skyrim
2014-01-29 16:13 - 2014-01-29 16:13 - 00000000 ____D () C:\Users\art248General\AppData\Local\BigHugeEngine
2014-01-29 02:49 - 2014-01-29 00:58 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-01-28 23:45 - 2014-01-19 02:33 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Nitro
2014-01-28 04:06 - 2014-01-18 12:52 - 00001298 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-01-28 03:05 - 2014-01-28 03:05 - 00000000 ____D () C:\Users\art248\Documents\NFS Carbon
2014-01-28 03:04 - 2014-01-28 03:04 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-28 02:51 - 2014-01-28 02:51 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-01-26 03:10 - 2014-01-26 03:09 - 00000000 ____D () C:\Users\art248\AppData\Local\Origin
2014-01-26 02:59 - 2014-01-26 02:59 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-01-26 02:49 - 2014-01-26 01:40 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Origin
2014-01-26 02:24 - 2014-01-26 01:26 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Origin
2014-01-26 01:41 - 2014-01-26 01:40 - 00000000 ____D () C:\Users\art248General\AppData\Local\Origin
2014-01-26 01:09 - 2014-01-26 01:09 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\RenPy
2014-01-26 01:06 - 2014-01-26 01:06 - 00000000 ____D () C:\Users\art248\Documents\My Games
2014-01-26 01:06 - 2014-01-26 01:06 - 00000000 ____D () C:\Users\art248\AppData\Local\Skyrim
2014-01-25 22:48 - 2014-01-25 22:48 - 00000000 ____D () C:\Users\art248General\AppData\Local\Skype
2014-01-25 22:48 - 2014-01-21 00:29 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-25 22:48 - 2014-01-21 00:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-25 22:47 - 2014-01-25 22:47 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-01-25 22:47 - 2014-01-25 22:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-25 22:47 - 2014-01-21 00:24 - 00000000 ____D () C:\ProgramData\Skype
2014-01-24 17:58 - 2014-01-24 17:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-01-24 17:47 - 2014-01-24 17:47 - 00000000 ____D () C:\Program Files\HitmanPro
2014-01-24 04:14 - 2014-01-24 04:14 - 00000000 ___RD () C:\Sandbox
2014-01-24 03:03 - 2014-01-20 02:00 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\Nitro PDF
2014-01-22 00:08 - 2014-01-22 00:07 - 00000000 ____D () C:\Users\art248\AppData\Roaming\Mozilla
2014-01-21 23:37 - 2014-01-18 17:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-21 03:07 - 2014-01-21 03:07 - 00000000 ____D () C:\Users\art248General\AppData\Roaming\SUPERAntiSpyware.com
2014-01-21 00:43 - 2014-01-21 00:43 - 00000000 ____D () C:\Program Files (x86)\Tag Support Plugin for Media Player
2014-01-21 00:30 - 2014-01-18 16:57 - 00000000 ____D () C:\Windows\Panther
2014-01-21 00:29 - 2014-01-21 00:29 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-21 00:23 - 2014-01-18 12:54 - 00003092 _____ () C:\Windows\System32\Tasks\AIRecoveryRemind
2014-01-21 00:23 - 2014-01-18 12:53 - 00003000 _____ () C:\Windows\System32\Tasks\ASUS Live Update
 
Some content of TEMP:
====================
C:\Users\art248\AppData\Local\Temp\avgnt.exe
C:\Users\art248\AppData\Local\Temp\ntdll_dump.dll
C:\Users\art248\AppData\Local\Temp\Quarantine.exe
C:\Users\art248General\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 00:27
 
==================== End Of Log ============================


#19 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 19 February 2014 - 01:40 PM

oddly enough I found that the firefox issue only happens outside of an admin account. 

 

I did rerun adwcleaner and those preferences .js files are still there as well as one of the xpi files under files section in mozilla firefox. i recall xpi files under firefox is an extension installer. I remembered that i did not encounter that when I ran the cleaner with firefox devoid of all extensions. I have since removed the bitdefender traffic light extension which seemed to have the most issues. I guess the preferences files are fine?

 

right now the add ons that I have for firefox are AdBlock Plus, DownThemAll, NoScript and Web of Trust (WOT), they all should be clean. and with these addons adwcleaner found this.  

 

# AdwCleaner v3.019 - Report created 20/02/2014 at 03:00:53
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : art248 - ART248-MPC
# Running from : C:\Users\art248General\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\nbnxpcuc.default-1392831697902\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\art248\AppData\Roaming\Mozilla\Firefox\Profiles\bretubre.default\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\7131n9yy.default-1391422878471\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\8pqcyyuv.default-1392658173575\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\8uftr0j7.default-1392829786182\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\esoczcaj.default-1390322124158\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\jdq1xmwk.default\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\nbnxpcuc.default-1392831697902\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\onwj1zrm.default-1392478133748\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\vi58c9kr.default-1391191842194\prefs.js ]
 
 
[ File : C:\Users\art248General\AppData\Roaming\Mozilla\Firefox\Profiles\ztssv1mq.default-1392029967137\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2943 octets] - [18/02/2014 00:42:37]
AdwCleaner[R1].txt - [2240 octets] - [20/02/2014 00:23:21]
AdwCleaner[R2].txt - [1977 octets] - [20/02/2014 00:36:00]
AdwCleaner[R3].txt - [2217 octets] - [20/02/2014 01:14:17]
AdwCleaner[R4].txt - [2337 octets] - [20/02/2014 01:20:43]
AdwCleaner[R5].txt - [2457 octets] - [20/02/2014 01:35:17]
AdwCleaner[R6].txt - [2362 octets] - [20/02/2014 03:00:53]
AdwCleaner[S0].txt - [3020 octets] - [18/02/2014 00:44:39]
AdwCleaner[S1].txt - [2305 octets] - [20/02/2014 00:24:35]
AdwCleaner[S2].txt - [2038 octets] - [20/02/2014 00:37:36]
AdwCleaner[S3].txt - [2278 octets] - [20/02/2014 01:16:16]
AdwCleaner[S4].txt - [1452 octets] - [20/02/2014 01:26:03]
AdwCleaner[S5].txt - [2518 octets] - [20/02/2014 01:36:17]
 
########## EOF - \AdwCleaner\AdwCleaner[R6].txt - [2782 octets] ##########
 
I do suspect the .xpi to be a false positive probably related to one of those addons. Do correct me if I'm wrong because I do not notice anything strange, nor are my browsers hijacked with addons that I did not personally install. What do you think?  


#20 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 19 February 2014 - 02:14 PM

I did find this info from the adblock plus homepage https://adblockplus....pic.php?t=21332 which seems to indicate that the .xpi file in the latest detection is a false positive by adwcleaner. It is even the same exact path on my pc, the previous ones I think it is very likely caused by the bitdefender extension. Which after removing it, I am left with the one above.

 

*edit: after updating the the latest version of adwcleaner that I got from the author's website it did not detect anymore of those .xpi files although the preferences are still there but from what I read it is nothing much to worry about. I guess they have solved the .xpi false positives then. 

 

still nasdaq, I really thank you for the time that you take to analyse my logs. Now that I have started at boot camp I realise that there are alot to look at, to analyse. Once again I thank you for coming to my aid. 


Edited by art248, 19 February 2014 - 02:32 PM.


#21 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 22 February 2014 - 07:28 AM

So, how is everything looking now? I suppose there isn't an infection is there? Maybe just some cleaning up

 

edit: I would also like to know what do you make of the RogueKiller registry entries in the 1st post? From my limited understanding if they are alone without anything that says that I have an infection then they are legit and fine. Is that correct? Because even without any infection I seem to get those entries pretty much everytime when I run RogueKiller on any of my systems and those systems are not behaving strangely either.


Edited by art248, 22 February 2014 - 08:45 AM.


#22 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,225 posts

Posted 23 February 2014 - 07:08 AM


*edit: after updating the the latest version of adwcleaner that I got from the author's website it did not detect anymore of those .xpi files although the preferences are still there but from what I read it is nothing much to worry about. I guess they have solved the .xpi false positives then.

What version do you have. Your log shows 3.019 is this correct?
===

Fix this Google policy.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

As for the RogueKiller when you fix these items they will either be deleted or replaced. Nothing to worry abougt.
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND


===

Keep up the good work.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#23 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 23 February 2014 - 08:22 AM

 

 

What version do you have. Your log shows 3.019 is this correct?

Oh yeah my mistake. Not sure why but it seems that the 1st run it targeted that particular xpi, then after that it was fine, might be a funny extension conflict with one of my other extensions. Well since it is nothing major, its probably fine.

 

 Ok, thanks for clarifying the RK logs and thanks for the encouragement.

but what about these?

 

[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

 

I have run RK and fixed all those entries. But I do seem to get these few entries every now and then, either the 1st two together or the last two and at times all four together & the RogueKiller logs show nothing else except those registry entries. But I suppose if it is just them then they are nothing to worry about? According to your instructions just run Rogue Killer and fix them whenever it comes up? If so can I say that in the absence of any infection those four registry entries are actually harmless and I can potentially ignore them? 


Edited by art248, 23 February 2014 - 09:18 AM.


#24 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 23 February 2014 - 08:25 AM

and here is the requested log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2014 01
Ran by art248 at 2014-02-23 22:24:38 Run:1
Running from C:\Users\art248General\Desktop\FRST side
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
end
*****************
 
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
 
==== End of Fixlog ====


#25 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,225 posts

Posted 24 February 2014 - 06:36 AM

Your understanding of the RogueKiller log is correct.
There is no need to run the tool unless you have some problems.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#26 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 24 February 2014 - 10:11 AM

Ok thank you for clarifying. I won't run RogueKiler unless I suspect something wrong with the system, or else it will just be those four entries that will be found which pose no harm in the absence of any evidence of infection.

 

So, do I have to run anything else at the moment? Please advise. Thanks



#27 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,225 posts

Posted 25 February 2014 - 06:20 AM



If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#28 art248

art248

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 102 posts

Posted 25 February 2014 - 10:39 AM

Yeah all seems well now. Thanks, nasdaq.

I am already doing more or less all that you have suggested as well as from the Tony Klien article.

 

Just to clarify, this machine did not actually have an 'infection' right? Looks more like just some housekeeping and tidying up. Correct me if I'm wrong.

 

So, can we now say that all is ok? And I can remove some of the tools that we used and the logs that they produced. Thanks



#29 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,225 posts

Posted 26 February 2014 - 06:27 AM

Just to clarify, this machine did not actually have an 'infection' right? Looks more like just some housekeeping and tidying up. Correct me if I'm wrong.

Correct.

You can delete the tools we used or Keep them in a separate folder for you future use.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#30 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,225 posts

Posted 26 February 2014 - 06:27 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button