Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I have a trojan virus. [Solved]

Started by Dohnovan , Jan 15 2015 01:41 AM

  • This topic is locked This topic is locked

#16
ruggie_uk
Posted 16 January 2015 - 02:49 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Thanks - how is your computer behaving now?

 

Let's take another FRST look to see what is left (if anything) and we can remove IObit traces.

 

Supplemental FRST Scan
Please run FRST/FRST64 again from your Desktop. If you do not currently have it on your system, download it from here and save it to your desktop.

  • Right click frst.png to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to the disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

 


  • 0

Advertisements

#17
Dohnovan
Posted 16 January 2015 - 03:25 AM

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

I still have some stuff from earlier in Quarantine, and I didn't remove the stuff found with the last scan like I was told. My computer is still pretty slow. I also thought I would mention the profile is still there, and I will get the scan done right now!


  • 0

#18
Dohnovan
Posted 16 January 2015 - 03:27 AM

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Jennifer (administrator) on JENNIFER-PC on 16-01-2015 02:25:44
Running from C:\Users\Jennifer\Desktop
Loaded Profiles: Jennifer (Available profiles: Jennifer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2015-01-13] (NCSOFT Corporation)
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\...\Run: [Google Update] => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-17] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-31] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Jennifer\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tiancity.com/NxGame -> C:\ProgramData\Tiancity\NGM\npNxGameCN.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3796663202-1426937064-2068174289-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3796663202-1426937064-2068174289-1000: @talk.google.com/O1DPlugin -> C:\Users\Jennifer\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3796663202-1426937064-2068174289-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3796663202-1426937064-2068174289-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jennifer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jennifer\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
CHR Extension: (Google Docs) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (YouTube) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Google Search) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Google Sheets) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
CHR Extension: (Gmail) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S2 PCloudCleanerService; C:\Windows\SysWOW64\PCloudCleanerService.EXE [93152 2013-10-04] (Panda Security S.L.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-23] (REALiX™)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-04] (Razer Inc)
S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 00:49 - 2015-01-16 00:49 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-01-16 00:48 - 2015-01-16 00:48 - 02178048 _____ (Reason Software Company Inc.) C:\Users\Jennifer\Downloads\ShouldIRemoveIt_Setup.exe
2015-01-16 00:48 - 2015-01-16 00:48 - 00001273 _____ () C:\Users\Jennifer\Desktop\Should I Remove It.lnk
2015-01-16 00:48 - 2015-01-16 00:48 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2015-01-16 00:48 - 2015-01-16 00:48 - 00000000 ____D () C:\Program Files (x86)\Reason
2015-01-15 16:56 - 2015-01-15 16:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-15 16:55 - 2015-01-15 16:56 - 02347384 _____ (ESET) C:\Users\Jennifer\Downloads\esetsmartinstaller_enu.exe
2015-01-15 16:47 - 2015-01-15 16:47 - 00001578 _____ () C:\Users\Jennifer\Desktop\scarystuff.txt
2015-01-15 16:26 - 2015-01-15 16:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 16:26 - 2015-01-15 16:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-15 16:26 - 2015-01-15 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-15 16:26 - 2015-01-15 16:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-15 16:26 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-15 16:26 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-15 16:26 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-15 16:25 - 2015-01-15 16:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-15 16:23 - 2015-01-15 16:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jennifer\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-15 15:54 - 2015-01-15 16:18 - 00000000 ____D () C:\AdwCleaner
2015-01-15 15:54 - 2015-01-15 15:54 - 02191360 _____ () C:\Users\Jennifer\Desktop\AdwCleaner.exe
2015-01-15 15:52 - 2015-01-15 15:52 - 00001837 _____ () C:\Users\Jennifer\Desktop\JRT.txt
2015-01-15 15:49 - 2015-01-15 15:49 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 15:47 - 2015-01-15 15:48 - 01707939 _____ (Thisisu) C:\Users\Jennifer\Desktop\JRT.exe
2015-01-15 14:27 - 2015-01-15 14:27 - 00073318 _____ () C:\Users\Jennifer\Desktop\Shortcut.txt
2015-01-15 14:27 - 2015-01-15 14:27 - 00025514 _____ () C:\Users\Jennifer\Desktop\Addition.txt
2015-01-15 14:26 - 2015-01-16 02:25 - 00013180 _____ () C:\Users\Jennifer\Desktop\FRST.txt
2015-01-15 14:24 - 2015-01-15 14:24 - 02125312 _____ (Farbar) C:\Users\Jennifer\Downloads\FRST64 (1).exe
2015-01-15 14:22 - 2015-01-16 02:25 - 00000000 ____D () C:\FRST
2015-01-15 14:22 - 2015-01-15 14:22 - 02125312 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe
2015-01-14 22:53 - 2015-01-14 22:53 - 00000000 ____D () C:\Users\Jennifer\Desktop\New folder
2015-01-14 21:34 - 2015-01-14 21:34 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-14 16:38 - 2015-01-14 16:38 - 00001584 _____ () C:\Windows\CompatibilityIssues.txt
2015-01-14 15:50 - 2015-01-14 16:40 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-01-14 15:50 - 2015-01-14 16:40 - 00001908 _____ () C:\Windows\diagerr.xml
2015-01-14 13:23 - 2015-01-14 13:23 - 00002378 _____ () C:\Users\mnmojcotiuu\Documents\MumbleAutomaticCertificateBackup.p12
2015-01-14 13:22 - 2015-01-14 13:23 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Roaming\Mumble
2015-01-14 13:04 - 2015-01-14 13:05 - 00000025 _____ () C:\Users\mnmojcotiuu\Desktop\SKYPE ME.txt
2015-01-14 13:01 - 2015-01-14 13:01 - 00112472 _____ () C:\Users\mnmojcotiuu\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-14 12:54 - 2015-01-14 12:54 - 00000398 _____ () C:\Users\mnmojcotiuu\Desktop\Read this please! I want you to understand!.txt
2015-01-14 12:43 - 2015-01-14 12:43 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Roaming\IObit
2015-01-14 12:43 - 2015-01-14 12:43 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Local\Skype
2015-01-14 12:42 - 2015-01-14 13:33 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Roaming\Skype
2015-01-14 12:39 - 2015-01-14 12:39 - 01661128 _____ (ESET) C:\Users\mnmojcotiuu\Downloads\eset_smart_security_live_installer.exe
2015-01-14 12:33 - 2015-01-14 12:33 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Roaming\ProductData
2015-01-14 12:33 - 2015-01-14 12:33 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Roaming\Adobe
2015-01-14 12:33 - 2015-01-14 12:33 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Local\Razer
2015-01-14 12:33 - 2015-01-14 12:33 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Local\Google
2015-01-14 12:32 - 2015-01-14 12:33 - 00000000 ____D () C:\Users\mnmojcotiuu
2015-01-14 12:32 - 2015-01-14 12:32 - 00000020 ___SH () C:\Users\mnmojcotiuu\ntuser.ini
2015-01-14 12:32 - 2015-01-14 12:32 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Local\VirtualStore
2015-01-14 12:32 - 2013-09-12 09:45 - 00000000 ____D () C:\Users\mnmojcotiuu\AppData\Roaming\TuneUp Software
2015-01-14 12:32 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-14 12:32 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\mnmojcotiuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-14 12:24 - 2015-01-14 12:24 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\ESET
2015-01-14 12:24 - 2015-01-14 12:24 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\ESET
2015-01-14 12:08 - 2015-01-14 12:08 - 01661128 _____ (ESET) C:\Users\Jennifer\Downloads\eset_smart_security_live_installer.exe
2015-01-14 11:57 - 2015-01-14 12:09 - 00000247 _____ () C:\Windows\system32\2015-01-14-18-57-29.098-aswFe.exe-1532.log
2015-01-14 11:57 - 2015-01-14 11:57 - 00000197 _____ () C:\Windows\system32\2015-01-14-18-57-22.010-AvastVBoxSVC.exe-4784.log
2015-01-14 11:23 - 2015-01-14 11:23 - 00511633 _____ () C:\Users\Jennifer\Downloads\Autoruns.zip
2015-01-14 11:23 - 2015-01-14 11:23 - 00000000 ____D () C:\Users\Jennifer\Downloads\Autoruns
2015-01-14 11:08 - 2015-01-15 16:19 - 00002404 _____ () C:\Windows\setupact.log
2015-01-14 11:08 - 2015-01-14 16:33 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-14 11:04 - 2015-01-15 16:18 - 00820690 _____ () C:\Windows\PFRO.log
2015-01-14 10:48 - 2015-01-14 10:48 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-14 10:48 - 2015-01-14 10:48 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-14 10:40 - 2015-01-14 10:41 - 04978536 _____ (AVAST Software) C:\Users\Jennifer\Downloads\avast_premier_antivirus_setup_online.exe
2015-01-14 10:25 - 2015-01-14 13:08 - 00000000 ____D () C:\ProgramData\fhciaaehadeekancjplcmndhgjofifnn
2015-01-14 10:21 - 2015-01-14 10:21 - 69275648 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2015-01-14 10:21 - 2015-01-14 10:21 - 00344064 _____ () C:\Windows\system32\config\DEFAULT.iobit
2015-01-14 10:21 - 2015-01-14 10:21 - 00028672 _____ () C:\Windows\system32\config\SAM.iobit
2015-01-14 10:21 - 2015-01-14 10:21 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2015-01-14 10:15 - 2015-01-14 13:09 - 00000000 ____D () C:\ProgramData\oknkhljlbonlgiegffbbpibnmjljpnbg
2015-01-14 10:10 - 2015-01-14 10:10 - 05948937 _____ () C:\Users\Jennifer\Downloads\ATMoP.zip
2015-01-13 22:57 - 2015-01-13 22:58 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (12).exe
2015-01-13 22:48 - 2015-01-13 22:48 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (11).exe
2015-01-13 22:43 - 2015-01-13 22:43 - 02460206 _____ () C:\Users\Jennifer\Downloads\GamezAion Files 4.5.0.27.rar
2015-01-13 22:34 - 2015-01-13 22:34 - 02082501 _____ () C:\Users\Jennifer\Downloads\Gamez Aion Installer (3).exe
2015-01-13 22:30 - 2015-01-13 22:30 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (10).exe
2015-01-13 22:28 - 2015-01-13 22:28 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (9).exe
2015-01-13 22:25 - 2015-01-13 22:25 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (8).exe
2015-01-13 22:21 - 2015-01-13 22:21 - 02082501 _____ () C:\Users\Jennifer\Downloads\Gamez Aion Installer (2).exe
2015-01-13 22:17 - 2015-01-13 22:17 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (7).exe
2015-01-13 22:10 - 2015-01-13 22:11 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (6).exe
2015-01-13 22:09 - 2015-01-13 22:09 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (5).exe
2015-01-13 22:07 - 2015-01-13 22:07 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (4).exe
2015-01-13 22:02 - 2015-01-13 22:02 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (3).exe
2015-01-13 21:51 - 2015-01-13 21:51 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (2).exe
2015-01-13 21:48 - 2015-01-13 21:48 - 02082501 _____ () C:\Users\Jennifer\Downloads\Gamez Aion Installer (1).exe
2015-01-13 21:47 - 2015-01-13 21:47 - 02082501 _____ () C:\Users\Jennifer\Downloads\Gamez Aion Installer.exe
2015-01-13 21:46 - 2015-01-13 21:46 - 05003264 _____ (NC Interactive, LLC) C:\Users\Jennifer\Downloads\AionInstaller (1).exe
2015-01-13 12:15 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 12:15 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 12:15 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 12:15 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 12:15 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 12:15 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 12:15 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 12:15 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 12:15 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 12:15 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 12:15 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 12:15 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 12:15 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-09 22:31 - 2015-01-09 22:31 - 00001990 _____ () C:\Users\Public\Desktop\TERA Launcher.lnk
2015-01-09 22:31 - 2015-01-09 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment
2015-01-09 22:30 - 2015-01-09 22:42 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\TERA
2015-01-09 22:30 - 2015-01-09 22:30 - 00000000 ____D () C:\Users\Public\Games
2015-01-09 22:24 - 2015-01-09 22:24 - 28742344 _____ (En Masse Entertainment) C:\Users\Jennifer\Downloads\TERA-Minimal-Setup.exe
2015-01-09 14:55 - 2015-01-12 15:46 - 00000000 ____D () C:\Users\Jennifer\Downloads\World of Warcraft - 3.3.5a (12340) - enUS (No Install)
2015-01-09 14:55 - 2015-01-09 14:55 - 00185687 _____ () C:\Users\Jennifer\Downloads\World of Warcraft - 3.3.5a (12340) - enUS (No Install) (1).torrent
2015-01-09 14:54 - 2015-01-09 14:54 - 00185687 _____ () C:\Users\Jennifer\Downloads\World of Warcraft - 3.3.5a (12340) - enUS (No Install).torrent
2015-01-09 14:49 - 2015-01-09 14:50 - 20359976 _____ () C:\Users\Jennifer\Downloads\WoW434S.rar
2015-01-07 22:41 - 2015-01-07 22:49 - 00002139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Arcadia PVE Runes of Magic.lnk
2015-01-07 22:41 - 2015-01-07 22:49 - 00002133 _____ () C:\Users\Public\Desktop\Arcadia PVE Runes of Magic.lnk
2015-01-07 22:36 - 2015-01-07 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arcadia PVE Runes of Magic
2015-01-07 22:36 - 2015-01-07 22:36 - 00000000 ____D () C:\Program Files (x86)\Arcadia PVE Runes of Magic
2015-01-07 22:25 - 2015-01-07 22:25 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-07 22:25 - 2015-01-07 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-07 22:25 - 2015-01-07 22:25 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-07 22:24 - 2015-01-07 22:23 - 01941064 _____ () C:\Users\Jennifer\Downloads\winrar520.exe
2015-01-07 22:13 - 2015-01-07 22:18 - 3393974537 _____ () C:\Users\Jennifer\Downloads\ArcadiaPVE6.2.rar
2015-01-07 21:21 - 2015-01-07 21:21 - 00029025 _____ () C:\Users\Jennifer\Downloads\arcadiarom_[Isohunt.to].torrent
2015-01-05 19:47 - 2015-01-05 19:47 - 00001034 _____ () C:\Users\Public\Desktop\ROM PVP.lnk
2015-01-05 19:47 - 2015-01-05 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROM PVP
2015-01-05 19:28 - 2015-01-07 16:03 - 00000000 ____D () C:\Program Files (x86)\ROM PVP
2015-01-05 18:14 - 2015-01-05 19:24 - 00000000 ____D () C:\Users\Jennifer\Downloads\6.0.2.2662.en_Rompvp_full_setup
2015-01-05 17:42 - 2015-01-05 18:06 - 895606659 ____R () C:\Users\Jennifer\Downloads\6.0.2.2662.en_Rompvp_full_setup.zip
2015-01-05 17:41 - 2015-01-05 17:41 - 00091156 _____ () C:\Users\Jennifer\Downloads\6.0.2.2662.en_Rompvp_full_setup.torrent
2015-01-04 20:39 - 2015-01-04 20:39 - 00000023 _____ () C:\Users\Jennifer\Downloads\_settings.ini
2015-01-04 19:31 - 2015-01-04 20:37 - 00000000 ____D () C:\Users\Jennifer\Downloads\_update_status
2015-01-04 19:30 - 2015-01-04 19:30 - 04802048 _____ () C:\Users\Jennifer\Downloads\MonkeyDynastyLauncher.exe
2015-01-04 18:58 - 2015-01-04 18:58 - 01009444 _____ () C:\Users\Jennifer\Downloads\MonkeyDynastyDownloader (1).exe
2015-01-04 18:56 - 2015-01-14 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monkey Dynasty
2015-01-04 18:56 - 2015-01-04 18:56 - 01009444 _____ () C:\Users\Jennifer\Downloads\MonkeyDynastyDownloader.exe
2015-01-04 18:39 - 2015-01-04 18:39 - 00145196 _____ () C:\Users\Jennifer\Downloads\MonkeyDynasty_Client (1).torrent
2015-01-04 18:28 - 2015-01-04 18:28 - 00145196 _____ () C:\Users\Jennifer\Downloads\MonkeyDynasty_Client.torrent
2015-01-02 10:01 - 2015-01-03 09:15 - 00000000 ____D () C:\Users\Jennifer\.ultimatescape
2015-01-02 09:56 - 2015-01-02 09:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-02 09:56 - 2015-01-02 09:56 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-02 09:55 - 2015-01-02 09:56 - 00638888 _____ (Oracle Corporation) C:\Users\Jennifer\Downloads\chromeinstall-8u25.exe
2014-12-28 16:34 - 2014-12-28 16:34 - 00035215 _____ () C:\Users\Jennifer\Downloads\Tera_Installer.torrent
2014-12-28 13:56 - 2014-12-28 13:56 - 05948937 _____ () C:\Users\Jennifer\Downloads\ATMoP (1).zip
2014-12-28 05:07 - 2015-01-14 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-12-28 05:06 - 2014-12-28 05:07 - 20192000 _____ (Gameforge ) C:\Users\Jennifer\Downloads\RunesOfMagic_GameforgeLiveSetup_EN.exe
2014-12-25 17:43 - 2014-12-25 17:43 - 00002406 _____ () C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2014-12-25 17:43 - 2014-12-25 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2014-12-25 17:43 - 2014-12-25 17:43 - 00000000 ____D () C:\Program Files (x86)\SquareEnix
2014-12-25 17:41 - 2014-12-25 17:41 - 112206656 _____ (SQUARE ENIX CO., LTD.) C:\Users\Jennifer\Downloads\ffxivsetup_ft.exe
2014-12-23 21:45 - 2014-12-23 21:45 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2014-12-23 21:26 - 2014-12-23 21:26 - 05040384 ____N (AVAST Software) C:\Users\Jennifer\Desktop\avastclear.exe
2014-12-23 07:44 - 2014-12-23 07:44 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\ZMR
2014-12-19 00:04 - 2014-12-19 00:04 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-19 00:04 - 2014-12-19 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-19 00:04 - 2014-12-19 00:04 - 00000000 ____D () C:\Program Files\Java
2014-12-19 00:02 - 2014-12-19 00:03 - 92658088 _____ (Oracle Corporation) C:\Users\Jennifer\Downloads\jre-8u25-windows-x64.exe
2014-12-18 23:31 - 2014-12-18 23:31 - 00001072 _____ () C:\Users\Jennifer\AppData\Local\Local - Shortcut.lnk
2014-12-18 23:16 - 2014-12-18 23:16 - 00000000 ____D () C:\ArcheAge0
2014-12-18 20:54 - 2015-01-10 18:11 - 00000000 ____D () C:\Users\Jennifer\Documents\ArcheAge
2014-12-18 17:44 - 2014-12-18 17:44 - 00002966 _____ () C:\Windows\System32\Tasks\{422FF63E-5445-4D5F-9683-7F403EF71BE4}
2014-12-18 10:53 - 2014-12-18 10:53 - 00002966 _____ () C:\Windows\System32\Tasks\{A7D6ED4C-9E53-41AC-A275-396D94C3DF37}
2014-12-18 10:52 - 2014-12-18 10:52 - 00002966 _____ () C:\Windows\System32\Tasks\{DF76B1F9-3101-4848-B770-C5A449D86117}
2014-12-18 03:55 - 2014-12-18 11:25 - 00000000 ____D () C:\Program Files (x86)\Diablo III Public Test
2014-12-18 03:55 - 2014-12-18 03:55 - 00001310 _____ () C:\Users\Public\Desktop\Diablo III Public Test.lnk
2014-12-18 03:55 - 2014-12-18 03:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-12-18 02:59 - 2014-11-17 14:37 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2014-12-18 02:58 - 2014-10-31 16:27 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2014-12-18 02:26 - 2014-12-18 02:26 - 31708272 _____ (Trion Worlds Inc.) C:\Users\Jennifer\Downloads\GlyphInstall.exe
2014-12-17 23:54 - 2014-12-17 23:54 - 00292184 _____ (Microsoft Corporation) C:\Users\Jennifer\Downloads\dxwebsetup.exe
2014-12-17 22:21 - 2014-12-17 22:21 - 00002966 _____ () C:\Windows\System32\Tasks\{F880F727-B8E2-40D3-9D6A-EE19EB46DD19}
2014-12-17 22:20 - 2014-12-17 22:20 - 00002966 _____ () C:\Windows\System32\Tasks\{D1216D47-624B-44C3-801F-547FC9494A31}
2014-12-17 22:19 - 2014-12-17 22:19 - 00002966 _____ () C:\Windows\System32\Tasks\{BD50D5B9-3F95-459C-80F7-B9617ABB36C3}
2014-12-17 22:18 - 2014-12-17 22:18 - 00002966 _____ () C:\Windows\System32\Tasks\{5191FA3E-3FFE-439C-B697-E457C01E90C0}
2014-12-17 20:07 - 2014-12-17 20:07 - 00002966 _____ () C:\Windows\System32\Tasks\{9BBCC007-61D2-4A85-A23C-4695B17A9D6E}
2014-12-17 20:06 - 2014-12-17 20:06 - 00002966 _____ () C:\Windows\System32\Tasks\{EC591D39-E54C-48F9-ADDD-1A302B8AE815}
2014-12-17 20:06 - 2014-12-17 20:06 - 00002966 _____ () C:\Windows\System32\Tasks\{6A2C7DE8-D2DF-4AB8-AECA-A0099B0648A8}
2014-12-17 19:34 - 2014-12-17 19:34 - 00880784 _____ (Google Inc.) C:\Users\Jennifer\Downloads\GoogleVoiceAndVideoSetup (1).exe
2014-12-17 19:33 - 2015-01-16 01:38 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796663202-1426937064-2068174289-1000UA.job
2014-12-17 19:33 - 2015-01-15 19:38 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796663202-1426937064-2068174289-1000Core.job
2014-12-17 19:33 - 2014-12-17 19:33 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3796663202-1426937064-2068174289-1000UA
2014-12-17 19:33 - 2014-12-17 19:33 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3796663202-1426937064-2068174289-1000Core
2014-12-17 19:33 - 2014-12-17 19:33 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Mozilla
2014-12-17 19:32 - 2014-12-17 19:32 - 00880784 _____ (Google Inc.) C:\Users\Jennifer\Downloads\GoogleVoiceAndVideoSetup.exe
2014-12-17 16:12 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2014-12-17 16:12 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2014-12-17 15:55 - 2014-12-17 15:55 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-12-17 15:55 - 2014-12-17 15:55 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-17 14:53 - 2014-12-12 22:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 14:53 - 2014-12-12 20:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 02:22 - 2013-08-10 14:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 02:19 - 2013-07-29 08:48 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Skype
2015-01-16 00:52 - 2014-10-22 21:11 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-16 00:23 - 2013-07-29 00:56 - 01490661 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 16:27 - 2009-07-13 21:45 - 00015328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 16:27 - 2009-07-13 21:45 - 00015328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 16:24 - 2013-08-10 14:16 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-15 16:20 - 2013-10-15 19:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-15 16:19 - 2014-01-28 19:05 - 00000194 _____ () C:\Windows\SysWOW64\PCloudCleanerService.log
2015-01-15 16:19 - 2013-08-10 14:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 16:19 - 2013-07-29 00:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-15 16:19 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 15:39 - 2013-07-29 00:03 - 00000000 ____D () C:\Users\Jennifer
2015-01-14 16:33 - 2013-11-18 14:42 - 00000000 ____D () C:\Program Files (x86)\NCsoft
2015-01-14 16:33 - 2013-07-29 00:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 16:32 - 2013-07-29 00:42 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-14 16:30 - 2013-08-16 09:05 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\uTorrent
2015-01-14 12:42 - 2014-09-20 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-14 12:42 - 2014-03-24 01:46 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-14 12:42 - 2013-07-29 08:48 - 00000000 ____D () C:\ProgramData\Skype
2015-01-14 12:33 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-14 10:46 - 2014-08-12 17:30 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Mumble
2015-01-14 10:26 - 2013-11-18 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gamez Aion
2015-01-14 03:06 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2013-07-29 07:37 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 00:41 - 2014-12-14 00:11 - 00001408 _____ () C:\Users\Jennifer\AppData\Roaming\BreakingPoint_Options.ini
2015-01-13 23:57 - 2014-12-14 00:11 - 00000299 _____ () C:\Users\Jennifer\AppData\Roaming\BreakingPoint_Login.ini
2015-01-13 23:57 - 2014-12-14 00:05 - 00000000 ____D () C:\Breaking Point
2015-01-13 22:49 - 2013-11-18 14:49 - 00000000 ____D () C:\Program Files (x86)\NCWest
2015-01-13 22:18 - 2013-11-18 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2015-01-13 21:53 - 2014-04-10 09:16 - 00000000 ____D () C:\Users\Jennifer\Downloads\Gameforge Live
2015-01-11 00:12 - 2014-10-25 22:30 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-10 23:51 - 2014-10-22 21:12 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-10 23:01 - 2014-09-06 19:23 - 00000000 ____D () C:\Program Files (x86)\Glyph
2015-01-10 19:44 - 2013-10-15 19:39 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-10 12:24 - 2013-09-11 19:29 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\TS3Client
2015-01-09 01:04 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-08 14:56 - 2014-04-10 11:49 - 00000858 _____ () C:\Windows\client.config.ini
2015-01-06 04:36 - 2013-07-29 00:17 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 22:53 - 2014-04-10 11:26 - 00000000 ___HD () C:\Users\Jennifer\Documents\Runes of Magic
2015-01-05 19:38 - 2014-11-24 21:51 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Arma 3
2014-12-31 14:28 - 2014-02-10 12:46 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Battle.net
2014-12-28 14:03 - 2013-12-20 12:40 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-25 17:42 - 2013-12-17 19:13 - 00000000 ____D () C:\Users\Jennifer\Documents\My Games
2014-12-24 03:46 - 2014-10-22 21:11 - 00000000 ____D () C:\ProgramData\IObit
2014-12-24 03:46 - 2014-10-22 21:08 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\IObit
2014-12-23 19:27 - 2013-08-24 19:18 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-12-23 19:27 - 2013-08-24 19:18 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-12-21 19:41 - 2013-07-29 08:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-19 00:04 - 2013-10-28 08:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-18 23:46 - 2014-09-06 19:23 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Glyph
2014-12-18 21:17 - 2014-09-06 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-12-18 13:28 - 2013-12-17 18:30 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-12-18 13:28 - 2013-12-17 18:29 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-12-18 13:23 - 2014-10-20 02:18 - 00000000 ____D () C:\Users\Public\entropia universe
2014-12-18 13:21 - 2014-03-27 19:04 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-12-18 11:26 - 2014-03-22 00:39 - 00000000 ____D () C:\Users\Jennifer\Documents\Diablo III
2014-12-18 03:48 - 2014-03-21 23:59 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-12-18 03:46 - 2013-08-21 17:37 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2014-12-18 03:40 - 2014-08-29 21:47 - 00000000 ____D () C:\ProgramData\Origin
2014-12-18 03:40 - 2014-08-29 21:47 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-18 03:08 - 2013-07-29 20:49 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Razer
2014-12-18 03:07 - 2014-05-03 23:01 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Spotify
2014-12-18 03:06 - 2014-05-03 23:01 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Spotify
2014-12-18 03:05 - 2013-07-29 09:29 - 00112472 _____ () C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-18 03:03 - 2009-07-13 21:45 - 00421552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-18 02:59 - 2013-07-29 20:48 - 00000000 ____D () C:\ProgramData\Razer
2014-12-18 02:59 - 2013-07-29 20:48 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-12-18 00:58 - 2014-02-10 12:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-17 19:33 - 2013-08-10 14:16 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Google
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 02:01
 
==================== End Of Log ============================

  • 0

#19
ruggie_uk
Posted 16 January 2015 - 04:25 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

It's ok we will deal with the quarantines and the errant files.

 

The only normal profile I can see on your machine is Jennifer that is currently logged in.

 

Which is the other profile you are referring to?


  • 0

#20
Dohnovan
Posted 16 January 2015 - 12:08 PM

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Mnmojcotiuu


  • 0

#21
Dohnovan
Posted 16 January 2015 - 12:10 PM

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

I went into the profile a few times and realized that all my stuff is in it. o_o


  • 0

#22
ruggie_uk
Posted 16 January 2015 - 12:18 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Is your stuff also in your current profile?


  • 0

#23
Dohnovan
Posted 16 January 2015 - 12:19 PM

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Some stuff is in the jennifer profile. I started snooping around the other profile and it has like ALL the shiz that's important.


  • 0

#24
ruggie_uk
Posted 16 January 2015 - 12:25 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Ok, for now copy the stuff back to your current profile.

Then we will remove all traces of it in the next fix.


  • 0

#25
Dohnovan
Posted 16 January 2015 - 12:30 PM

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

I don't know a safe/proper way to do that. How do I put this? The profile has a searches folder then in it is some crazy shiz I have never seen it has an everywhere saved search thing and a indexed locations saved searches. When I click on either there is over 200k folders/files and other shiz.


  • 0

Advertisements

#26
Dohnovan
Posted 16 January 2015 - 12:31 PM

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Sorry!


  • 0

#27
Dohnovan
Posted 16 January 2015 - 12:45 PM

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Did you see my message before sorry? I noticed you're watching this thread.


Edited by Dohnovan, 16 January 2015 - 12:51 PM.

  • 0

#28
ruggie_uk
Posted 16 January 2015 - 12:54 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Yes bear with me - I am looking at a few options


  • 0

#29
Dohnovan
Posted 16 January 2015 - 01:02 PM

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Sorry yet again! I did not consider that you were doing that. Thank you aswell!


  • 0

#30
ruggie_uk
Posted 16 January 2015 - 01:21 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Let's take a look in the folder. This may take a while to scan.

 

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.
 

  • Download the attached Attached File  fixlist.txt   213bytes   140 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

 

Items I need to see in your next post:

  • FRST Fixlog

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP