Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-09-2015 Ran by home (administrator) on HOME-PC (05-09-2015 15:05:34) Running from C:\Users\home\Desktop Loaded Profiles: home (Available Profiles: home) Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-2613110551-1791208473-3936777090-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-03-05] (Microsoft Corporation) BootExecute: autocheck autochk * bddel.exesdnclean.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-2613110551-1791208473-3936777090-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 150.150.151.101 Tcpip\..\Interfaces\{6C9BAEC7-2230-4C67-90E6-97B748E00BF7}: [DhcpNameServer] 150.150.151.101 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2613110551-1791208473-3936777090-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2613110551-1791208473-3936777090-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-21-2613110551-1791208473-3936777090-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-2613110551-1791208473-3936777090-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-2613110551-1791208473-3936777090-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-2613110551-1791208473-3936777090-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files\TurboTax 2013\ic2013pp.dll [2014-05-05] (Intuit Canada, a general partnership/une société en nom collectif.) Handler: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files\TurboTax 2014\ic2014pp.dll [2014-12-19] (Intuit Canada, a general partnership/une société en nom collectif.) FireFox: ======== FF ProfilePath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ocyaxzdd.default FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ocyaxzdd.default\searchplugins\restore_files_nvjmx.html [2015-09-01] FF SearchPlugin: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ocyaxzdd.default\searchplugins\restore_files_nvjmx.txt [2015-09-01] FF SearchPlugin: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ocyaxzdd.default\searchplugins\restore_files_pvgfh.html [2015-09-02] FF SearchPlugin: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ocyaxzdd.default\searchplugins\restore_files_pvgfh.txt [2015-09-02] FF Extension: Avira Browser Safety - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ocyaxzdd.default\Extensions\abs@avira.com [2014-11-25] FF Extension: {{EXT_NAME}} - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ocyaxzdd.default\Extensions\jid1-CxAfu9DDH0Q8gQ@jetpack [2014-09-25] FF Extension: {{EXT_NAME}} - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ocyaxzdd.default\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474} [2014-09-24] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKU\S-1-5-21-2613110551-1791208473-3936777090-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz FF Extension: WCaptureX - C:\Program Files\WordWeb\WCaptureMoz [2011-09-12] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Profile: C:\Users\home\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Hotword Shared Module) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-04] CHR Extension: (Google Wallet) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-21] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx [2011-09-12] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2014-03-13] (Adobe Systems) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 Update Klip Pal; "C:\Program Files\Klip Pal\updateKlipPal.exe" [X] S4 Util Klip Pal; "C:\Program Files\Klip Pal\bin\utilKlipPal.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 CAMCAUD; C:\Windows\System32\drivers\camcaud.sys [34048 2004-06-25] (Conexant Systems Inc.) R3 CAMCHALA; C:\Windows\System32\drivers\camchal.sys [276480 2004-06-25] (Conexant Systems Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-05] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2595840 2007-03-07] (Intel® Corporation) S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-03] () R3 VSTHWICH; C:\Windows\System32\DRIVERS\VSTICH3.SYS [242176 2009-07-14] (Conexant Systems, Inc.) S3 androidusb; System32\Drivers\androidusb.sys [X] S3 catchme; \??\C:\Users\home\AppData\Local\Temp\catchme.sys [X] S3 cpuz134; \??\C:\Users\home\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] S3 massfilter_hs; \??\C:\Windows\system32\drivers\massfilter_hs.sys [X] S3 zghsat; system32\DRIVERS\zghsat.sys [X] S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X] S3 zghsmdm; system32\DRIVERS\zghsmdm.sys [X] S3 zghsnmea; system32\DRIVERS\zghsnmea.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-05 15:05 - 2015-09-05 15:07 - 00011855 ____C C:\Users\home\Desktop\FRST.txt 2015-09-05 15:05 - 2015-09-05 15:05 - 00000000 ___DC C:\FRST 2015-09-05 15:02 - 2015-09-05 15:02 - 01690624 ____C (Farbar) C:\Users\home\Downloads\FRST.exe 2015-09-05 15:02 - 2015-09-05 15:02 - 01690624 ____C (Farbar) C:\Users\home\Desktop\FRST.exe 2015-09-05 10:48 - 2015-09-05 14:47 - 00000000 ___DC C:\Users\home\Desktop\Desktop (Not Encrypted) 2015-09-05 08:54 - 2015-09-05 10:35 - 00000000 ___DC C:\Users\home\Desktop\Encrypted Files 2015-09-04 17:03 - 2015-09-04 17:03 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software 2015-09-04 13:13 - 2015-09-04 17:12 - 00000000 ___DC C:\Users\home\Desktop\Ziad 2015-09-04 12:14 - 2015-09-04 17:11 - 00000000 ___DC C:\ProgramData\ParetoLogic 2015-09-04 12:14 - 2015-09-04 15:06 - 00000000 ___DC C:\Program Files\ParetoLogic 2015-09-04 12:14 - 2015-09-04 15:06 - 00000000 ____C C:\FileRecovery.log 2015-09-04 10:38 - 2015-09-04 21:16 - 00000000 ___DC C:\Users\home\AppData\Roaming\TeamViewer 2015-09-04 10:38 - 2015-09-04 11:12 - 00000000 ___DC C:\Program Files\TeamViewer 2015-09-04 10:38 - 2015-09-04 10:38 - 00001005 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-09-04 10:38 - 2015-09-04 10:38 - 00000993 ____C C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-09-04 10:29 - 2015-09-04 10:37 - 09445192 ____C (TeamViewer GmbH) C:\Users\home\Downloads\TeamViewer_Setup-jhg.exe 2015-09-03 11:51 - 2015-09-03 11:52 - 04383777 ____C C:\Users\home\Downloads\tdsskiller.zip 2015-09-03 10:56 - 2015-09-04 09:48 - 00000000 _SHDC C:\ProgramData\360Quarant 2015-09-03 10:50 - 2015-09-03 10:50 - 00000000 ___DC C:\Windows\Tasks\360Disabled 2015-09-03 10:47 - 2015-09-03 10:47 - 00000000 ___DC C:\Program Files\360 2015-09-03 10:01 - 2015-09-03 10:01 - 00000000 __SDC C:\ComboFix 2015-09-03 09:27 - 2015-09-03 09:36 - 00000000 ___DC C:\Users\home\AppData\Roaming\www.shadowexplorer.com 2015-09-02 22:52 - 2015-09-02 22:52 - 00000000 ___DC C:\Users\home\AppData\Local\www.shadowexplorer.com 2015-09-02 21:59 - 2015-09-02 21:59 - 00005100 ____C C:\Users\Public\restore_files_pvgfh.html 2015-09-02 21:59 - 2015-09-02 21:59 - 00005100 ____C C:\Users\Public\Downloads\restore_files_pvgfh.html 2015-09-02 21:59 - 2015-09-02 21:59 - 00005100 ____C C:\Users\Public\AppData\restore_files_pvgfh.html 2015-09-02 21:59 - 2015-09-02 21:59 - 00005100 ____C C:\Users\Public\AppData\Local\restore_files_pvgfh.html 2015-09-02 21:59 - 2015-09-02 21:59 - 00005100 ____C C:\Users\home\restore_files_pvgfh.html 2015-09-02 21:59 - 2015-09-02 21:59 - 00005100 ____C C:\Users\home\Desktop\RESTORE_FILES.HTML 2015-09-02 21:59 - 2015-09-02 21:59 - 00002261 ____C C:\Users\Public\restore_files_pvgfh.txt 2015-09-02 21:59 - 2015-09-02 21:59 - 00002261 ____C C:\Users\Public\Downloads\restore_files_pvgfh.txt 2015-09-02 21:59 - 2015-09-02 21:59 - 00002261 ____C C:\Users\Public\AppData\restore_files_pvgfh.txt 2015-09-02 21:59 - 2015-09-02 21:59 - 00002261 ____C C:\Users\Public\AppData\Local\restore_files_pvgfh.txt 2015-09-02 21:59 - 2015-09-02 21:59 - 00002261 ____C C:\Users\home\restore_files_pvgfh.txt 2015-09-02 21:59 - 2015-09-02 21:59 - 00002261 ____C C:\Users\home\Desktop\RESTORE_FILES.TXT 2015-09-02 21:51 - 2015-09-02 21:51 - 00000788 ____C C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk 2015-09-02 21:51 - 2015-09-02 21:51 - 00000740 ____C C:\Users\home\Desktop\Start Tor Browser.lnk 2015-09-02 21:51 - 2015-09-02 21:51 - 00000000 ___DC C:\Users\home\Desktop\Tor Browser 2015-09-02 21:02 - 2015-09-02 21:59 - 00005100 ____C C:\Users\home\Documents\restore_files_pvgfh.html 2015-09-02 21:02 - 2015-09-02 21:59 - 00002261 ____C C:\Users\home\Documents\restore_files_pvgfh.txt 2015-09-02 21:02 - 2015-09-02 21:02 - 00005100 ____C C:\Users\home\Downloads\restore_files_pvgfh.html 2015-09-02 21:02 - 2015-09-02 21:02 - 00002261 ____C C:\Users\home\Downloads\restore_files_pvgfh.txt 2015-09-02 20:52 - 2015-09-02 21:59 - 00005100 ____C C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\restore_files_pvgfh.html 2015-09-02 20:52 - 2015-09-02 21:59 - 00002261 ____C C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\restore_files_pvgfh.txt 2015-09-02 20:52 - 2015-09-02 21:50 - 43791480 ____C C:\Users\home\Downloads\torbrowser-install-5.0.2_en-US.exe 2015-09-02 20:52 - 2015-09-02 20:52 - 00005100 ____C C:\Users\home\AppData\Roaming\restore_files_pvgfh.html 2015-09-02 20:52 - 2015-09-02 20:52 - 00005100 ____C C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\restore_files_pvgfh.html 2015-09-02 20:52 - 2015-09-02 20:52 - 00005100 ____C C:\Users\home\AppData\restore_files_pvgfh.html 2015-09-02 20:52 - 2015-09-02 20:52 - 00002261 ____C C:\Users\home\AppData\Roaming\restore_files_pvgfh.txt 2015-09-02 20:52 - 2015-09-02 20:52 - 00002261 ____C C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\restore_files_pvgfh.txt 2015-09-02 20:52 - 2015-09-02 20:52 - 00002261 ____C C:\Users\home\AppData\restore_files_pvgfh.txt 2015-09-02 20:45 - 2015-09-02 21:59 - 00005100 ____C C:\Users\Public\Documents\restore_files_pvgfh.html 2015-09-02 20:45 - 2015-09-02 21:59 - 00002261 ____C C:\Users\Public\Documents\restore_files_pvgfh.txt 2015-09-02 20:45 - 2015-09-02 21:02 - 00005100 ____C C:\Users\home\AppData\Local\restore_files_pvgfh.html 2015-09-02 20:45 - 2015-09-02 21:02 - 00002261 ____C C:\Users\home\AppData\Local\restore_files_pvgfh.txt 2015-09-02 20:45 - 2015-09-02 20:45 - 00005100 ____C C:\Users\home\AppData\Local\Apps\restore_files_pvgfh.html 2015-09-02 20:45 - 2015-09-02 20:45 - 00005100 ____C C:\ProgramData\restore_files_pvgfh.html 2015-09-02 20:45 - 2015-09-02 20:45 - 00002261 ____C C:\Users\home\AppData\Local\Apps\restore_files_pvgfh.txt 2015-09-02 20:45 - 2015-09-02 20:45 - 00002261 ____C C:\ProgramData\restore_files_pvgfh.txt 2015-09-02 20:44 - 2015-09-02 20:44 - 00000250 ____C C:\Users\home\Documents\Recovery_File_qqsxwsjqu.txt 2015-09-02 20:41 - 2015-09-02 20:41 - 00000250 ____C C:\Users\home\Documents\Recovery_File_hkpsbbwjx.txt 2015-09-01 22:23 - 2015-09-01 22:23 - 00005100 ____C C:\Users\home\AppData\Roaming\restore_files_nvjmx.html 2015-09-01 22:23 - 2015-09-01 22:23 - 00005100 ____C C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\restore_files_nvjmx.html 2015-09-01 22:23 - 2015-09-01 22:23 - 00005100 ____C C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\restore_files_nvjmx.html 2015-09-01 22:23 - 2015-09-01 22:23 - 00005100 ____C C:\Users\home\AppData\restore_files_nvjmx.html 2015-09-01 22:23 - 2015-09-01 22:23 - 00002261 ____C C:\Users\home\AppData\Roaming\restore_files_nvjmx.txt 2015-09-01 22:23 - 2015-09-01 22:23 - 00002261 ____C C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\restore_files_nvjmx.txt 2015-09-01 22:23 - 2015-09-01 22:23 - 00002261 ____C C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\restore_files_nvjmx.txt 2015-09-01 22:23 - 2015-09-01 22:23 - 00002261 ____C C:\Users\home\AppData\restore_files_nvjmx.txt 2015-09-01 22:01 - 2015-09-01 22:21 - 00005100 ____C C:\Users\home\AppData\Local\restore_files_nvjmx.html 2015-09-01 22:01 - 2015-09-01 22:21 - 00002261 ____C C:\Users\home\AppData\Local\restore_files_nvjmx.txt 2015-09-01 22:01 - 2015-09-01 22:01 - 00005100 ____C C:\Users\Public\Documents\restore_files_nvjmx.html 2015-09-01 22:01 - 2015-09-01 22:01 - 00005100 ____C C:\Users\home\AppData\Local\Apps\restore_files_nvjmx.html 2015-09-01 22:01 - 2015-09-01 22:01 - 00005100 ____C C:\ProgramData\restore_files_nvjmx.html 2015-09-01 22:01 - 2015-09-01 22:01 - 00002261 ____C C:\Users\Public\Documents\restore_files_nvjmx.txt 2015-09-01 22:01 - 2015-09-01 22:01 - 00002261 ____C C:\Users\home\AppData\Local\Apps\restore_files_nvjmx.txt 2015-09-01 22:01 - 2015-09-01 22:01 - 00002261 ____C C:\ProgramData\restore_files_nvjmx.txt 2015-09-01 22:01 - 2015-09-01 22:01 - 00000250 ____C C:\Users\home\Documents\Recovery_File_gfeuvfnek.txt 2015-08-31 19:40 - 2015-09-02 21:02 - 00000000 __RDC C:\Users\home\Documents\Notes ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-05 15:07 - 2015-03-10 02:16 - 00098520 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-05 15:04 - 2015-01-08 03:56 - 00000886 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-05 15:04 - 2009-07-14 07:34 - 00017168 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-05 15:04 - 2009-07-14 07:34 - 00017168 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-05 13:34 - 2011-01-21 07:04 - 02027164 ____C C:\Windows\WindowsUpdate.log 2015-09-05 10:25 - 2011-01-20 21:07 - 00000000 ___DC C:\Users\home 2015-09-05 09:36 - 2011-01-20 21:14 - 00726316 ____C C:\Windows\system32\PerfStringBackup.INI 2015-09-05 09:32 - 2015-03-05 20:20 - 00015908 ____C C:\Windows\setupact.log 2015-09-05 09:04 - 2011-09-13 10:22 - 00000000 ___DC C:\Users\home\Desktop\COMMUNICATIONS 2015-09-05 08:37 - 2015-01-08 03:56 - 00000882 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-05 08:36 - 2009-07-14 07:53 - 00000006 ___HC C:\Windows\Tasks\SA.DAT 2015-09-04 14:59 - 2009-07-14 07:33 - 00460912 ____C C:\Windows\system32\FNTCACHE.DAT 2015-09-04 14:58 - 2014-09-19 07:56 - 00766470 ____C C:\Windows\PFRO.log 2015-09-04 14:58 - 2013-05-13 17:13 - 00000000 ___DC C:\Program Files\Google 2015-09-04 11:32 - 2013-05-13 17:13 - 00000000 ___DC C:\Users\home\AppData\Local\Google 2015-09-04 10:58 - 2015-07-31 20:11 - 00000000 ___DC C:\Program Files\Common Files\AV 2015-09-04 10:50 - 2011-01-20 21:26 - 00142136 ____C C:\Users\home\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-04 08:15 - 2014-09-24 00:01 - 00002115 ____C C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2015-09-03 21:22 - 2015-03-26 15:20 - 00000000 ___DC C:\Users\home\AppData\Local\CrashDumps 2015-09-03 20:06 - 2014-09-04 22:28 - 00001251 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2015-09-03 20:06 - 2014-09-04 22:27 - 00001320 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2015-09-03 20:06 - 2014-09-04 22:25 - 00001404 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-09-03 20:06 - 2014-09-04 22:24 - 00002432 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2015-09-03 11:49 - 2015-03-10 02:17 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy 2015-09-03 11:20 - 2015-03-10 02:17 - 00000000 ___DC C:\Program Files\Spybot - Search & Destroy 2 2015-09-03 11:11 - 2015-03-05 04:46 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair 2015-09-03 11:11 - 2014-01-31 06:17 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO 2015-09-03 11:11 - 2012-04-17 19:21 - 00000000 ___DC C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KXTD1232 2015-09-03 11:04 - 2009-07-14 05:37 - 00000000 __HDC C:\Windows\system32\GroupPolicy 2015-09-03 10:57 - 2015-03-18 16:54 - 00000000 ___DC C:\Users\home\AppData\Roaming\RssBandit 2015-09-03 10:57 - 2014-03-11 22:13 - 00000000 ___DC C:\ProgramData\TEMP 2015-09-03 10:57 - 2011-09-12 15:09 - 00000000 ___DC C:\Program Files\WordWeb 2015-09-03 10:56 - 2014-09-03 19:58 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Service Manager 2015-09-03 10:56 - 2014-09-03 19:58 - 00000000 ___DC C:\Program Files\Driver Service Manager 2015-09-03 10:30 - 2015-03-10 01:06 - 00035064 ____C C:\Windows\system32\Drivers\TrueSight.sys 2015-09-03 10:01 - 2015-03-10 02:19 - 00000000 ___DC C:\Qoobox 2015-09-02 21:59 - 2014-03-13 15:21 - 00000000 ___DC C:\Users\Public\Documents\Adobe PDF 2015-09-02 21:59 - 2011-01-20 21:52 - 00000000 ___DC C:\Users\home\Tracing 2015-09-02 21:59 - 2009-07-14 10:48 - 00000000 __RDC C:\Users\Public\Recorded TV 2015-09-02 21:59 - 2009-07-14 05:37 - 00000000 _RHDC C:\Users\Public\Libraries 2015-09-02 21:59 - 2009-07-14 05:37 - 00000000 __RDC C:\Users\Public 2015-09-02 21:02 - 2015-08-04 20:03 - 00178958 ____C C:\Users\home\Downloads\IMG-20150804-WA0002.jpg.abc 2015-09-02 21:02 - 2015-08-04 20:03 - 00130782 ____C C:\Users\home\Downloads\IMG-20150804-WA0003.jpg.abc 2015-09-02 21:02 - 2015-08-04 20:02 - 00120750 ____C C:\Users\home\Downloads\IMG-20150804-WA0001.jpg.abc 2015-09-02 21:02 - 2015-08-04 20:01 - 00119342 ____C C:\Users\home\Downloads\IMG-20150804-WA0000.jpg.abc 2015-09-02 21:02 - 2015-03-05 22:30 - 00000000 ___DC C:\Users\home\Documents\My Weblog Posts 2015-09-02 21:02 - 2014-09-24 07:07 - 00000000 ___DC C:\Users\home\Documents\TurboTax 2015-09-02 20:52 - 2015-03-18 16:55 - 00000000 ___DC C:\Users\home\AppData\Local\RssBandit 2015-09-02 20:52 - 2015-03-05 22:30 - 00000000 ___DC C:\Users\home\AppData\Roaming\Windows Live Writer 2015-09-02 20:52 - 2015-03-05 22:30 - 00000000 ___DC C:\Users\home\AppData\Local\Windows Live Writer 2015-09-02 20:52 - 2015-03-05 20:38 - 00000000 ___DC C:\Users\home\AppData\Roaming\QuickScan 2015-09-02 20:52 - 2015-01-08 04:00 - 00000000 ___DC C:\Users\home\AppData\Roaming\Google 2015-09-02 20:52 - 2014-09-24 03:51 - 00000000 ___DC C:\Users\home\AppData\Roaming\Intuit Canada 2015-09-02 20:52 - 2014-09-05 22:56 - 00000000 ___DC C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JGArcadeApp 2015-09-02 20:52 - 2014-09-04 22:16 - 00000000 ___DC C:\Users\home\AppData\Local\Windows Live 2015-09-02 20:52 - 2014-09-04 21:51 - 00000000 ___DC C:\Users\home\AppData\Roaming\Oracle 2015-09-02 20:52 - 2014-09-03 20:01 - 00000000 ___DC C:\Users\home\AppData\Local\Torch 2015-09-02 20:52 - 2014-09-03 19:38 - 00000000 ___DC C:\Users\home\AppData\Roaming\JGArcadeApp 2015-09-02 20:52 - 2014-08-19 12:13 - 00000000 ___DC C:\Users\home\AppData\Local\UpdateChecker 2015-09-02 20:52 - 2014-08-19 12:12 - 00000000 ___DC C:\Users\home\AppData\Roaming\Apple Computer 2015-09-02 20:52 - 2014-03-14 21:09 - 00000000 ___DC C:\Users\home\AppData\Roaming\rmi 2015-09-02 20:52 - 2014-03-14 06:44 - 00000000 ___DC C:\Users\home\AppData\Roaming\TuneUp Software 2015-09-02 20:52 - 2014-03-13 03:57 - 00000000 ___DC C:\Users\home\AppData\Roaming\Systweak 2015-09-02 20:52 - 2014-01-31 04:12 - 00000000 ___DC C:\Users\home\AppData\Roaming\FreeBurner 2015-09-02 20:52 - 2013-11-08 17:24 - 00000000 ___DC C:\Users\home\AppData\Roaming\Opera 2015-09-02 20:52 - 2013-11-08 17:24 - 00000000 ___DC C:\Users\home\AppData\Local\Opera 2015-09-02 20:52 - 2013-11-08 16:08 - 00000000 ___DC C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AUTOREUSSITE Français 2015-09-02 20:52 - 2013-11-07 18:38 - 00000000 ___DC C:\Users\home\AppData\Roaming\Opera Software 2015-09-02 20:52 - 2013-11-07 18:38 - 00000000 ___DC C:\Users\home\AppData\Local\Opera Software 2015-09-02 20:52 - 2013-08-07 18:02 - 00000000 ___DC C:\Users\home\AppData\Roaming\2monkeys 2015-09-02 20:52 - 2013-05-13 17:20 - 00000000 ___DC C:\Users\home\AppData\Local\Real 2015-09-02 20:52 - 2013-04-19 11:58 - 00000000 ___DC C:\Users\home\AppData\Local\PlayFree Browser 2015-09-02 20:52 - 2013-04-04 22:09 - 00000000 ___DC C:\Users\home\AppData\Roaming\Mermaid 2015-09-02 20:52 - 2012-04-20 21:09 - 00000000 ___DC C:\Users\home\AppData\Roaming\Rovio 2015-09-02 20:52 - 2011-11-16 19:51 - 00000000 ___DC C:\Users\home\AppData\Roaming\WinRAR 2015-09-02 20:52 - 2011-11-16 19:51 - 00000000 ___DC C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-09-02 20:52 - 2011-01-28 21:23 - 00000000 ___DC C:\Users\home\AppData\Roaming\Ahead 2015-09-02 20:52 - 2011-01-21 00:45 - 00000000 ___DC C:\Users\home\AppData\Roaming\Media Player Classic 2015-09-02 20:52 - 2011-01-20 22:06 - 00000000 ___DC C:\Users\home\AppData\Roaming\Macromedia 2015-09-02 20:52 - 2011-01-20 22:06 - 00000000 ___DC C:\Users\home\AppData\Roaming\Adobe 2015-09-02 20:52 - 2011-01-20 21:49 - 00000000 ___DC C:\Users\home\AppData\Roaming\Real 2015-09-02 20:52 - 2011-01-20 21:14 - 00000000 ___DC C:\Users\home\AppData\Roaming\Mozilla 2015-09-02 20:52 - 2011-01-20 21:07 - 00000000 __RDC C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-09-02 20:52 - 2011-01-20 21:07 - 00000000 __RDC C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-09-02 20:52 - 2011-01-20 21:07 - 00000000 ___DC C:\Users\home\AppData\Local\VirtualStore 2015-09-02 20:51 - 2013-04-19 11:54 - 00000000 ___DC C:\Users\home\AppData\Local\MPCBrowser 2015-09-02 20:51 - 2011-01-28 21:32 - 00000000 ___DC C:\Users\home\AppData\Local\Microsoft Games 2015-09-02 20:51 - 2011-01-28 21:09 - 00000000 ___DC C:\Users\home\AppData\Local\Microsoft Help 2015-09-02 20:51 - 2011-01-20 21:14 - 00000000 ___DC C:\Users\home\AppData\Local\Mozilla 2015-09-02 20:45 - 2015-07-17 21:28 - 00000000 ___DC C:\ProgramData\DivoGames 2015-09-02 20:45 - 2015-03-10 02:15 - 00000000 ___DC C:\ProgramData\Malwarebytes 2015-09-02 20:45 - 2015-03-10 01:06 - 00000000 ___DC C:\ProgramData\RogueKiller 2015-09-02 20:45 - 2014-09-24 03:49 - 00000000 ___DC C:\ProgramData\Intuit Canada 2015-09-02 20:45 - 2014-09-06 09:29 - 00000000 ___DC C:\ProgramData\McAfee 2015-09-02 20:45 - 2014-08-19 12:14 - 00000000 ___DC C:\Users\home\AppData\Local\globalUpdate 2015-09-02 20:45 - 2014-08-19 12:12 - 00000000 ___DC C:\ProgramData\Systweak 2015-09-02 20:45 - 2014-07-04 20:56 - 00000000 ___DC C:\ProgramData\Oracle 2015-09-02 20:45 - 2014-03-14 06:43 - 00000000 _SHDC C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-09-02 20:45 - 2014-03-14 06:43 - 00000000 ___DC C:\ProgramData\TuneUp Software 2015-09-02 20:45 - 2014-03-13 15:28 - 00000000 ___DC C:\ProgramData\Adobe Systems 2015-09-02 20:45 - 2014-02-05 20:28 - 00000000 ___DC C:\Users\home\AppData\Local\Apps\2.0 2015-09-02 20:45 - 2013-11-07 05:58 - 00000000 ___DC C:\Users\home\.android 2015-09-02 20:45 - 2013-07-15 20:40 - 00000000 ___DC C:\Users\home\AppData\Local\IAC 2015-09-02 20:45 - 2013-07-15 19:57 - 00000000 ___DC C:\ProgramData\Sun 2015-09-02 20:45 - 2013-05-13 17:20 - 00000000 ___DC C:\ProgramData\Google 2015-09-02 20:45 - 2013-04-14 12:11 - 00000000 ___DC C:\ProgramData\Awem 2015-09-02 20:45 - 2013-04-08 12:11 - 00000000 ___DC C:\ProgramData\Playrix Entertainment 2015-09-02 20:45 - 2013-04-08 11:55 - 00000000 ___DC C:\Users\home\AppData\Local\EleFun Games 2015-09-02 20:45 - 2013-04-04 21:11 - 00000000 ___DC C:\Users\home\AppData\Local\AquaFish 2 2015-09-02 20:45 - 2012-06-03 16:25 - 00000000 ___DC C:\Users\home\AppData\Local\BlueStacks 2015-09-02 20:45 - 2011-09-10 22:58 - 00000000 ___DC C:\Users\home\AppData\Local\Adobe 2015-09-02 20:45 - 2011-09-10 22:53 - 00000000 ___DC C:\ProgramData\Adobe 2015-09-02 20:45 - 2011-01-28 21:28 - 00000000 ___DC C:\Users\home\AppData\Local\Ahead 2015-09-02 20:45 - 2011-01-20 21:49 - 00000000 ___DC C:\ProgramData\Real 2015-09-02 20:44 - 2015-03-10 02:49 - 00000000 ___DC C:\dbf25d7c721cf997f1b4cd21 2015-09-02 20:44 - 2014-09-19 20:36 - 00000000 ___DC C:\49150a3f-50bb-4e3f-a96d-1c7b8d819ab1 2015-09-02 20:44 - 2014-06-02 10:36 - 00000000 ___DC C:\BaseFlash 2015-09-02 20:44 - 2012-01-03 20:08 - 00000000 ___DC C:\UsbMac 2015-09-02 20:44 - 2011-01-20 23:10 - 00000000 ___DC C:\Intel ==================== Files in the root of some directories ======= 2011-09-10 22:50 - 2008-09-20 11:40 - 1492048 ____C (Softland ) C:\Program Files\dopdf.exe 2015-09-01 22:23 - 2015-09-01 22:23 - 0005100 ____C () C:\Users\home\AppData\Roaming\restore_files_nvjmx.html 2015-09-01 22:23 - 2015-09-01 22:23 - 0002261 ____C () C:\Users\home\AppData\Roaming\restore_files_nvjmx.txt 2015-09-02 20:52 - 2015-09-02 20:52 - 0005100 ____C () C:\Users\home\AppData\Roaming\restore_files_pvgfh.html 2015-09-02 20:52 - 2015-09-02 20:52 - 0002261 ____C () C:\Users\home\AppData\Roaming\restore_files_pvgfh.txt 2014-09-19 03:48 - 2014-09-19 03:48 - 0000046 ____C () C:\Users\home\AppData\Roaming\WB.CFG 2013-09-13 11:05 - 2013-09-13 11:05 - 0005120 ____C () C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-08-30 16:39 - 2013-08-30 16:39 - 0007605 ____C () C:\Users\home\AppData\Local\Resmon.ResmonCfg 2015-09-01 22:01 - 2015-09-01 22:21 - 0005100 ____C () C:\Users\home\AppData\Local\restore_files_nvjmx.html 2015-09-01 22:01 - 2015-09-01 22:21 - 0002261 ____C () C:\Users\home\AppData\Local\restore_files_nvjmx.txt 2015-09-02 20:45 - 2015-09-02 21:02 - 0005100 ____C () C:\Users\home\AppData\Local\restore_files_pvgfh.html 2015-09-02 20:45 - 2015-09-02 21:02 - 0002261 ____C () C:\Users\home\AppData\Local\restore_files_pvgfh.txt 2015-09-01 22:01 - 2015-09-01 22:01 - 0005100 ____C () C:\ProgramData\restore_files_nvjmx.html 2015-09-01 22:01 - 2015-09-01 22:01 - 0002261 ____C () C:\ProgramData\restore_files_nvjmx.txt 2015-09-02 20:45 - 2015-09-02 20:45 - 0005100 ____C () C:\ProgramData\restore_files_pvgfh.html 2015-09-02 20:45 - 2015-09-02 20:45 - 0002261 ____C () C:\ProgramData\restore_files_pvgfh.txt ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-03 14:51 ==================== End of FRST.txt ============================