Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2341886027-534968240-3223439117-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(3)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(3)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\babylon setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\babylon setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(3)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(3)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS
# AdwCleaner v3.018 - Report created 11/02/2014 at 19:25:27
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Median - MEDIAN-PC
# Running from : C:\Users\Median\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\SpeedMaxPc
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\alotappbar
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Users\Median\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Median\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Median\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Median\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Median\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Median\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Median\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Median\AppData\Roaming\SpeedMaxPc
Folder Deleted : C:\Users\Median\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
File Deleted : C:\END
File Deleted : C:\Users\Median\AppData\Local\funmoods.crx
File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\BrowserMngr_extensions.sqlite
File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\browsermngr_prefs.js
File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\invalidprefs.js
File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\searchplugins\BabylonMngr.xml
File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\searchplugins\delta.xml
File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Windows\Tasks\digitalsite.job
File Deleted : C:\Windows\System32\Tasks\digitalsite
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PricePeepInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PricePeepInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedmaxpc_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedmaxpc_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKCU\Software\596da8ab76fbf41
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SpeedMaxPC
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
-\\ Mozilla Firefox v27.0 (en-US)
[ File : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\prefs.js ]
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www1.delta-search.com/?affID=119969&babsrc=HP_ss&mntrId=204C8C89A5C73C5F");
Line Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=113959&tt=270912_7a_3912_2");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "2");
Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "GB");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "0");
Line Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "7C5A90EE9087405FECE1F41527073C05");
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "204c3cc00000000000008c89a5c73c5f");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15613");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1212:42:39");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"29\",\"lastVrsn\":\"29\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0}");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.sg", "tzb");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=204c3cc00000000000008c89a5c73c5f&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1212:42:39");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113959&tt=270912_7a_3912_2");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1212:42:39");
Line Deleted : user_pref("extensions.crossrider.bic", "1393ff441e166e910a876a72aa8ae905");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "15");
Line Deleted : user_pref("extensions.delta.cntry", "GB");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.hdrMd5", "23D97EF1DE6F051EA8C01BD562771A76");
Line Deleted : user_pref("extensions.delta.id", "204c3cc00000000000008c89a5c73c5f");
Line Deleted : user_pref("extensions.delta.instlDay", "15809");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.16.1616:27:29");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "azb");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1616:27:29");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Line Deleted : user_pref("extensions.funmoods.aflt", "axl");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.cntry", "GB");
Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hdrMd5", "6504E3EA57CF75BE2461A766FB1C826E");
Line Deleted : user_pref("extensions.funmoods.hmpg", false);
Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0CyBtA0CyD0FtA0C0CtDtN0D0Tzu0CtByCyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1525193387");
Line Deleted : user_pref("extensions.funmoods.id", "8C89A5C73C5F3CC0");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15603");
Line Deleted : user_pref("extensions.funmoods.instlRef", "axl");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:12:15");
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.newTab", false);
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0CyBtA0CyD0FtA0C0CtDtN0D0Tzu0CtByCyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1525193387");
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.sg", "none");
Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0CyBtA0CyD0FtA0C0CtDtN0D0Tzu0CtByCyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1525193387&[...]
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:12:15");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods_i.newTab", false);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:12:15");
Line Deleted : user_pref("extensions.incredibar.admin", false);
Line Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar.cntry", "GB");
Line Deleted : user_pref("extensions.incredibar.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Line Deleted : user_pref("extensions.incredibar.did", "10657");
Line Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Line Deleted : user_pref("extensions.incredibar.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar.hdrMd5", "45FF9E03949847C9942DF0BE714F1FC8");
Line Deleted : user_pref("extensions.incredibar.hmpg", false);
Line Deleted : user_pref("extensions.incredibar.id", "204c3cc00000000000008c89a5c73c5f");
Line Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar.instlDay", "15585");
Line Deleted : user_pref("extensions.incredibar.instlRef", "");
Line Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1410:46:35");
Line Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Line Deleted : user_pref("extensions.incredibar.newTab", false);
Line Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.incredibar.ppd", "");
Line Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar.productid", "26");
Line Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar.sg", "none");
Line Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQIpAMZ4m&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar.upn2", "6PQIpAMZ4m");
Line Deleted : user_pref("extensions.incredibar.upn2n", "92543511279242914");
Line Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1410:46:35");
Line Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar_i.did", "10657");
Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar_i.id", "204c3cc00000000000008c89a5c73c5f");
Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15585");
Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
Line Deleted : user_pref("extensions.incredibar_i.ppd", "");
Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQIpAMZ4m&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar_i.upn2", "6PQIpAMZ4m");
Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92543511279242914");
Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1410:46:35");
Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_upn2", "6PQIpAMZ4m");
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"h[...]
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_installer_name", "sg_6PQIpAMZ4m_active_MB131_MB132_UA-25323614-7_2012-09-02-10-46-30");
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_temp_installer_name", "sg_6PQIpAMZ4m_active_MB131_MB132_UA-25323614-7_2012-09-02-10-46-30");
-\\ Google Chrome v32.0.1700.107
[ File : C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [27669 octets] - [11/02/2014 19:23:13]
AdwCleaner[S0].txt - [26938 octets] - [11/02/2014 19:25:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26999 octets] ##########
Malwarebytes
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 18/05/2014
Scan Time: 10:07:38
Logfile:
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.18.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Median
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378788
Time Elapsed: 13 min, 32 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.SNBoost.A, HKLM\SOFTWARE\WOW6432NODE\SN.Booster, Quarantined, [bd1dc58dd0abc76f0d05216732d06799],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-2341886027-534968240-3223439117-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [8456d1817902ed495da9d8dbb54e827e],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.WeatherAlerts, C:\Users\Median\AppData\Local\WeatherAlerts, Quarantined, [a535dc76255692a461473241f012837d],
Files: 29
PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{1767583D-4281-4281-A06A-0AA3CC847ACB}\Custom.dll, Quarantined, [f1e91a3816651a1c1f21034007f9768a],
PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{8671745B-5916-490B-ABE0-11345D9256AD}\Custom.dll, Quarantined, [4b8f6fe363186dc9ae92c67def11f907],
PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{8D9BA670-FE09-458E-A765-B62B56788486}\Custom.dll, Quarantined, [0bcf6ae8d3a85fd7320e241fe51bb24e],
PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{B97F73F3-38C2-4370-A19B-70E0629C5105}\Custom.dll, Quarantined, [9c3e1b3792e9fe38b48c53f0e51b649c],
PUP.Optional.Somoto, C:\Users\Median\Downloads\MouseMonitor_downloader_by_MyFavoriteGadgets.exe, Quarantined, [00dab59d403bd85ef8a13837d430ec14],
PUP.Optional.Bandoo, C:\Users\Median\Downloads\iLividSetupV1(2).exe, Quarantined, [bd1d1a387cffac8a84d119f0f11055ab],
PUP.Optional.Bandoo, C:\Users\Median\Downloads\iLividSetupV1(3).exe, Quarantined, [17c3064cc8b336003e174cbdb64bbf41],
PUP.Optional.Bandoo, C:\Users\Median\Downloads\iLividSetupV1.exe, Quarantined, [716951017b00a6903d18ea1fcd34c13f],
PUP.Optional.Bandoo, C:\Users\Median\Downloads\iLividSetupV1(1).exe, Quarantined, [cc0ee76b3744a59185d030d908f9e11f],
PUP.Bundle.Installer.OI, C:\Users\Median\Downloads\downloadmanager_Setup.exe, Quarantined, [f2e8163cc7b4d0668a8ef1a6c43cad53],
PUP.Optional.Bandoo, C:\Users\Median\Downloads\iLividSetup-r1139-n-bc.exe, Quarantined, [f6e47ed462190432441115f45ea3b848],
PUP.Optional.ToolBarInstaller.A, C:\Users\Median\Downloads\cpu-z_1.62-setup-en.exe, Quarantined, [697192c004774cea6a48b073bf4506fa],
PUP.Optional.SweetIM, C:\Users\Median\Downloads\pacman_mp_pgr.exe, Quarantined, [8e4cca887a0167cf7f73d8971be9d42c],
PUP.Optional.InstallCore.A, C:\Users\Median\Downloads\ZipExtractorSetup(1).exe, Quarantined, [6971fb571e5de551ecf1f736ee13c43c],
PUP.Optional.InstallCore.A, C:\Users\Median\Downloads\ZipExtractorSetup(2).exe, Quarantined, [defc57fb8deeda5cf2eb1716bf42c43c],
PUP.Optional.InstallCore.A, C:\Users\Median\Downloads\ZipExtractorSetup.exe, Quarantined, [f7e38ec46d0ea2941bc2aa8315ec3dc3],
PUP.Optional.ArcadeFrontier.A, C:\Users\Median\Downloads\ArcadeFrontierGames.exe, Quarantined, [ebef4d055f1cbb7b96632c2c2ad716ea],
PUP.Bundle.Installer.OI, C:\Users\Median\Downloads\Setup (1).exe, Quarantined, [eeec3f1396e573c3d1472a6d0cf448b8],
PUP.BundleInstaller.OI, C:\Users\Median\Downloads\Setup.exe, Quarantined, [f1e9a7ab39420b2b314c4e66867a1de3],
PUP.Optional.Softonic.A, C:\Users\Median\Downloads\SoftonicDownloader_for_hattrick-organizer.exe, Quarantined, [f1e993bf82f9c571c6eee639d0314ab6],
PUP.Optional.LiveSoftAction.A, C:\Users\Median\Downloads\Minecraft provided through GetNow.exe, Quarantined, [d6044210e09b48ee54b751ca946dca36],
PUP.Optional.InstalleRex, C:\Users\Median\Downloads\minecraftdl_16326 (1).exe, Quarantined, [8456d67c7cff3303083c2155f90810f0],
PUP.Optional.InstalleRex, C:\Users\Median\Downloads\minecraftdl_16326(1).exe, Quarantined, [bc1e0052ef8cc76feb59ccaa7d8425db],
PUP.Optional.InstalleRex, C:\Users\Median\Downloads\minecraftdl_16326.exe, Quarantined, [11c9d082b7c47eb871d32c4ac839ff01],
PUP.Optional.OptimumInstaller.A, C:\Users\Median\Downloads\Free_Download_Manager_Setup (1).exe, Quarantined, [51890250d1aaba7c480ebe8f6a97e719],
PUP.Optional.OptimumInstaller.A, C:\Users\Median\Downloads\Free_Download_Manager_Setup.exe, Quarantined, [06d4de747b009b9bb0a6fa53fb065fa1],
PUP.Optional.OptimumInstaller.A, C:\Users\Median\Downloads\Updater_Setup.exe, Quarantined, [89511b37710a171f7ed89bb2d42dc53b],
PUP.Optional.Superfish.A, C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [9842133fd4a76dc9a26bee96aa586e92],
PUP.Optional.Superfish.A, C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [d109ec66dc9f25119b728df741c1db25],
Physical Sectors: 0
(No malicious items detected)
(end)
FRST 2
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Median (administrator) on MEDIAN-PC on 18-05-2014 10:16:17
Running from C:\Users\Median\Desktop\Games\Farbar
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AdFender, Inc.) C:\Program Files (x86)\AdFender\AdFender.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\Median\Desktop\Games\Farbar\Farbar.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-02-26] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Median\AppData\Local\Roblox\Versions\version-6cfc785e896545ae\\NPRobloxProxy.dll ( ROBLOX Corporation)
Chrome:
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-07]
CHR Extension: (Google Drive) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07]
CHR Extension: (YouTube) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-07]
CHR Extension: (Google Search) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-07]
CHR Extension: (Google Wallet) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-07]
CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2014-05-07]
==================== Services (Whitelisted) =================
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-10] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-18 09:53 - 2014-05-18 10:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 09:53 - 2014-05-18 09:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 09:53 - 2014-05-18 09:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-18 09:53 - 2014-05-18 09:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 09:53 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-18 09:53 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-18 09:53 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-18 09:51 - 2014-05-18 09:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Median\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-18 09:50 - 2014-05-18 09:50 - 00006728 _____ () C:\Users\Median\Desktop\AdwCleaner[S1].txt
2014-05-18 09:46 - 2014-05-18 09:46 - 264417340 _____ () C:\Users\Median\Desktop\backup.reg
2014-05-18 09:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-18 09:40 - 2014-05-18 09:40 - 01325827 _____ () C:\Users\Median\Desktop\AdwCleaner.exe
2014-05-18 09:38 - 2014-05-18 09:38 - 00003669 _____ () C:\Users\Median\Desktop\JRT.txt
2014-05-18 09:34 - 2014-05-18 09:34 - 01016261 _____ (Thisisu) C:\Users\Median\Desktop\JRT.exe
2014-05-18 09:34 - 2014-05-18 09:34 - 00000000 ____D () C:\Windows\ERUNT
2014-05-17 09:20 - 2014-05-18 10:16 - 00000000 ____D () C:\FRST
2014-05-15 17:47 - 2014-05-15 17:47 - 00000000 ____H () C:\Users\Median\Documents\Default.rdp
2014-05-14 18:27 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 18:27 - 2014-05-06 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 18:27 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 18:27 - 2014-05-06 04:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 18:27 - 2014-05-06 04:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 18:27 - 2014-05-06 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 18:14 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 18:14 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 18:14 - 2014-04-12 03:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 18:14 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 18:14 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 18:14 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 18:14 - 2014-03-04 10:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 18:14 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 18:14 - 2014-03-04 10:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 18:14 - 2014-03-04 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 18:14 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 18:14 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 18:14 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 18:14 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 18:13 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 18:13 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 18:13 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 18:13 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 18:13 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 18:13 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 18:13 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 18:13 - 2014-04-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 18:13 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 18:13 - 2014-03-04 10:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 18:13 - 2014-03-04 10:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 18:13 - 2014-03-04 10:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 18:13 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 18:13 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 18:13 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 18:13 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 18:13 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 18:13 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 18:13 - 2014-03-04 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 18:13 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 18:13 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 18:13 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 18:13 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 18:13 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 18:13 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 18:13 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 18:13 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 18:13 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 18:13 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 18:13 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 18:13 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-11 11:22 - 2014-05-11 11:22 - 02525416 _____ () C:\Users\Median\Downloads\EJM Ultimate Resource Pack.zip
2014-05-11 11:21 - 2014-05-11 11:22 - 10966842 _____ () C:\Users\Median\Downloads\Epic Jump Map Ultimate Fix.zip
2014-05-11 11:12 - 2014-05-11 11:13 - 13968067 _____ () C:\Users\Median\Downloads\Little Timmys Birthday Adventure.zip
2014-05-11 10:53 - 2014-05-11 10:53 - 02721096 _____ () C:\Users\Median\Downloads\Abducted by the Taco.zip
2014-05-11 10:36 - 2014-05-11 10:37 - 16466175 _____ () C:\Users\Median\Downloads\The Lost Potato by ICrafting_ v1.2.5.zip
2014-05-10 18:13 - 2014-05-14 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 18:03 - 2014-05-10 18:04 - 08530545 _____ () C:\Users\Median\Downloads\The Evil Doctors Castle.zip
2014-05-07 19:07 - 2014-05-07 19:07 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-07 19:07 - 2014-05-07 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-07 19:06 - 2014-05-18 10:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 19:06 - 2014-05-18 09:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 19:06 - 2014-05-18 09:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 19:06 - 2014-05-18 09:43 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 19:06 - 2014-05-07 19:06 - 00884712 _____ (Google Inc.) C:\Users\Median\Downloads\ChromeSetup(1).exe
2014-05-07 19:05 - 2014-05-07 19:05 - 00884712 _____ (Google Inc.) C:\Users\Median\Downloads\ChromeSetup.exe
2014-05-07 19:01 - 2014-05-07 19:01 - 00000000 __SHD () C:\Users\Median\AppData\Local\EmieUserList
2014-05-07 19:01 - 2014-05-07 19:01 - 00000000 __SHD () C:\Users\Median\AppData\Local\EmieSiteList
2014-05-07 18:52 - 2014-05-07 18:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-07 18:52 - 2014-05-07 18:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-07 18:52 - 2014-05-07 18:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-07 18:52 - 2014-05-07 18:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-07 18:51 - 2014-05-07 18:52 - 30818216 _____ (Oracle Corporation) C:\Users\Median\Downloads\jre-7u55-windows-x64.exe
2014-05-06 10:06 - 2014-05-14 18:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 19:07 - 2014-05-05 19:07 - 00003186 _____ () C:\Windows\System32\Tasks\{2993FA29-010B-49C0-A484-CE35B488583F}
2014-05-05 19:06 - 2014-05-05 19:06 - 01599241 _____ () C:\Users\Median\Downloads\fml-1.7.2-7.2.171.894-installer-win.exe
2014-05-04 15:15 - 2014-05-04 15:15 - 02269863 _____ () C:\Users\Median\Downloads\forge-1.6.4-9.11.1.965-installer.jar
2014-05-04 14:51 - 2014-05-04 14:51 - 00000000 ____D () C:\Users\Median\AppData\Roaming\FML
2014-05-04 14:48 - 2014-05-04 14:48 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787 (2).jar
2014-05-04 14:47 - 2014-05-04 14:47 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787 (1).jar
2014-05-04 14:46 - 2014-05-04 14:46 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787.jar
2014-05-04 14:41 - 2014-05-04 14:41 - 00000000 ____D () C:\Users\Median\AppData\Local\Packages
2014-05-04 14:40 - 2014-05-18 09:30 - 00000000 ____D () C:\ProgramData\MiniApp
2014-05-04 14:40 - 2014-05-11 10:44 - 00000000 ____D () C:\ProgramData\504c2cf8db11ac3b
2014-05-04 14:40 - 2014-05-04 14:53 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Google
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Google
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator
2014-04-29 21:15 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 21:15 - 2014-03-06 09:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 21:15 - 2014-03-06 09:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 21:15 - 2014-03-06 09:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 21:15 - 2014-03-06 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 21:15 - 2014-03-06 09:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 21:15 - 2014-03-06 09:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 21:15 - 2014-03-06 09:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 21:15 - 2014-03-06 09:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 21:15 - 2014-03-06 09:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 21:15 - 2014-03-06 09:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 21:15 - 2014-03-06 09:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 21:15 - 2014-03-06 09:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 21:15 - 2014-03-06 09:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 21:15 - 2014-03-06 09:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 21:15 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-29 21:15 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-29 21:15 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-29 21:15 - 2014-03-06 08:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 21:15 - 2014-03-06 08:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 21:15 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-29 21:15 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-29 21:15 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-29 21:15 - 2014-03-06 08:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 21:15 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-29 21:15 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-29 21:15 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-29 21:15 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-29 21:15 - 2014-03-06 08:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 21:15 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-29 21:15 - 2014-03-06 08:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 21:15 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-29 21:15 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-29 21:15 - 2014-03-06 07:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 21:15 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-29 21:15 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-29 21:15 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-29 21:15 - 2014-03-06 07:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 21:15 - 2014-03-06 06:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-29 21:15 - 2014-03-06 06:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 21:15 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-29 21:15 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-29 21:15 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-29 21:14 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-27 12:17 - 2014-04-27 12:19 - 00000000 ____D () C:\Users\Median\Downloads\Instances
2014-04-27 12:17 - 2014-04-27 12:18 - 00000000 ____D () C:\Users\Median\Downloads\Configs
2014-04-27 12:17 - 2014-04-27 12:17 - 00778192 _____ () C:\Users\Median\Downloads\ATLauncher (1).exe
2014-04-27 12:17 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Servers
2014-04-27 12:17 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Backups
2014-04-27 12:14 - 2014-05-10 17:54 - 00000000 ____D () C:\Users\Median\Downloads\authlib
2014-04-27 12:14 - 2014-04-27 12:14 - 00000000 _____ () C:\Users\Median\Downloads\FTBOSSent1.3.8.txt
2014-04-26 20:36 - 2014-04-26 20:36 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-26 20:36 - 2014-04-26 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-26 20:36 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-26 20:36 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-26 20:36 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-26 20:36 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
==================== One Month Modified Files and Folders =======
2014-05-18 10:16 - 2014-05-17 09:20 - 00000000 ____D () C:\FRST
2014-05-18 10:10 - 2014-05-18 09:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 10:08 - 2014-05-07 19:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 10:08 - 2014-02-25 14:44 - 00162154 _____ () C:\Windows\PFRO.log
2014-05-18 10:08 - 2014-02-11 20:58 - 00023106 _____ () C:\Windows\setupact.log
2014-05-18 10:08 - 2012-07-26 17:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-18 10:08 - 2012-07-26 17:14 - 01095579 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 10:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 09:57 - 2009-07-14 05:45 - 00017152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 09:57 - 2009-07-14 05:45 - 00017152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 09:53 - 2014-05-18 09:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 09:53 - 2014-05-18 09:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-18 09:53 - 2014-05-18 09:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 09:52 - 2014-05-18 09:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Median\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-18 09:50 - 2014-05-18 09:50 - 00006728 _____ () C:\Users\Median\Desktop\AdwCleaner[S1].txt
2014-05-18 09:49 - 2014-05-07 19:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 09:48 - 2014-02-11 20:23 - 00000000 ____D () C:\AdwCleaner
2014-05-18 09:46 - 2014-05-18 09:46 - 264417340 _____ () C:\Users\Median\Desktop\backup.reg
2014-05-18 09:43 - 2014-05-07 19:06 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-18 09:43 - 2014-05-07 19:06 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-18 09:40 - 2014-05-18 09:40 - 01325827 _____ () C:\Users\Median\Desktop\AdwCleaner.exe
2014-05-18 09:38 - 2014-05-18 09:38 - 00003669 _____ () C:\Users\Median\Desktop\JRT.txt
2014-05-18 09:34 - 2014-05-18 09:34 - 01016261 _____ (Thisisu) C:\Users\Median\Desktop\JRT.exe
2014-05-18 09:34 - 2014-05-18 09:34 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 09:32 - 2013-01-12 18:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 09:30 - 2014-05-04 14:40 - 00000000 ____D () C:\ProgramData\MiniApp
2014-05-18 09:29 - 2013-11-25 20:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-18 09:27 - 2013-12-10 17:06 - 00000128 _____ () C:\Windows\WININIT.INI
2014-05-18 09:27 - 2013-11-25 20:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-17 19:59 - 2012-07-26 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-17 12:09 - 2012-08-06 19:08 - 00000000 ___RD () C:\Users\Median\Desktop\Games
2014-05-17 11:06 - 2013-12-09 20:03 - 00000000 ____D () C:\Users\Median\AppData\Local\Battle.net
2014-05-16 13:32 - 2013-01-12 18:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 13:32 - 2012-08-11 17:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 13:32 - 2011-12-01 22:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 12:46 - 2012-12-22 14:28 - 00000000 ____D () C:\Users\Median\AppData\Roaming\jEdit
2014-05-15 17:47 - 2014-05-15 17:47 - 00000000 ____H () C:\Users\Median\Documents\Default.rdp
2014-05-15 16:36 - 2009-07-14 03:34 - 00000554 _____ () C:\Windows\win.ini
2014-05-14 20:21 - 2014-05-10 18:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 20:21 - 2012-07-27 09:25 - 00000000 ____D () C:\Users\Median\AppData\Roaming\Mozilla
2014-05-14 18:47 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 18:35 - 2014-05-06 10:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 18:27 - 2013-08-14 10:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 18:26 - 2011-07-18 21:31 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 17:44 - 2014-01-21 19:36 - 00000000 ____D () C:\Users\Median\Downloads\MagicFarm2
2014-05-11 11:44 - 2012-07-26 18:16 - 00000000 ____D () C:\Users\Median\AppData\Roaming\.minecraft
2014-05-11 11:22 - 2014-05-11 11:22 - 02525416 _____ () C:\Users\Median\Downloads\EJM Ultimate Resource Pack.zip
2014-05-11 11:22 - 2014-05-11 11:21 - 10966842 _____ () C:\Users\Median\Downloads\Epic Jump Map Ultimate Fix.zip
2014-05-11 11:13 - 2014-05-11 11:12 - 13968067 _____ () C:\Users\Median\Downloads\Little Timmys Birthday Adventure.zip
2014-05-11 10:53 - 2014-05-11 10:53 - 02721096 _____ () C:\Users\Median\Downloads\Abducted by the Taco.zip
2014-05-11 10:44 - 2014-05-04 14:40 - 00000000 ____D () C:\ProgramData\504c2cf8db11ac3b
2014-05-11 10:37 - 2014-05-11 10:36 - 16466175 _____ () C:\Users\Median\Downloads\The Lost Potato by ICrafting_ v1.2.5.zip
2014-05-10 18:04 - 2014-05-10 18:03 - 08530545 _____ () C:\Users\Median\Downloads\The Evil Doctors Castle.zip
2014-05-10 17:54 - 2014-04-27 12:14 - 00000000 ____D () C:\Users\Median\Downloads\authlib
2014-05-10 17:54 - 2013-01-06 11:13 - 00000000 ____D () C:\Users\Median\AppData\Roaming\ftblauncher
2014-05-09 15:55 - 2013-12-09 20:04 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-09 07:14 - 2014-05-14 18:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 07:11 - 2014-05-14 18:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 19:09 - 2014-03-12 21:14 - 00000000 ____D () C:\Users\Median\AppData\Local\Windows Live
2014-05-07 19:07 - 2014-05-07 19:07 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-07 19:07 - 2014-05-07 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-07 19:07 - 2012-07-26 17:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-07 19:06 - 2014-05-07 19:06 - 00884712 _____ (Google Inc.) C:\Users\Median\Downloads\ChromeSetup(1).exe
2014-05-07 19:05 - 2014-05-07 19:05 - 00884712 _____ (Google Inc.) C:\Users\Median\Downloads\ChromeSetup.exe
2014-05-07 19:01 - 2014-05-07 19:01 - 00000000 __SHD () C:\Users\Median\AppData\Local\EmieUserList
2014-05-07 19:01 - 2014-05-07 19:01 - 00000000 __SHD () C:\Users\Median\AppData\Local\EmieSiteList
2014-05-07 18:52 - 2014-05-07 18:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-07 18:52 - 2014-05-07 18:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-07 18:52 - 2014-05-07 18:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-07 18:52 - 2014-05-07 18:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-07 18:52 - 2014-05-07 18:51 - 30818216 _____ (Oracle Corporation) C:\Users\Median\Downloads\jre-7u55-windows-x64.exe
2014-05-07 18:41 - 2013-06-30 10:05 - 00000000 ____D () C:\Users\Median\AppData\Roaming\.technic
2014-05-06 18:28 - 2013-06-18 19:06 - 00000000 ____D () C:\Users\Median\AppData\Local\Unity
2014-05-06 14:16 - 2009-07-14 06:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 05:40 - 2014-05-14 18:27 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:17 - 2014-05-14 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:25 - 2014-05-14 18:27 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 04:07 - 2014-05-14 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 04:00 - 2014-05-14 18:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 03:10 - 2014-05-14 18:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 19:07 - 2014-05-05 19:07 - 00003186 _____ () C:\Windows\System32\Tasks\{2993FA29-010B-49C0-A484-CE35B488583F}
2014-05-05 19:06 - 2014-05-05 19:06 - 01599241 _____ () C:\Users\Median\Downloads\fml-1.7.2-7.2.171.894-installer-win.exe
2014-05-05 14:32 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-04 15:15 - 2014-05-04 15:15 - 02269863 _____ () C:\Users\Median\Downloads\forge-1.6.4-9.11.1.965-installer.jar
2014-05-04 14:53 - 2014-05-04 14:40 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-04 14:51 - 2014-05-04 14:51 - 00000000 ____D () C:\Users\Median\AppData\Roaming\FML
2014-05-04 14:48 - 2014-05-04 14:48 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787 (2).jar
2014-05-04 14:47 - 2014-05-04 14:47 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787 (1).jar
2014-05-04 14:46 - 2014-05-04 14:46 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787.jar
2014-05-04 14:41 - 2014-05-04 14:41 - 00000000 ____D () C:\Users\Median\AppData\Local\Packages
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Google
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Google
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator
2014-05-04 14:40 - 2012-07-26 17:53 - 00000000 ____D () C:\Users\Median\AppData\Local\Google
2014-05-02 17:06 - 2013-12-09 20:02 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-30 17:12 - 2013-12-06 20:06 - 00000000 ____D () C:\Users\Median\Desktop\bat
2014-04-30 08:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-29 19:00 - 2012-07-27 13:19 - 00000000 ____D () C:\Users\Median\AppData\Local\ArmA 2 OA
2014-04-27 12:19 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Instances
2014-04-27 12:18 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Configs
2014-04-27 12:17 - 2014-04-27 12:17 - 00778192 _____ () C:\Users\Median\Downloads\ATLauncher (1).exe
2014-04-27 12:17 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Servers
2014-04-27 12:17 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Backups
2014-04-27 12:14 - 2014-04-27 12:14 - 00000000 _____ () C:\Users\Median\Downloads\FTBOSSent1.3.8.txt
2014-04-26 20:36 - 2014-04-26 20:36 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-26 20:36 - 2014-04-26 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-26 20:36 - 2013-10-22 18:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-26 20:36 - 2013-06-28 11:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-22 18:11 - 2013-12-22 11:41 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
Files to move or delete:
====================
C:\Users\Median\jagex_cl_runescape_LIVE.dat
C:\Users\Median\random.dat
C:\Users\Public\AlexaNSISPlugin.4588.dll
Some content of TEMP:
====================
C:\Users\Median\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2014-05-14 18:14] - [2014-03-04 10:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-23 14:29
==================== End Of Log ============================
Thanks again for the help.