View Full Version : Spybot not removing Somoto Better Installer
aranthrue
2014-03-20, 17:28
I found this (http://forums.spybot.info/showthread.php?69448-SB-doesn-t-remove-quot-Somoto-BetterInstaller-quot&highlight=somoto)thread from last year. I'm having the same problem. I have downloaded OTL and aswMBR and run them as described in this thread, and I have the results. Can I submit these to be looked at please?
Many thanks
Hi and welcome.
If you would, I'd like to see the log results for aswMBR.
Also
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
~~~~~~~~~~~~~~~~~~~~
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
aranthrue
2014-03-22, 18:07
Hello Juliet, and thanks for helping me. I'll post the requested logs in separate messages. This is aswMBR log. Do you want the .dat file also?
aswMBR
===========================================================================
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-22 16:03:05
-----------------------------
16:03:05.254 OS Version: Windows x64 6.1.7601 Service Pack 1
16:03:05.255 Number of processors: 8 586 0x2A07
16:03:05.255 ComputerName: RICKY-PC UserName: Ricky
16:03:07.652 Initialize success
16:03:16.941 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:03:16.948 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
16:03:16.955 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:03:16.961 Disk 1 Vendor: ST950032 D005 Size: 476940MB BusType: 3
16:03:16.977 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\JMCR1Port1Path0Target0Lun0
16:03:16.986 Disk 2 Vendor: JMCR____ Size: 30436MB BusType: 0
16:03:17.098 Disk 0 MBR read successfully
16:03:17.108 Disk 0 MBR scan
16:03:17.117 Disk 0 Windows VISTA default MBR code
16:03:17.126 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
16:03:17.172 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
16:03:17.200 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456835 MB offset 41172992
16:03:17.245 Disk 0 scanning C:\Windows\system32\drivers
16:03:28.678 Service scanning
16:03:55.581 Modules scanning
16:03:55.843 Disk 0 trace - called modules:
16:03:55.882 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
16:03:55.898 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009615790]
16:03:55.914 3 CLASSPNP.SYS[fffff88000fcc43f] -> nt!IofCallDriver -> [0xfffffa800954dcb0]
16:03:55.929 5 stdcfltn.sys[fffff880016d5c52] -> nt!IofCallDriver -> [0xfffffa80077b4400]
16:03:55.943 7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077b8050]
16:03:55.957 Scan finished successfully
16:04:49.557 Disk 0 MBR has been saved successfully to "C:\Users\Ricky\Desktop\MBR.dat"
16:04:49.568 The log file has been saved successfully to "C:\Users\Ricky\Desktop\aswMBR.txt"
aranthrue
2014-03-22, 18:12
Rkill ran and FRST also run
The FRST is too big. This is part 1
===============================================================================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Ricky (administrator) on RICKY-PC on 22-03-2014 15:50:43
Running from C:\Users\Ricky\Desktop\New folder
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Spotify Ltd) C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818856 2011-08-26] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7284328 2011-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2011-08-29] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2034752 2011-08-08] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462991 2010-06-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\Run: [DellSystemDetect] - C:\Users\Ricky\AppData\Local\Apps\2.0\N7Y7VAL6.XPG\JA3PM5ZN.785\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [253952 2014-02-27] (Dell)
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\Run: [Google Update] - C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-10] (Google Inc.)
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\Run: [Windows-Audio-HD-Driver-Component] - C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe [64512 2013-12-01] (Simon Tatham)
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\Run: [Spotify Web Helper] - C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-27] (Spotify Ltd)
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\MountPoints2: {19b82ea9-a43b-11e1-9776-848f69d4b7b6} - IomegaEncryptionSetup v1.3.exe
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\MountPoints2: {297de788-eec3-11e1-a0fe-848f69d4b7b6} - G:\LaunchU3.exe -a
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\MountPoints2: {851200d3-54ed-11e2-b857-848f69d4b7b6} - G:\Startme.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {8AE39BE8-E198-4B5C-9DA4-49AF9C3DE02F} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {A3523B44-BA57-4500-8259-63E052EE59F4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {2F72DFC3-E470-4380-B7E0-B69CC342399C} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {A3523B44-BA57-4500-8259-63E052EE59F4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {D58CF460-165A-4AEB-81C0-2A35D9787E40} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll No File
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
FireFox:
========
FF ProfilePath: C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default
FF user.js: detected! => C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\user.js
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.google.co.uk/
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=mcafee&type=A110GB105&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll No File
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Ricky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Ricky\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ricky\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ricky\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll (C3D)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll (BEXTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Ricky\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ricky\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: DownloadHelper - C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: Selenium IDE: C# Formatters - C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\Extensions\csharpformatters@seleniumhq.org.xpi [2014-02-21]
FF Extension: Selenium IDE: Java Formatters - C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\Extensions\javaformatters@seleniumhq.org.xpi [2014-02-21]
FF Extension: Selenium IDE: Python Formatters - C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\Extensions\pythonformatters@seleniumhq.org.xpi [2014-02-21]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\Extensions\rubyformatters@seleniumhq.org.xpi [2014-02-21]
FF Extension: Selenium IDE - C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2014-02-21]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-08-21]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-06-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2014-02-24]
CHR Extension: (Google Drive) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-25]
CHR Extension: (100,000 Books - Wattpad) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgbiianmgbopnpohjfbkmdjmmdlndjfj [2014-02-24]
CHR Extension: (YouTube) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-25]
CHR Extension: (McAfee Security Scan+) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-24]
CHR Extension: (FTP Editor) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljonifjecojdgoejokjfdffgpgliic [2014-02-24]
CHR Extension: (Background Image for Googleâ„¢ Homepage) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedihplmdadkgmhdlblolekfbpghnppa [2014-02-24]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-02-24]
CHR Extension: (Google Search) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-25]
CHR Extension: (Bing Maps Instant) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dphdjbpjmmdeijbhnnkamladknglcefc [2014-02-24]
CHR Extension: (Logitech SetPoint) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-06-09]
CHR Extension: (Radioplayer) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2014-02-24]
CHR Extension: (Tesco Food) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffibhmnkceoelgabpnpaaojflglampjb [2014-02-24]
CHR Extension: (PicMonkey) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-02-24]
CHR Extension: (SiteAdvisor) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-24]
CHR Extension: (Full Screen Weather) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2014-02-24]
CHR Extension: (Edmodo) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpcdidgjjebefhmlhjlgnkahlimgaemc [2014-03-03]
CHR Extension: (Close Tabs) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gadafnnkijfmbbmeielphlapddbmgbgo [2014-02-24]
CHR Extension: (XML Tree) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbammbheopgpmaagmckhpjbfgdfkpadb [2014-02-24]
CHR Extension: (The Camelizer - Amazon Price Tracker) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2014-02-24]
CHR Extension: (AdBlock) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-24]
CHR Extension: (TiltShiftMaker) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo [2014-02-24]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-02-24]
CHR Extension: (Google +1 Button) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-02-24]
CHR Extension: (BBC Good Food) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja [2014-02-24]
CHR Extension: (WhiteSmoke New) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2014-02-24]
CHR Extension: (Virgin Media - TV Guide) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljcibkmlmeajifpnkkagcokggjlmcone [2014-02-24]
CHR Extension: (Google Maps) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-02-24]
CHR Extension: (Google Play Books) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-02-24]
CHR Extension: (SkyDrive) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-02-24]
CHR Extension: (Google Wallet) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (imo free video calls and text) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2014-02-24]
CHR Extension: (Doffy) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\olemcgkilokfkkmhdamnkblnnkkedpoe [2014-02-24]
CHR Extension: (Sky+) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookngkjbobceimcicokadhjonlejhobj [2014-02-24]
CHR Extension: (Outlook.com) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-02-24]
CHR Extension: (Gmail) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-25]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Ricky\AppData\Local\funmoods.crx [2012-12-25]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Ricky\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-05-30]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-06-09]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Ricky\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-05-30]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [2013-05-30]
==================== Services (Whitelisted) =================
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [123384 2014-01-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-29] (AVG Technologies)
S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-04] (Windows (R) Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2014-03-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-22 15:47 - 2014-03-22 15:50 - 00000000 ____D () C:\FRST
2014-03-22 15:39 - 2014-03-22 15:42 - 00002586 _____ () C:\Users\Ricky\Desktop\Rkill.txt
2014-03-21 13:37 - 2014-03-21 13:40 - 00000000 ____D () C:\Users\Ricky\Downloads\Adobe Photoshop CC 14.2.1 Final Multilanguage [ChingLiu]
2014-03-20 15:53 - 2014-03-20 15:53 - 00006429 _____ () C:\Users\Ricky\AppData\Local\recently-used.xbel
2014-03-20 12:31 - 2014-03-20 12:32 - 00000000 ____D () C:\Users\Ricky\Desktop\New folder (2)
2014-03-20 12:06 - 2014-03-20 12:06 - 00096086 _____ () C:\Users\Ricky\Desktop\Extras.Txt
2014-03-20 12:03 - 2014-03-20 12:03 - 00256346 _____ () C:\Users\Ricky\Desktop\OTL.Txt
2014-03-20 10:09 - 2014-03-20 10:09 - 04745728 _____ (AVAST Software) C:\Users\Ricky\Desktop\aswMBR (1).exe
2014-03-20 10:05 - 2014-03-20 10:05 - 04745728 _____ (AVAST Software) C:\Users\Ricky\Desktop\aswMBR.exe
2014-03-20 09:49 - 2014-03-20 09:49 - 00602112 _____ (OldTimer Tools) C:\Users\Ricky\Desktop\OTL.exe
2014-03-19 23:32 - 2014-03-19 23:32 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Safer Networking
2014-03-19 23:32 - 2014-03-19 23:32 - 00000000 ____D () C:\Program Files (x86)\Safer Networking
2014-03-19 19:45 - 2014-03-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-18 10:56 - 2014-03-18 10:57 - 00858416 _____ () C:\Windows\Minidump\031814-37970-01.dmp
2014-03-17 22:45 - 2014-03-17 23:09 - 00000000 ____D () C:\Users\Ricky\Desktop\Clutha
2014-03-17 14:34 - 2014-03-17 14:34 - 00001377 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-17 14:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-17 14:24 - 2014-03-17 14:24 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Ricky\Downloads\Spybot_Search_Destroy_v2.2.exe
2014-03-16 21:38 - 2014-03-20 19:59 - 00000000 ____D () C:\Users\Ricky\AppData\Local\gtk-2.0
2014-03-16 21:20 - 2014-03-16 21:52 - 00000000 ____D () C:\Users\Ricky\Desktop\Lightroom
2014-03-14 13:12 - 2014-03-14 13:12 - 00000000 ____D () C:\Users\Ricky\Downloads\cycling-routes
2014-03-14 13:11 - 2014-03-14 13:11 - 00057035 _____ () C:\Users\Ricky\Downloads\cycling-routes.zip
2014-03-13 07:31 - 2014-03-01 06:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 07:31 - 2014-03-01 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 07:31 - 2014-03-01 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 07:31 - 2014-03-01 04:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 07:31 - 2014-03-01 04:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 07:31 - 2014-03-01 04:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 07:31 - 2014-03-01 04:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 07:31 - 2014-03-01 04:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 07:31 - 2014-03-01 04:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 07:31 - 2014-03-01 04:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 07:31 - 2014-03-01 04:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 07:31 - 2014-03-01 04:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 07:31 - 2014-03-01 04:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 07:31 - 2014-03-01 04:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 07:31 - 2014-03-01 04:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 07:31 - 2014-03-01 04:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 07:31 - 2014-03-01 04:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 07:31 - 2014-03-01 03:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 07:31 - 2014-03-01 03:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 07:31 - 2014-03-01 03:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 07:31 - 2014-03-01 03:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 07:31 - 2014-03-01 03:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 07:31 - 2014-03-01 03:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 07:31 - 2014-03-01 03:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 07:31 - 2014-03-01 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 07:31 - 2014-03-01 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 07:31 - 2014-03-01 03:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 07:31 - 2014-03-01 03:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 07:31 - 2014-03-01 03:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 07:31 - 2014-03-01 03:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 07:31 - 2014-03-01 03:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 07:31 - 2014-03-01 03:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 07:31 - 2014-03-01 03:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 07:31 - 2014-03-01 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 07:31 - 2014-03-01 02:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 07:31 - 2014-03-01 02:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 07:31 - 2014-03-01 02:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 07:31 - 2014-03-01 02:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 07:31 - 2014-03-01 02:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 07:31 - 2014-03-01 02:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 07:31 - 2014-02-07 01:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 07:31 - 2014-02-04 02:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 07:31 - 2014-02-04 02:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 07:31 - 2014-02-04 02:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 07:31 - 2014-02-04 02:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 07:31 - 2014-01-29 02:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 07:31 - 2014-01-29 02:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 07:31 - 2014-01-28 02:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 22:03 - 2014-03-12 22:08 - 00623789 ____R () C:\Users\Ricky\Downloads\Glasgow Herald [Sun, 21 Jul 2013] - calibre.epub
2014-03-11 17:05 - 2014-03-11 17:05 - 00001345 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-11 17:05 - 2014-03-11 17:05 - 00000000 ____D () C:\Users\Ricky\AppData\Local\NVIDIA Corporation
2014-03-11 17:04 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-03-11 17:04 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-03-11 17:04 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-03-11 17:04 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-03-11 17:04 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-03-11 17:03 - 2014-03-11 17:06 - 00000000 ____D () C:\Users\Ricky\AppData\Local\NVIDIA
2014-03-11 17:03 - 2014-02-05 09:31 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-03-11 17:03 - 2014-02-05 09:30 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-11 17:01 - 2014-03-11 17:01 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-03-11 17:01 - 2014-03-11 17:01 - 00000000 ____D () C:\Windows\system32\NV
2014-03-11 17:01 - 2014-03-04 11:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-11 16:58 - 2014-03-04 14:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 00033736 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-03-11 16:58 - 2013-12-27 18:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-11 16:58 - 2013-12-27 18:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-03-11 16:58 - 2013-12-27 18:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
aranthrue
2014-03-22, 18:13
FRST Part 2
2014-03-11 16:57 - 2014-03-04 14:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-11 16:57 - 2014-03-04 14:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00300320 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2014-03-11 16:55 - 2014-03-11 16:55 - 00000000 ____D () C:\NVIDIA
2014-03-11 16:52 - 2014-03-11 16:53 - 276758080 _____ (NVIDIA Corporation) C:\Users\Ricky\Downloads\335.23-notebook-win8-win7-64bit-international-whql.exe
2014-03-08 14:24 - 2014-03-17 14:28 - 00003442 _____ () C:\Windows\PFRO.log
2014-03-08 09:10 - 2014-03-08 09:10 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-07 22:21 - 2014-03-07 22:21 - 00000000 ____D () C:\Users\Ricky\Downloads\The Essential Guide to Portraits - 4th Edition
2014-03-07 17:30 - 2014-03-07 17:30 - 00000000 ____D () C:\Users\Ricky\Downloads\eclipse-standard-kepler-R-win32
2014-03-07 17:16 - 2014-03-07 17:19 - 208584371 _____ () C:\Users\Ricky\Downloads\eclipse-standard-kepler-R-win32.zip
2014-03-07 13:59 - 2014-03-07 13:59 - 00000000 ____D () C:\Users\Ricky\Documents\Selenium test cases
2014-03-07 13:49 - 2014-03-07 13:49 - 00253160 _____ () C:\Users\Ricky\Downloads\junit-4.10.jar
2014-03-07 13:36 - 2014-03-07 13:36 - 00000000 ____D () C:\Users\Ricky\Downloads\selenium-java-2.40.0
2014-03-07 13:22 - 2014-03-07 13:28 - 00000000 ____D () C:\Users\Ricky\workspace
2014-03-07 13:09 - 2014-03-07 13:08 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-07 13:09 - 2014-03-07 13:08 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-07 13:09 - 2014-03-07 13:08 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-07 13:09 - 2014-03-07 13:08 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-07 13:08 - 2014-03-07 13:08 - 00000000 ____D () C:\Program Files\Java
2014-03-07 13:07 - 2014-03-07 13:08 - 30796712 _____ (Oracle Corporation) C:\Users\Ricky\Downloads\jre-7u51-windows-x64.exe
2014-03-07 12:52 - 2014-03-07 12:52 - 24024159 _____ () C:\Users\Ricky\Downloads\selenium-java-2.40.0.zip
2014-03-07 12:51 - 2014-03-07 12:51 - 34561710 _____ () C:\Users\Ricky\Downloads\selenium-server-standalone-2.40.0.jar
2014-03-07 09:27 - 2014-03-07 09:28 - 00000000 ____D () C:\Users\Ricky\Documents\Disc Images
2014-03-07 07:44 - 2014-03-07 07:44 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Skype
2014-03-06 22:56 - 2013-09-30 16:26 - 03050808 _____ () C:\Windows\system32\pwNative.exe
2014-03-06 22:56 - 2013-09-30 16:26 - 00019152 ____N () C:\Windows\system32\pwdrvio.sys
2014-03-06 22:56 - 2013-09-30 16:26 - 00012504 ____N () C:\Windows\system32\pwdspio.sys
2014-03-06 22:55 - 2014-03-06 22:55 - 20772800 _____ (MiniTool Solution Ltd. ) C:\Users\Ricky\Downloads\pwhe8.exe
2014-03-06 22:55 - 2014-03-06 22:55 - 00001247 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2014-03-06 22:55 - 2014-03-06 22:55 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1
2014-03-06 07:38 - 2014-03-22 07:05 - 00003743 _____ () C:\Windows\setupact.log
2014-03-06 07:38 - 2014-03-06 07:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 20:46 - 2014-03-05 20:46 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Foxit Advanced PDF Editor
2014-03-05 11:55 - 2014-03-06 18:51 - 00000000 ____D () C:\Users\Ricky\Downloads\Person.of.Interest.S02.Season.2.720p.BluRay.x264-DEMAND [PublicHD]
2014-03-05 11:47 - 2014-03-05 11:47 - 00001382 _____ () C:\Users\Public\Desktop\Foxit Advanced PDF Editor.lnk
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Aspell
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\ProgramData\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\ProgramData\Aspell
2014-03-05 11:44 - 2014-03-05 11:44 - 00000000 ____D () C:\Users\Ricky\Downloads\Foxit Advanced PDF Editor v3.0.5 Incl Crack [TorDigger]
2014-03-05 11:37 - 2014-03-05 11:37 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Foxit Software
2014-03-05 11:37 - 2014-03-05 11:37 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-03-05 11:36 - 2014-03-05 11:47 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-03-05 11:14 - 2014-03-05 11:20 - 33488656 _____ (Foxit Corporation ) C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe
2014-03-05 09:57 - 2014-03-05 09:57 - 00000015 _____ () C:\Users\Public\Documents\class.txt
2014-03-04 22:16 - 2014-03-04 22:16 - 01588492 _____ () C:\Users\Public\Documents\Documents1.zip
2014-03-04 22:14 - 2014-03-04 22:14 - 01588410 _____ () C:\Users\Public\Documents\Documents.zip
2014-03-04 22:08 - 2014-03-04 22:08 - 00420784 _____ (WinZip Computing) C:\Users\Ryan\Downloads\WinZip180.exe
2014-03-04 21:56 - 2014-03-04 21:56 - 00000000 ____D () C:\Users\Ryan\Desktop\Transcript_p1 (2)
2014-03-04 21:54 - 2014-03-04 21:54 - 02654628 _____ () C:\Users\Ryan\Desktop\Transcript_p1 (2).zip
2014-03-04 21:42 - 2014-03-04 21:42 - 00000000 ____D () C:\Users\Public\Documents\Degree_Transcript
2014-03-04 21:39 - 2014-03-04 21:10 - 01550452 _____ () C:\Users\Public\Documents\Degree_Transcript.zip
2014-03-04 21:32 - 2014-03-04 21:25 - 01022976 _____ () C:\Users\Ryan\Desktop\Transcript.part1 - Copy.zip
2014-03-04 21:25 - 2014-03-04 21:25 - 01022976 _____ () C:\Users\Ryan\Desktop\Transcript.part1.rar
2014-03-04 21:25 - 2014-03-04 21:25 - 00556900 _____ () C:\Users\Ryan\Desktop\Transcript.part2.rar
2014-03-04 20:59 - 2014-03-05 21:54 - 00000000 ____D () C:\Users\Ryan\Documents\Application
2014-03-04 18:49 - 2014-03-04 18:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Creative
2014-03-04 17:32 - 2014-03-04 17:32 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\tmp
2014-03-04 15:33 - 2010-06-07 16:45 - 00174848 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CtClsFlt.sys
2014-03-04 15:33 - 2009-05-28 10:49 - 00224768 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CtAudDrv.sys
2014-03-04 15:17 - 2014-03-04 15:19 - 00000000 ____D () C:\Users\Ricky\Documents\Dell WebCam Central
2014-03-04 15:04 - 2014-03-04 15:04 - 155377792 _____ () C:\Users\Ricky\Downloads\Dell_SX2210-Monitor_Webcam SW RC1.1_ R230103 (1).exe
2014-03-04 14:23 - 2014-03-04 14:23 - 00000000 ____D () C:\Users\Ricky\Documents\Dell Webcam Center
2014-03-04 14:06 - 2014-03-04 14:12 - 147278480 _____ () C:\Users\Ricky\Downloads\R168730.EXE
2014-03-04 13:30 - 2014-03-04 13:30 - 00010350 _____ () C:\Users\Ricky\Downloads\SmartSource.MediaManager (1).application
2014-03-04 13:28 - 2014-03-04 13:28 - 00010350 _____ () C:\Users\Ricky\Downloads\SmartSource.MediaManager.application
2014-03-04 12:45 - 2014-03-04 12:45 - 02087752 _____ (Dell Inc) C:\Users\Ricky\Downloads\aulauncher.exe
2014-03-04 12:27 - 2014-03-04 12:27 - 10104832 _____ ((c) Phoenix Technologies Ltd. ) C:\Users\Ricky\Downloads\L702X_A19.exe
2014-03-04 11:42 - 2014-03-04 11:42 - 00010350 _____ () C:\Users\Public\Documents\SmartSource.MediaManager.application
2014-03-03 23:46 - 2014-03-08 14:22 - 00000000 ____D () C:\Users\Ricky\Desktop\mbar
2014-03-03 23:46 - 2014-03-08 09:09 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-03 23:45 - 2014-03-03 23:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Ricky\Downloads\mbar-1.07.0.1009.exe
2014-03-03 23:44 - 2014-03-03 23:44 - 00003288 _____ () C:\Windows\System32\Tasks\{6E0B85B0-D2FC-409A-A0BE-8AB9FEC899DE}
2014-02-28 22:20 - 2014-02-28 22:20 - 00001887 _____ () C:\Users\Public\Desktop\Perfect Effects 8.lnk
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\ProgramData\Nalpeiron
2014-02-28 22:19 - 2014-02-28 22:19 - 00000000 ____D () C:\Program Files\onOne Software
2014-02-28 22:18 - 2014-02-28 22:19 - 00000000 ____D () C:\ProgramData\onOne Software
2014-02-28 22:18 - 2014-02-28 22:18 - 00000000 ____D () C:\Program Files (x86)\onOne Software
2014-02-28 22:18 - 2014-01-23 13:53 - 00070768 _____ (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
2014-02-28 22:18 - 2014-01-23 13:53 - 00070768 _____ (Nalpeiron Ltd.) C:\Windows\system32\nlssrv32.exe
2014-02-28 20:33 - 2014-02-28 20:36 - 276555368 _____ (onOne Software) C:\Users\Public\Documents\Perfect_Effects_8.1.0_PE.exe
2014-02-27 22:12 - 2014-02-27 22:17 - 239047446 ____R () C:\Users\Ricky\Downloads\NCIS.S11E10.HDTV.x264-LOL.mp4
2014-02-26 14:24 - 2014-02-26 14:24 - 00000811 _____ () C:\Users\Public\Desktop\TPE.lnk
2014-02-26 14:24 - 2014-02-26 14:24 - 00000000 ____D () C:\Program Files (x86)\TPE
2014-02-26 14:23 - 2014-02-26 14:23 - 02510340 _____ () C:\Users\Ricky\Downloads\tpe_1_1_1 (1).air
2014-02-26 13:51 - 2014-03-05 11:33 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian
2014-02-26 13:50 - 2014-02-26 13:50 - 00003248 _____ () C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-02-26 13:38 - 2014-02-26 13:38 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\iPadian
2014-02-26 12:59 - 2014-02-26 12:59 - 00000650 _____ () C:\Users\Ricky\TPE Locations.kml
2014-02-25 22:53 - 2014-02-25 22:53 - 00026408 _____ () C:\Users\Ricky\Downloads\seats194.xlsx
2014-02-25 14:18 - 2014-02-25 14:18 - 00000000 ____D () C:\Users\Ricky\.thumbnails
2014-02-24 22:17 - 2014-03-15 13:01 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-24 22:17 - 2014-02-24 22:17 - 00002297 _____ () C:\Users\Ricky\Desktop\Chrome App Launcher.lnk
2014-02-24 22:17 - 2014-02-24 22:17 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-02-24 20:31 - 2014-02-24 20:32 - 00000000 ____D () C:\Users\Ricky\Documents\CannonFodder3
2014-02-24 20:20 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-02-24 20:17 - 2014-02-24 21:49 - 00000000 ____D () C:\Program Files (x86)\WildGames
2014-02-24 20:13 - 2014-02-24 20:13 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-24 20:12 - 2014-02-24 20:30 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\WildTangent
2014-02-24 20:12 - 2014-02-24 20:30 - 00000000 ____D () C:\ProgramData\WildTangent
2014-02-24 20:12 - 2014-02-24 20:30 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-02-24 12:57 - 2014-02-24 13:02 - 00004769 _____ () C:\WirelessDiagLog.csv
2014-02-23 18:40 - 2014-02-23 18:40 - 00034015 _____ () C:\Users\Ricky\Downloads\ben-more.gpx
2014-02-21 16:00 - 2014-02-21 16:00 - 00000011 _____ () C:\Users\Public\Documents\RBS weird phone number.txt
2014-02-21 12:16 - 2014-02-21 12:16 - 00027087 _____ () C:\Users\Ricky\Downloads\soapui.nzb
2014-02-20 12:44 - 2014-02-20 14:34 - 00000000 ____D () C:\Users\Ricky\Downloads\Iron.Man.2008.720p.BRRip.XviD.AC3-RARBG
==================== One Month Modified Files and Folders =======
2014-03-22 15:51 - 2012-05-05 03:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 15:50 - 2014-03-22 15:47 - 00000000 ____D () C:\FRST
2014-03-22 15:50 - 2013-12-21 12:21 - 00000000 ____D () C:\Users\Ricky\Desktop\New folder
2014-03-22 15:48 - 2013-04-14 18:08 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D20EA9F3-DC89-458E-BA34-98ED90FC408A}
2014-03-22 15:45 - 2012-05-22 18:54 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Nero
2014-03-22 15:42 - 2014-03-22 15:39 - 00002586 _____ () C:\Users\Ricky\Desktop\Rkill.txt
2014-03-22 15:33 - 2012-05-13 21:04 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-22 15:33 - 2012-05-10 05:06 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752273353-578144960-589867486-1001UA.job
2014-03-22 15:33 - 2012-05-05 05:05 - 01715873 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 11:11 - 2012-05-13 21:04 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-22 07:13 - 2009-07-14 04:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 07:13 - 2009-07-14 04:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 07:08 - 2012-05-05 04:31 - 00000000 ____D () C:\ProgramData\Sonic
2014-03-22 07:07 - 2012-05-05 03:51 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-22 07:06 - 2013-11-19 21:01 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-03-22 07:06 - 2012-05-05 03:56 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-22 07:06 - 2012-05-05 03:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-22 07:05 - 2014-03-06 07:38 - 00003743 _____ () C:\Windows\setupact.log
2014-03-22 07:05 - 2013-08-12 15:52 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-22 07:05 - 2012-05-05 05:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-22 07:05 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 07:05 - 2009-07-14 04:45 - 05219648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-21 22:31 - 2012-05-09 21:01 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Windows Live
2014-03-21 22:19 - 2012-12-30 08:42 - 01037824 ___SH () C:\Users\Ricky\Downloads\Thumbs.db
2014-03-21 18:39 - 2013-05-22 20:28 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-21 18:39 - 2012-05-12 13:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-03-21 16:29 - 2012-05-09 20:22 - 00141360 _____ () C:\Users\Ricky\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-21 16:26 - 2012-05-23 07:00 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-21 16:26 - 2012-05-05 03:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-21 16:25 - 2012-05-23 07:05 - 00000000 ____D () C:\Program Files\Adobe
2014-03-21 14:08 - 2012-05-12 08:16 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\uTorrent
2014-03-21 14:01 - 2012-05-09 20:42 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Adobe
2014-03-21 13:40 - 2014-03-21 13:37 - 00000000 ____D () C:\Users\Ricky\Downloads\Adobe Photoshop CC 14.2.1 Final Multilanguage [ChingLiu]
2014-03-21 13:27 - 2014-02-09 10:16 - 00000000 ____D () C:\Users\Ricky\Downloads\Adobe Bridge CC X64 LS20
2014-03-21 07:41 - 2013-01-09 20:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 23:15 - 2014-02-11 20:30 - 00000000 ____D () C:\Users\Ricky\.gimp-2.8
2014-03-20 20:42 - 2013-08-15 11:39 - 00000000 ____D () C:\Users\Ricky\Documents\Outlook Files
2014-03-20 19:59 - 2014-03-16 21:38 - 00000000 ____D () C:\Users\Ricky\AppData\Local\gtk-2.0
2014-03-20 19:23 - 2013-12-22 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 15:53 - 2014-03-20 15:53 - 00006429 _____ () C:\Users\Ricky\AppData\Local\recently-used.xbel
2014-03-20 13:33 - 2013-04-07 12:30 - 00000000 ____D () C:\Users\Ricky\Desktop\For the web
2014-03-20 12:46 - 2014-02-08 18:21 - 00000000 ____D () C:\Users\Ricky\Desktop\Untitled Export
2014-03-20 12:32 - 2014-03-20 12:31 - 00000000 ____D () C:\Users\Ricky\Desktop\New folder (2)
2014-03-20 12:30 - 2013-11-04 21:05 - 01522176 ___SH () C:\Users\Ricky\Desktop\Thumbs.db
2014-03-20 12:06 - 2014-03-20 12:06 - 00096086 _____ () C:\Users\Ricky\Desktop\Extras.Txt
2014-03-20 12:03 - 2014-03-20 12:03 - 00256346 _____ () C:\Users\Ricky\Desktop\OTL.Txt
2014-03-20 10:09 - 2014-03-20 10:09 - 04745728 _____ (AVAST Software) C:\Users\Ricky\Desktop\aswMBR (1).exe
2014-03-20 10:05 - 2014-03-20 10:05 - 04745728 _____ (AVAST Software) C:\Users\Ricky\Desktop\aswMBR.exe
2014-03-20 09:50 - 2014-02-19 18:15 - 00000000 ____D () C:\Users\Ricky\Downloads\Google Nik Collection 1.1.1.0 (2014) (patch VVK) [ChingLiu]
2014-03-20 09:49 - 2014-03-20 09:49 - 00602112 _____ (OldTimer Tools) C:\Users\Ricky\Desktop\OTL.exe
2014-03-20 00:00 - 2013-08-01 15:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 23:58 - 2012-05-13 21:09 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 23:32 - 2014-03-19 23:32 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Safer Networking
2014-03-19 23:32 - 2014-03-19 23:32 - 00000000 ____D () C:\Program Files (x86)\Safer Networking
2014-03-19 23:27 - 2012-05-10 05:06 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752273353-578144960-589867486-1001Core.job
2014-03-19 20:28 - 2012-09-16 11:45 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Mozilla
2014-03-19 20:23 - 2013-07-26 05:50 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\GlarySoft
2014-03-19 20:17 - 2013-12-15 20:19 - 00000000 ____D () C:\Users\Ryan
2014-03-19 20:17 - 2012-08-11 20:15 - 00000000 ____D () C:\Users\Guest
2014-03-19 20:17 - 2012-05-09 20:21 - 00000000 ____D () C:\Users\Ricky
2014-03-19 20:17 - 2012-05-05 05:06 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-03-19 20:17 - 2012-05-05 05:05 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-03-19 20:16 - 2013-08-06 07:18 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-19 20:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\security
2014-03-19 20:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-03-19 20:13 - 2012-05-12 08:55 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Skype
2014-03-19 20:12 - 2012-05-10 05:06 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Google
2014-03-19 19:45 - 2014-03-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-19 18:16 - 2012-05-10 05:05 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Deployment
2014-03-19 13:57 - 2013-07-26 06:16 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-03-18 16:01 - 2012-06-17 20:42 - 00143360 ___SH () C:\Users\Ricky\Documents\Thumbs.db
2014-03-18 13:43 - 2012-05-19 17:59 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Spotify
2014-03-18 12:38 - 2012-05-19 18:01 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Spotify
2014-03-18 10:57 - 2014-03-18 10:56 - 00858416 _____ () C:\Windows\Minidump\031814-37970-01.dmp
2014-03-18 10:56 - 2014-01-04 16:50 - 877600200 _____ () C:\Windows\MEMORY.DMP
2014-03-18 10:56 - 2012-07-14 09:32 - 00000000 ____D () C:\Windows\Minidump
2014-03-17 23:09 - 2014-03-17 22:45 - 00000000 ____D () C:\Users\Ricky\Desktop\Clutha
2014-03-17 22:02 - 2012-06-10 07:33 - 00002767 _____ () C:\Users\Public\Desktop\SyncUP.lnk
2014-03-17 22:00 - 2012-05-05 04:41 - 00000000 ____D () C:\ProgramData\Nero
2014-03-17 14:34 - 2014-03-17 14:34 - 00001377 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-17 14:34 - 2013-06-02 13:25 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-17 14:34 - 2012-08-20 20:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-17 14:28 - 2014-03-08 14:24 - 00003442 _____ () C:\Windows\PFRO.log
2014-03-17 14:27 - 2013-06-22 06:58 - 00000818 _____ () C:\Windows\wininit.ini
2014-03-17 14:24 - 2014-03-17 14:24 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Ricky\Downloads\Spybot_Search_Destroy_v2.2.exe
2014-03-16 21:52 - 2014-03-16 21:20 - 00000000 ____D () C:\Users\Ricky\Desktop\Lightroom
2014-03-15 13:01 - 2014-02-24 22:17 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 13:12 - 2014-03-14 13:12 - 00000000 ____D () C:\Users\Ricky\Downloads\cycling-routes
2014-03-14 13:11 - 2014-03-14 13:11 - 00057035 _____ () C:\Users\Ricky\Downloads\cycling-routes.zip
2014-03-13 21:32 - 2012-05-17 07:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 21:32 - 2012-05-05 04:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 20:42 - 2013-02-09 16:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 22:08 - 2014-03-12 22:03 - 00623789 ____R () C:\Users\Ricky\Downloads\Glasgow Herald [Sun, 21 Jul 2013] - calibre.epub
2014-03-12 15:52 - 2012-05-05 03:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 15:52 - 2012-05-05 03:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 15:52 - 2012-05-05 03:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 14:22 - 2014-02-10 20:08 - 00001456 _____ () C:\Users\Ricky\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-11 21:31 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-11 17:06 - 2014-03-11 17:03 - 00000000 ____D () C:\Users\Ricky\AppData\Local\NVIDIA
2014-03-11 17:05 - 2014-03-11 17:05 - 00001345 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-11 17:05 - 2014-03-11 17:05 - 00000000 ____D () C:\Users\Ricky\AppData\Local\NVIDIA Corporation
2014-03-11 17:05 - 2012-05-05 05:04 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-11 17:03 - 2012-05-05 05:04 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-11 17:03 - 2012-05-05 05:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-11 17:01 - 2014-03-11 17:01 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-03-11 17:01 - 2014-03-11 17:01 - 00000000 ____D () C:\Windows\system32\NV
2014-03-11 16:55 - 2014-03-11 16:55 - 00000000 ____D () C:\NVIDIA
2014-03-11 16:53 - 2014-03-11 16:52 - 276758080 _____ (NVIDIA Corporation) C:\Users\Ricky\Downloads\335.23-notebook-win8-win7-64bit-international-whql.exe
2014-03-08 14:32 - 2009-07-14 05:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-08 14:24 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Cursors
2014-03-08 14:22 - 2014-03-03 23:46 - 00000000 ____D () C:\Users\Ricky\Desktop\mbar
2014-03-08 09:10 - 2014-03-08 09:10 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-08 09:09 - 2014-03-03 23:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-07 22:21 - 2014-03-07 22:21 - 00000000 ____D () C:\Users\Ricky\Downloads\The Essential Guide to Portraits - 4th Edition
2014-03-07 17:30 - 2014-03-07 17:30 - 00000000 ____D () C:\Users\Ricky\Downloads\eclipse-standard-kepler-R-win32
2014-03-07 17:19 - 2014-03-07 17:16 - 208584371 _____ () C:\Users\Ricky\Downloads\eclipse-standard-kepler-R-win32.zip
2014-03-07 13:59 - 2014-03-07 13:59 - 00000000 ____D () C:\Users\Ricky\Documents\Selenium test cases
2014-03-07 13:49 - 2014-03-07 13:49 - 00253160 _____ () C:\Users\Ricky\Downloads\junit-4.10.jar
2014-03-07 13:36 - 2014-03-07 13:36 - 00000000 ____D () C:\Users\Ricky\Downloads\selenium-java-2.40.0
2014-03-07 13:28 - 2014-03-07 13:22 - 00000000 ____D () C:\Users\Ricky\workspace
2014-03-07 13:08 - 2014-03-07 13:09 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-07 13:08 - 2014-03-07 13:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-07 13:08 - 2014-03-07 13:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-07 13:08 - 2014-03-07 13:09 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-07 13:08 - 2014-03-07 13:08 - 00000000 ____D () C:\Program Files\Java
2014-03-07 13:08 - 2014-03-07 13:07 - 30796712 _____ (Oracle Corporation) C:\Users\Ricky\Downloads\jre-7u51-windows-x64.exe
2014-03-07 12:52 - 2014-03-07 12:52 - 24024159 _____ () C:\Users\Ricky\Downloads\selenium-java-2.40.0.zip
2014-03-07 12:51 - 2014-03-07 12:51 - 34561710 _____ () C:\Users\Ricky\Downloads\selenium-server-standalone-2.40.0.jar
2014-03-07 09:47 - 2013-08-31 12:47 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\vlc
2014-03-07 09:46 - 2012-06-16 19:53 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\dvdcss
2014-03-07 09:28 - 2014-03-07 09:27 - 00000000 ____D () C:\Users\Ricky\Documents\Disc Images
2014-03-07 07:44 - 2014-03-07 07:44 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Skype
2014-03-07 07:44 - 2013-09-20 20:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-07 07:44 - 2012-05-05 03:54 - 00000000 ____D () C:\ProgramData\Skype
2014-03-06 22:55 - 2014-03-06 22:55 - 20772800 _____ (MiniTool Solution Ltd. ) C:\Users\Ricky\Downloads\pwhe8.exe
2014-03-06 22:55 - 2014-03-06 22:55 - 00001247 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2014-03-06 22:55 - 2014-03-06 22:55 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1
2014-03-06 18:51 - 2014-03-05 11:55 - 00000000 ____D () C:\Users\Ricky\Downloads\Person.of.Interest.S02.Season.2.720p.BluRay.x264-DEMAND [PublicHD]
2014-03-06 18:42 - 2012-08-04 07:55 - 00008704 _____ () C:\Users\Ricky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-06 18:40 - 2013-10-14 18:59 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\DivX
2014-03-06 07:38 - 2014-03-06 07:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 21:54 - 2014-03-04 20:59 - 00000000 ____D () C:\Users\Ryan\Documents\Application
2014-03-05 21:07 - 2013-12-20 12:45 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Nero
2014-03-05 20:54 - 2014-01-28 17:24 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\NVIDIA
2014-03-05 20:46 - 2014-03-05 20:46 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00001382 _____ () C:\Users\Public\Desktop\Foxit Advanced PDF Editor.lnk
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Aspell
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\ProgramData\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\ProgramData\Aspell
2014-03-05 11:47 - 2014-03-05 11:36 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-03-05 11:44 - 2014-03-05 11:44 - 00000000 ____D () C:\Users\Ricky\Downloads\Foxit Advanced PDF Editor v3.0.5 Incl Crack [TorDigger]
2014-03-05 11:37 - 2014-03-05 11:37 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Foxit Software
2014-03-05 11:37 - 2014-03-05 11:37 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-03-05 11:33 - 2014-02-26 13:51 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian
2014-03-05 11:20 - 2014-03-05 11:14 - 33488656 _____ (Foxit Corporation ) C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe
2014-03-05 09:57 - 2014-03-05 09:57 - 00000015 _____ () C:\Users\Public\Documents\class.txt
2014-03-04 22:16 - 2014-03-04 22:16 - 01588492 _____ () C:\Users\Public\Documents\Documents1.zip
2014-03-04 22:14 - 2014-03-04 22:14 - 01588410 _____ () C:\Users\Public\Documents\Documents.zip
2014-03-04 22:08 - 2014-03-04 22:08 - 00420784 _____ (WinZip Computing) C:\Users\Ryan\Downloads\WinZip180.exe
2014-03-04 21:56 - 2014-03-04 21:56 - 00000000 ____D () C:\Users\Ryan\Desktop\Transcript_p1 (2)
2014-03-04 21:54 - 2014-03-04 21:54 - 02654628 _____ () C:\Users\Ryan\Desktop\Transcript_p1 (2).zip
2014-03-04 21:42 - 2014-03-04 21:42 - 00000000 ____D () C:\Users\Public\Documents\Degree_Transcript
2014-03-04 21:25 - 2014-03-04 21:32 - 01022976 _____ () C:\Users\Ryan\Desktop\Transcript.part1 - Copy.zip
2014-03-04 21:25 - 2014-03-04 21:25 - 01022976 _____ () C:\Users\Ryan\Desktop\Transcript.part1.rar
2014-03-04 21:25 - 2014-03-04 21:25 - 00556900 _____ () C:\Users\Ryan\Desktop\Transcript.part2.rar
2014-03-04 21:10 - 2014-03-04 21:39 - 01550452 _____ () C:\Users\Public\Documents\Degree_Transcript.zip
2014-03-04 18:49 - 2014-03-04 18:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Creative
2014-03-04 17:39 - 2012-05-05 04:19 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-03-04 17:39 - 2012-05-05 03:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-04 17:32 - 2014-03-04 17:32 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\tmp
2014-03-04 15:43 - 2012-05-09 20:25 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Adobe
2014-03-04 15:42 - 2012-05-09 20:25 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Creative
2014-03-04 15:19 - 2014-03-04 15:17 - 00000000 ____D () C:\Users\Ricky\Documents\Dell WebCam Central
2014-03-04 15:04 - 2014-03-04 15:04 - 155377792 _____ () C:\Users\Ricky\Downloads\Dell_SX2210-Monitor_Webcam SW RC1.1_ R230103 (1).exe
2014-03-04 14:44 - 2012-05-05 04:13 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-03-04 14:35 - 2014-03-11 16:58 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 00033736 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-03-04 14:35 - 2014-03-11 16:57 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-04 14:35 - 2014-03-11 16:57 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00300320 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2014-03-04 14:35 - 2012-10-08 11:42 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-04 14:35 - 2012-05-05 04:26 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-04 14:23 - 2014-03-04 14:23 - 00000000 ____D () C:\Users\Ricky\Documents\Dell Webcam Center
2014-03-04 14:12 - 2014-03-04 14:06 - 147278480 _____ () C:\Users\Ricky\Downloads\R168730.EXE
2014-03-04 13:30 - 2014-03-04 13:30 - 00010350 _____ () C:\Users\Ricky\Downloads\SmartSource.MediaManager (1).application
2014-03-04 13:28 - 2014-03-04 13:28 - 00010350 _____ () C:\Users\Ricky\Downloads\SmartSource.MediaManager.application
2014-03-04 13:06 - 2012-05-05 05:05 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-04 13:06 - 2012-05-05 05:05 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin
2014-03-04 13:05 - 2012-05-05 05:05 - 02558808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 01075032 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-04 13:05 - 2012-05-05 05:05 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-04 12:45 - 2014-03-04 12:45 - 02087752 _____ (Dell Inc) C:\Users\Ricky\Downloads\aulauncher.exe
2014-03-04 12:27 - 2014-03-04 12:27 - 10104832 _____ ((c) Phoenix Technologies Ltd. ) C:\Users\Ricky\Downloads\L702X_A19.exe
2014-03-04 11:42 - 2014-03-04 11:42 - 00010350 _____ () C:\Users\Public\Documents\SmartSource.MediaManager.application
2014-03-04 11:32 - 2014-03-11 17:01 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-04 07:05 - 2012-05-09 20:49 - 00000000 ____D () C:\ProgramData\Creative
2014-03-03 23:45 - 2014-03-03 23:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Ricky\Downloads\mbar-1.07.0.1009.exe
2014-03-03 23:44 - 2014-03-03 23:44 - 00003288 _____ () C:\Windows\System32\Tasks\{6E0B85B0-D2FC-409A-A0BE-8AB9FEC899DE}
2014-03-03 16:12 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-03-02 20:39 - 2012-06-04 12:38 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\NVIDIA
2014-03-01 06:05 - 2014-03-13 07:31 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:17 - 2014-03-13 07:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 05:16 - 2014-03-13 07:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 - 2014-03-13 07:31 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 04:52 - 2014-03-13 07:31 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-13 07:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:42 - 2014-03-13 07:31 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 04:40 - 2014-03-13 07:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 04:37 - 2014-03-13 07:31 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 04:33 - 2014-03-13 07:31 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 04:33 - 2014-03-13 07:31 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 04:32 - 2014-03-13 07:31 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 04:30 - 2014-03-13 07:31 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 04:23 - 2014-03-13 07:31 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 - 2014-03-13 07:31 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:11 - 2014-03-13 07:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 04:02 - 2014-03-13 07:31 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 03:54 - 2014-03-13 07:31 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 03:52 - 2014-03-13 07:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 03:51 - 2014-03-13 07:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 03:47 - 2014-03-13 07:31 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 03:43 - 2014-03-13 07:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 03:43 - 2014-03-13 07:31 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 03:42 - 2014-03-13 07:31 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 03:40 - 2014-03-13 07:31 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 03:38 - 2014-03-13 07:31 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 03:37 - 2014-03-13 07:31 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 03:35 - 2014-03-13 07:31 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 03:18 - 2014-03-13 07:31 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 03:16 - 2014-03-13 07:31 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 03:14 - 2014-03-13 07:31 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 03:10 - 2014-03-13 07:31 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 03:03 - 2014-03-13 07:31 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 03:00 - 2014-03-13 07:31 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 02:57 - 2014-03-13 07:31 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 02:38 - 2014-03-13 07:31 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 02:32 - 2014-03-13 07:31 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 02:27 - 2014-03-13 07:31 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 02:25 - 2014-03-13 07:31 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 02:25 - 2014-03-13 07:31 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 22:20 - 2014-02-28 22:20 - 00001887 _____ () C:\Users\Public\Desktop\Perfect Effects 8.lnk
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\ProgramData\Nalpeiron
2014-02-28 22:19 - 2014-02-28 22:19 - 00000000 ____D () C:\Program Files\onOne Software
2014-02-28 22:19 - 2014-02-28 22:18 - 00000000 ____D () C:\ProgramData\onOne Software
2014-02-28 22:19 - 2013-12-15 20:20 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Adobe
2014-02-28 22:19 - 2012-08-11 20:15 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-02-28 22:18 - 2014-02-28 22:18 - 00000000 ____D () C:\Program Files (x86)\onOne Software
2014-02-28 20:36 - 2014-02-28 20:33 - 276555368 _____ (onOne Software) C:\Users\Public\Documents\Perfect_Effects_8.1.0_PE.exe
2014-02-27 22:17 - 2014-02-27 22:12 - 239047446 ____R () C:\Users\Ricky\Downloads\NCIS.S11E10.HDTV.x264-LOL.mp4
2014-02-26 22:38 - 2012-11-21 21:35 - 00000000 ___SD () C:\Users\Ricky\Google Drive
2014-02-26 14:24 - 2014-02-26 14:24 - 00000811 _____ () C:\Users\Public\Desktop\TPE.lnk
2014-02-26 14:24 - 2014-02-26 14:24 - 00000000 ____D () C:\Program Files (x86)\TPE
2014-02-26 14:23 - 2014-02-26 14:23 - 02510340 _____ () C:\Users\Ricky\Downloads\tpe_1_1_1 (1).air
2014-02-26 13:50 - 2014-02-26 13:50 - 00003248 _____ () C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-02-26 13:38 - 2014-02-26 13:38 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\iPadian
2014-02-26 12:59 - 2014-02-26 12:59 - 00000650 _____ () C:\Users\Ricky\TPE Locations.kml
2014-02-26 12:20 - 2013-05-22 20:27 - 00000000 ____D () C:\Program Files\My Dell
2014-02-25 22:53 - 2014-02-25 22:53 - 00026408 _____ () C:\Users\Ricky\Downloads\seats194.xlsx
2014-02-25 21:38 - 2011-02-10 14:54 - 00766780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 14:18 - 2014-02-25 14:18 - 00000000 ____D () C:\Users\Ricky\.thumbnails
2014-02-24 22:17 - 2014-02-24 22:17 - 00002297 _____ () C:\Users\Ricky\Desktop\Chrome App Launcher.lnk
2014-02-24 22:17 - 2014-02-24 22:17 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-02-24 21:49 - 2014-02-24 20:17 - 00000000 ____D () C:\Program Files (x86)\WildGames
2014-02-24 21:49 - 2013-09-08 20:27 - 00000000 ____D () C:\Users\Ricky\Downloads\NCIS.S10E02.HDTV.XviD-AFG
2014-02-24 21:49 - 2013-09-01 20:53 - 00000000 ____D () C:\Users\Ricky\Downloads\Star Wars Episode III Revenge of the Sith (2005) [1080p]
2014-02-24 21:49 - 2013-09-01 11:22 - 00000000 ____D () C:\Users\Ricky\Downloads\Despicable Me 2 2013 720p TS XviD MP3 MiLLENiUM
2014-02-24 21:49 - 2013-09-01 10:57 - 00000000 ____D () C:\Users\Ricky\Downloads\The Reluctant Fundamentalist[2012]BRRip XviD-ETRG
2014-02-24 21:49 - 2013-08-31 12:46 - 00000000 ____D () C:\Users\Ricky\Downloads\vlc-2.1.0-pre2-win32
2014-02-24 21:49 - 2013-08-22 21:18 - 00000000 ____D () C:\Users\Ricky\Downloads\Monty Python's Life of Brian (1979).DVDRip.XviD.Ekolb
2014-02-24 21:49 - 2013-08-20 07:00 - 00000000 ____D () C:\Users\Ricky\Downloads\Oblivion (2013) [1080p]
2014-02-24 21:49 - 2013-08-11 17:11 - 00000000 ____D () C:\Users\Ricky\Downloads\Microsoft Office 2010 Proffesional
2014-02-24 21:49 - 2013-07-22 14:43 - 00000000 ____D () C:\Users\Ricky\Downloads\RealTemp_370
2014-02-24 21:49 - 2013-01-28 05:05 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-02-24 21:49 - 2012-05-19 17:37 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Dell Edoc Viewer
2014-02-24 21:49 - 2012-05-05 03:17 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-24 21:49 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-24 20:32 - 2014-02-24 20:31 - 00000000 ____D () C:\Users\Ricky\Documents\CannonFodder3
2014-02-24 20:30 - 2014-02-24 20:12 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\WildTangent
2014-02-24 20:30 - 2014-02-24 20:12 - 00000000 ____D () C:\ProgramData\WildTangent
2014-02-24 20:30 - 2014-02-24 20:12 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-02-24 20:13 - 2014-02-24 20:13 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-24 13:02 - 2014-02-24 12:57 - 00004769 _____ () C:\WirelessDiagLog.csv
2014-02-23 18:40 - 2014-02-23 18:40 - 00034015 _____ () C:\Users\Ricky\Downloads\ben-more.gpx
2014-02-22 17:02 - 2013-07-27 08:15 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\DiskDefrag
2014-02-21 16:00 - 2014-02-21 16:00 - 00000011 _____ () C:\Users\Public\Documents\RBS weird phone number.txt
2014-02-21 12:27 - 2012-05-18 19:31 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Newsbin
2014-02-21 12:16 - 2014-02-21 12:16 - 00027087 _____ () C:\Users\Ricky\Downloads\soapui.nzb
2014-02-20 14:34 - 2014-02-20 12:44 - 00000000 ____D () C:\Users\Ricky\Downloads\Iron.Man.2008.720p.BRRip.XviD.AC3-RARBG
Files to move or delete:
====================
C:\ProgramData\PKP_DLdy.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\guitarpro.exe
C:\Users\Ricky\AppData\Local\Temp\Windows-Auth-Host-Service.exe
C:\Users\Ryan\AppData\Local\Temp\Windows-Auth-Host-Service.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-03 16:05
==================== End Of Log ============================
aranthrue
2014-03-22, 18:15
Additions.txt
================
2014-03-11 16:57 - 2014-03-04 14:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-11 16:57 - 2014-03-04 14:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00300320 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2014-03-11 16:55 - 2014-03-11 16:55 - 00000000 ____D () C:\NVIDIA
2014-03-11 16:52 - 2014-03-11 16:53 - 276758080 _____ (NVIDIA Corporation) C:\Users\Ricky\Downloads\335.23-notebook-win8-win7-64bit-international-whql.exe
2014-03-08 14:24 - 2014-03-17 14:28 - 00003442 _____ () C:\Windows\PFRO.log
2014-03-08 09:10 - 2014-03-08 09:10 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-07 22:21 - 2014-03-07 22:21 - 00000000 ____D () C:\Users\Ricky\Downloads\The Essential Guide to Portraits - 4th Edition
2014-03-07 17:30 - 2014-03-07 17:30 - 00000000 ____D () C:\Users\Ricky\Downloads\eclipse-standard-kepler-R-win32
2014-03-07 17:16 - 2014-03-07 17:19 - 208584371 _____ () C:\Users\Ricky\Downloads\eclipse-standard-kepler-R-win32.zip
2014-03-07 13:59 - 2014-03-07 13:59 - 00000000 ____D () C:\Users\Ricky\Documents\Selenium test cases
2014-03-07 13:49 - 2014-03-07 13:49 - 00253160 _____ () C:\Users\Ricky\Downloads\junit-4.10.jar
2014-03-07 13:36 - 2014-03-07 13:36 - 00000000 ____D () C:\Users\Ricky\Downloads\selenium-java-2.40.0
2014-03-07 13:22 - 2014-03-07 13:28 - 00000000 ____D () C:\Users\Ricky\workspace
2014-03-07 13:09 - 2014-03-07 13:08 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-07 13:09 - 2014-03-07 13:08 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-07 13:09 - 2014-03-07 13:08 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-07 13:09 - 2014-03-07 13:08 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-07 13:08 - 2014-03-07 13:08 - 00000000 ____D () C:\Program Files\Java
2014-03-07 13:07 - 2014-03-07 13:08 - 30796712 _____ (Oracle Corporation) C:\Users\Ricky\Downloads\jre-7u51-windows-x64.exe
2014-03-07 12:52 - 2014-03-07 12:52 - 24024159 _____ () C:\Users\Ricky\Downloads\selenium-java-2.40.0.zip
2014-03-07 12:51 - 2014-03-07 12:51 - 34561710 _____ () C:\Users\Ricky\Downloads\selenium-server-standalone-2.40.0.jar
2014-03-07 09:27 - 2014-03-07 09:28 - 00000000 ____D () C:\Users\Ricky\Documents\Disc Images
2014-03-07 07:44 - 2014-03-07 07:44 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Skype
2014-03-06 22:56 - 2013-09-30 16:26 - 03050808 _____ () C:\Windows\system32\pwNative.exe
2014-03-06 22:56 - 2013-09-30 16:26 - 00019152 ____N () C:\Windows\system32\pwdrvio.sys
2014-03-06 22:56 - 2013-09-30 16:26 - 00012504 ____N () C:\Windows\system32\pwdspio.sys
2014-03-06 22:55 - 2014-03-06 22:55 - 20772800 _____ (MiniTool Solution Ltd. ) C:\Users\Ricky\Downloads\pwhe8.exe
2014-03-06 22:55 - 2014-03-06 22:55 - 00001247 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2014-03-06 22:55 - 2014-03-06 22:55 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1
2014-03-06 07:38 - 2014-03-22 07:05 - 00003743 _____ () C:\Windows\setupact.log
2014-03-06 07:38 - 2014-03-06 07:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 20:46 - 2014-03-05 20:46 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Foxit Advanced PDF Editor
2014-03-05 11:55 - 2014-03-06 18:51 - 00000000 ____D () C:\Users\Ricky\Downloads\Person.of.Interest.S02.Season.2.720p.BluRay.x264-DEMAND [PublicHD]
2014-03-05 11:47 - 2014-03-05 11:47 - 00001382 _____ () C:\Users\Public\Desktop\Foxit Advanced PDF Editor.lnk
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Aspell
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\ProgramData\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\ProgramData\Aspell
2014-03-05 11:44 - 2014-03-05 11:44 - 00000000 ____D () C:\Users\Ricky\Downloads\Foxit Advanced PDF Editor v3.0.5 Incl Crack [TorDigger]
2014-03-05 11:37 - 2014-03-05 11:37 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Foxit Software
2014-03-05 11:37 - 2014-03-05 11:37 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-03-05 11:36 - 2014-03-05 11:47 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-03-05 11:14 - 2014-03-05 11:20 - 33488656 _____ (Foxit Corporation ) C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe
2014-03-05 09:57 - 2014-03-05 09:57 - 00000015 _____ () C:\Users\Public\Documents\class.txt
2014-03-04 22:16 - 2014-03-04 22:16 - 01588492 _____ () C:\Users\Public\Documents\Documents1.zip
2014-03-04 22:14 - 2014-03-04 22:14 - 01588410 _____ () C:\Users\Public\Documents\Documents.zip
2014-03-04 22:08 - 2014-03-04 22:08 - 00420784 _____ (WinZip Computing) C:\Users\Ryan\Downloads\WinZip180.exe
2014-03-04 21:56 - 2014-03-04 21:56 - 00000000 ____D () C:\Users\Ryan\Desktop\Transcript_p1 (2)
2014-03-04 21:54 - 2014-03-04 21:54 - 02654628 _____ () C:\Users\Ryan\Desktop\Transcript_p1 (2).zip
2014-03-04 21:42 - 2014-03-04 21:42 - 00000000 ____D () C:\Users\Public\Documents\Degree_Transcript
2014-03-04 21:39 - 2014-03-04 21:10 - 01550452 _____ () C:\Users\Public\Documents\Degree_Transcript.zip
2014-03-04 21:32 - 2014-03-04 21:25 - 01022976 _____ () C:\Users\Ryan\Desktop\Transcript.part1 - Copy.zip
2014-03-04 21:25 - 2014-03-04 21:25 - 01022976 _____ () C:\Users\Ryan\Desktop\Transcript.part1.rar
2014-03-04 21:25 - 2014-03-04 21:25 - 00556900 _____ () C:\Users\Ryan\Desktop\Transcript.part2.rar
2014-03-04 20:59 - 2014-03-05 21:54 - 00000000 ____D () C:\Users\Ryan\Documents\Application
2014-03-04 18:49 - 2014-03-04 18:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Creative
2014-03-04 17:32 - 2014-03-04 17:32 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\tmp
2014-03-04 15:33 - 2010-06-07 16:45 - 00174848 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CtClsFlt.sys
2014-03-04 15:33 - 2009-05-28 10:49 - 00224768 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CtAudDrv.sys
2014-03-04 15:17 - 2014-03-04 15:19 - 00000000 ____D () C:\Users\Ricky\Documents\Dell WebCam Central
2014-03-04 15:04 - 2014-03-04 15:04 - 155377792 _____ () C:\Users\Ricky\Downloads\Dell_SX2210-Monitor_Webcam SW RC1.1_ R230103 (1).exe
2014-03-04 14:23 - 2014-03-04 14:23 - 00000000 ____D () C:\Users\Ricky\Documents\Dell Webcam Center
2014-03-04 14:06 - 2014-03-04 14:12 - 147278480 _____ () C:\Users\Ricky\Downloads\R168730.EXE
2014-03-04 13:30 - 2014-03-04 13:30 - 00010350 _____ () C:\Users\Ricky\Downloads\SmartSource.MediaManager (1).application
2014-03-04 13:28 - 2014-03-04 13:28 - 00010350 _____ () C:\Users\Ricky\Downloads\SmartSource.MediaManager.application
2014-03-04 12:45 - 2014-03-04 12:45 - 02087752 _____ (Dell Inc) C:\Users\Ricky\Downloads\aulauncher.exe
2014-03-04 12:27 - 2014-03-04 12:27 - 10104832 _____ ((c) Phoenix Technologies Ltd. ) C:\Users\Ricky\Downloads\L702X_A19.exe
2014-03-04 11:42 - 2014-03-04 11:42 - 00010350 _____ () C:\Users\Public\Documents\SmartSource.MediaManager.application
2014-03-03 23:46 - 2014-03-08 14:22 - 00000000 ____D () C:\Users\Ricky\Desktop\mbar
2014-03-03 23:46 - 2014-03-08 09:09 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-03 23:45 - 2014-03-03 23:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Ricky\Downloads\mbar-1.07.0.1009.exe
2014-03-03 23:44 - 2014-03-03 23:44 - 00003288 _____ () C:\Windows\System32\Tasks\{6E0B85B0-D2FC-409A-A0BE-8AB9FEC899DE}
2014-02-28 22:20 - 2014-02-28 22:20 - 00001887 _____ () C:\Users\Public\Desktop\Perfect Effects 8.lnk
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\ProgramData\Nalpeiron
2014-02-28 22:19 - 2014-02-28 22:19 - 00000000 ____D () C:\Program Files\onOne Software
2014-02-28 22:18 - 2014-02-28 22:19 - 00000000 ____D () C:\ProgramData\onOne Software
2014-02-28 22:18 - 2014-02-28 22:18 - 00000000 ____D () C:\Program Files (x86)\onOne Software
2014-02-28 22:18 - 2014-01-23 13:53 - 00070768 _____ (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
2014-02-28 22:18 - 2014-01-23 13:53 - 00070768 _____ (Nalpeiron Ltd.) C:\Windows\system32\nlssrv32.exe
2014-02-28 20:33 - 2014-02-28 20:36 - 276555368 _____ (onOne Software) C:\Users\Public\Documents\Perfect_Effects_8.1.0_PE.exe
2014-02-27 22:12 - 2014-02-27 22:17 - 239047446 ____R () C:\Users\Ricky\Downloads\NCIS.S11E10.HDTV.x264-LOL.mp4
2014-02-26 14:24 - 2014-02-26 14:24 - 00000811 _____ () C:\Users\Public\Desktop\TPE.lnk
2014-02-26 14:24 - 2014-02-26 14:24 - 00000000 ____D () C:\Program Files (x86)\TPE
2014-02-26 14:23 - 2014-02-26 14:23 - 02510340 _____ () C:\Users\Ricky\Downloads\tpe_1_1_1 (1).air
2014-02-26 13:51 - 2014-03-05 11:33 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian
2014-02-26 13:50 - 2014-02-26 13:50 - 00003248 _____ () C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-02-26 13:38 - 2014-02-26 13:38 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\iPadian
2014-02-26 12:59 - 2014-02-26 12:59 - 00000650 _____ () C:\Users\Ricky\TPE Locations.kml
2014-02-25 22:53 - 2014-02-25 22:53 - 00026408 _____ () C:\Users\Ricky\Downloads\seats194.xlsx
2014-02-25 14:18 - 2014-02-25 14:18 - 00000000 ____D () C:\Users\Ricky\.thumbnails
2014-02-24 22:17 - 2014-03-15 13:01 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-24 22:17 - 2014-02-24 22:17 - 00002297 _____ () C:\Users\Ricky\Desktop\Chrome App Launcher.lnk
2014-02-24 22:17 - 2014-02-24 22:17 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-02-24 20:31 - 2014-02-24 20:32 - 00000000 ____D () C:\Users\Ricky\Documents\CannonFodder3
2014-02-24 20:20 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-02-24 20:17 - 2014-02-24 21:49 - 00000000 ____D () C:\Program Files (x86)\WildGames
2014-02-24 20:13 - 2014-02-24 20:13 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-24 20:12 - 2014-02-24 20:30 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\WildTangent
2014-02-24 20:12 - 2014-02-24 20:30 - 00000000 ____D () C:\ProgramData\WildTangent
2014-02-24 20:12 - 2014-02-24 20:30 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-02-24 12:57 - 2014-02-24 13:02 - 00004769 _____ () C:\WirelessDiagLog.csv
2014-02-23 18:40 - 2014-02-23 18:40 - 00034015 _____ () C:\Users\Ricky\Downloads\ben-more.gpx
2014-02-21 16:00 - 2014-02-21 16:00 - 00000011 _____ () C:\Users\Public\Documents\RBS weird phone number.txt
2014-02-21 12:16 - 2014-02-21 12:16 - 00027087 _____ () C:\Users\Ricky\Downloads\soapui.nzb
2014-02-20 12:44 - 2014-02-20 14:34 - 00000000 ____D () C:\Users\Ricky\Downloads\Iron.Man.2008.720p.BRRip.XviD.AC3-RARBG
==================== One Month Modified Files and Folders =======
2014-03-22 15:51 - 2012-05-05 03:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 15:50 - 2014-03-22 15:47 - 00000000 ____D () C:\FRST
2014-03-22 15:50 - 2013-12-21 12:21 - 00000000 ____D () C:\Users\Ricky\Desktop\New folder
2014-03-22 15:48 - 2013-04-14 18:08 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D20EA9F3-DC89-458E-BA34-98ED90FC408A}
2014-03-22 15:45 - 2012-05-22 18:54 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Nero
2014-03-22 15:42 - 2014-03-22 15:39 - 00002586 _____ () C:\Users\Ricky\Desktop\Rkill.txt
2014-03-22 15:33 - 2012-05-13 21:04 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-22 15:33 - 2012-05-10 05:06 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752273353-578144960-589867486-1001UA.job
2014-03-22 15:33 - 2012-05-05 05:05 - 01715873 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 11:11 - 2012-05-13 21:04 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-22 07:13 - 2009-07-14 04:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 07:13 - 2009-07-14 04:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 07:08 - 2012-05-05 04:31 - 00000000 ____D () C:\ProgramData\Sonic
2014-03-22 07:07 - 2012-05-05 03:51 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-22 07:06 - 2013-11-19 21:01 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-03-22 07:06 - 2012-05-05 03:56 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-22 07:06 - 2012-05-05 03:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-22 07:05 - 2014-03-06 07:38 - 00003743 _____ () C:\Windows\setupact.log
2014-03-22 07:05 - 2013-08-12 15:52 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-22 07:05 - 2012-05-05 05:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-22 07:05 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 07:05 - 2009-07-14 04:45 - 05219648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-21 22:31 - 2012-05-09 21:01 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Windows Live
2014-03-21 22:19 - 2012-12-30 08:42 - 01037824 ___SH () C:\Users\Ricky\Downloads\Thumbs.db
2014-03-21 18:39 - 2013-05-22 20:28 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-21 18:39 - 2012-05-12 13:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-03-21 16:29 - 2012-05-09 20:22 - 00141360 _____ () C:\Users\Ricky\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-21 16:26 - 2012-05-23 07:00 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-21 16:26 - 2012-05-05 03:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-21 16:25 - 2012-05-23 07:05 - 00000000 ____D () C:\Program Files\Adobe
2014-03-21 14:08 - 2012-05-12 08:16 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\uTorrent
2014-03-21 14:01 - 2012-05-09 20:42 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Adobe
2014-03-21 13:40 - 2014-03-21 13:37 - 00000000 ____D () C:\Users\Ricky\Downloads\Adobe Photoshop CC 14.2.1 Final Multilanguage [ChingLiu]
2014-03-21 13:27 - 2014-02-09 10:16 - 00000000 ____D () C:\Users\Ricky\Downloads\Adobe Bridge CC X64 LS20
2014-03-21 07:41 - 2013-01-09 20:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 23:15 - 2014-02-11 20:30 - 00000000 ____D () C:\Users\Ricky\.gimp-2.8
2014-03-20 20:42 - 2013-08-15 11:39 - 00000000 ____D () C:\Users\Ricky\Documents\Outlook Files
2014-03-20 19:59 - 2014-03-16 21:38 - 00000000 ____D () C:\Users\Ricky\AppData\Local\gtk-2.0
2014-03-20 19:23 - 2013-12-22 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 15:53 - 2014-03-20 15:53 - 00006429 _____ () C:\Users\Ricky\AppData\Local\recently-used.xbel
2014-03-20 13:33 - 2013-04-07 12:30 - 00000000 ____D () C:\Users\Ricky\Desktop\For the web
2014-03-20 12:46 - 2014-02-08 18:21 - 00000000 ____D () C:\Users\Ricky\Desktop\Untitled Export
2014-03-20 12:32 - 2014-03-20 12:31 - 00000000 ____D () C:\Users\Ricky\Desktop\New folder (2)
2014-03-20 12:30 - 2013-11-04 21:05 - 01522176 ___SH () C:\Users\Ricky\Desktop\Thumbs.db
2014-03-20 12:06 - 2014-03-20 12:06 - 00096086 _____ () C:\Users\Ricky\Desktop\Extras.Txt
2014-03-20 12:03 - 2014-03-20 12:03 - 00256346 _____ () C:\Users\Ricky\Desktop\OTL.Txt
2014-03-20 10:09 - 2014-03-20 10:09 - 04745728 _____ (AVAST Software) C:\Users\Ricky\Desktop\aswMBR (1).exe
2014-03-20 10:05 - 2014-03-20 10:05 - 04745728 _____ (AVAST Software) C:\Users\Ricky\Desktop\aswMBR.exe
2014-03-20 09:50 - 2014-02-19 18:15 - 00000000 ____D () C:\Users\Ricky\Downloads\Google Nik Collection 1.1.1.0 (2014) (patch VVK) [ChingLiu]
2014-03-20 09:49 - 2014-03-20 09:49 - 00602112 _____ (OldTimer Tools) C:\Users\Ricky\Desktop\OTL.exe
2014-03-20 00:00 - 2013-08-01 15:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 23:58 - 2012-05-13 21:09 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 23:32 - 2014-03-19 23:32 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Safer Networking
2014-03-19 23:32 - 2014-03-19 23:32 - 00000000 ____D () C:\Program Files (x86)\Safer Networking
2014-03-19 23:27 - 2012-05-10 05:06 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752273353-578144960-589867486-1001Core.job
2014-03-19 20:28 - 2012-09-16 11:45 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Mozilla
2014-03-19 20:23 - 2013-07-26 05:50 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\GlarySoft
2014-03-19 20:17 - 2013-12-15 20:19 - 00000000 ____D () C:\Users\Ryan
2014-03-19 20:17 - 2012-08-11 20:15 - 00000000 ____D () C:\Users\Guest
2014-03-19 20:17 - 2012-05-09 20:21 - 00000000 ____D () C:\Users\Ricky
2014-03-19 20:17 - 2012-05-05 05:06 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-03-19 20:17 - 2012-05-05 05:05 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-03-19 20:16 - 2013-08-06 07:18 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-19 20:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\security
2014-03-19 20:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-03-19 20:13 - 2012-05-12 08:55 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Skype
2014-03-19 20:12 - 2012-05-10 05:06 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Google
2014-03-19 19:45 - 2014-03-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-19 18:16 - 2012-05-10 05:05 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Deployment
2014-03-19 13:57 - 2013-07-26 06:16 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-03-18 16:01 - 2012-06-17 20:42 - 00143360 ___SH () C:\Users\Ricky\Documents\Thumbs.db
2014-03-18 13:43 - 2012-05-19 17:59 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Spotify
2014-03-18 12:38 - 2012-05-19 18:01 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Spotify
2014-03-18 10:57 - 2014-03-18 10:56 - 00858416 _____ () C:\Windows\Minidump\031814-37970-01.dmp
2014-03-18 10:56 - 2014-01-04 16:50 - 877600200 _____ () C:\Windows\MEMORY.DMP
2014-03-18 10:56 - 2012-07-14 09:32 - 00000000 ____D () C:\Windows\Minidump
2014-03-17 23:09 - 2014-03-17 22:45 - 00000000 ____D () C:\Users\Ricky\Desktop\Clutha
2014-03-17 22:02 - 2012-06-10 07:33 - 00002767 _____ () C:\Users\Public\Desktop\SyncUP.lnk
2014-03-17 22:00 - 2012-05-05 04:41 - 00000000 ____D () C:\ProgramData\Nero
2014-03-17 14:34 - 2014-03-17 14:34 - 00001377 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-17 14:34 - 2013-06-02 13:25 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-17 14:34 - 2012-08-20 20:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-17 14:28 - 2014-03-08 14:24 - 00003442 _____ () C:\Windows\PFRO.log
2014-03-17 14:27 - 2013-06-22 06:58 - 00000818 _____ () C:\Windows\wininit.ini
2014-03-17 14:24 - 2014-03-17 14:24 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Ricky\Downloads\Spybot_Search_Destroy_v2.2.exe
2014-03-16 21:52 - 2014-03-16 21:20 - 00000000 ____D () C:\Users\Ricky\Desktop\Lightroom
2014-03-15 13:01 - 2014-02-24 22:17 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 13:12 - 2014-03-14 13:12 - 00000000 ____D () C:\Users\Ricky\Downloads\cycling-routes
2014-03-14 13:11 - 2014-03-14 13:11 - 00057035 _____ () C:\Users\Ricky\Downloads\cycling-routes.zip
2014-03-13 21:32 - 2012-05-17 07:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 21:32 - 2012-05-05 04:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 20:42 - 2013-02-09 16:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 22:08 - 2014-03-12 22:03 - 00623789 ____R () C:\Users\Ricky\Downloads\Glasgow Herald [Sun, 21 Jul 2013] - calibre.epub
2014-03-12 15:52 - 2012-05-05 03:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 15:52 - 2012-05-05 03:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 15:52 - 2012-05-05 03:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 14:22 - 2014-02-10 20:08 - 00001456 _____ () C:\Users\Ricky\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-11 21:31 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-11 17:06 - 2014-03-11 17:03 - 00000000 ____D () C:\Users\Ricky\AppData\Local\NVIDIA
2014-03-11 17:05 - 2014-03-11 17:05 - 00001345 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-11 17:05 - 2014-03-11 17:05 - 00000000 ____D () C:\Users\Ricky\AppData\Local\NVIDIA Corporation
2014-03-11 17:05 - 2012-05-05 05:04 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-11 17:03 - 2012-05-05 05:04 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-11 17:03 - 2012-05-05 05:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-11 17:01 - 2014-03-11 17:01 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-03-11 17:01 - 2014-03-11 17:01 - 00000000 ____D () C:\Windows\system32\NV
2014-03-11 16:55 - 2014-03-11 16:55 - 00000000 ____D () C:\NVIDIA
2014-03-11 16:53 - 2014-03-11 16:52 - 276758080 _____ (NVIDIA Corporation) C:\Users\Ricky\Downloads\335.23-notebook-win8-win7-64bit-international-whql.exe
2014-03-08 14:32 - 2009-07-14 05:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-08 14:24 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Cursors
2014-03-08 14:22 - 2014-03-03 23:46 - 00000000 ____D () C:\Users\Ricky\Desktop\mbar
2014-03-08 09:10 - 2014-03-08 09:10 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-08 09:09 - 2014-03-03 23:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-07 22:21 - 2014-03-07 22:21 - 00000000 ____D () C:\Users\Ricky\Downloads\The Essential Guide to Portraits - 4th Edition
2014-03-07 17:30 - 2014-03-07 17:30 - 00000000 ____D () C:\Users\Ricky\Downloads\eclipse-standard-kepler-R-win32
2014-03-07 17:19 - 2014-03-07 17:16 - 208584371 _____ () C:\Users\Ricky\Downloads\eclipse-standard-kepler-R-win32.zip
2014-03-07 13:59 - 2014-03-07 13:59 - 00000000 ____D () C:\Users\Ricky\Documents\Selenium test cases
2014-03-07 13:49 - 2014-03-07 13:49 - 00253160 _____ () C:\Users\Ricky\Downloads\junit-4.10.jar
2014-03-07 13:36 - 2014-03-07 13:36 - 00000000 ____D () C:\Users\Ricky\Downloads\selenium-java-2.40.0
2014-03-07 13:28 - 2014-03-07 13:22 - 00000000 ____D () C:\Users\Ricky\workspace
2014-03-07 13:08 - 2014-03-07 13:09 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-07 13:08 - 2014-03-07 13:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-07 13:08 - 2014-03-07 13:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-07 13:08 - 2014-03-07 13:09 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-07 13:08 - 2014-03-07 13:08 - 00000000 ____D () C:\Program Files\Java
2014-03-07 13:08 - 2014-03-07 13:07 - 30796712 _____ (Oracle Corporation) C:\Users\Ricky\Downloads\jre-7u51-windows-x64.exe
2014-03-07 12:52 - 2014-03-07 12:52 - 24024159 _____ () C:\Users\Ricky\Downloads\selenium-java-2.40.0.zip
2014-03-07 12:51 - 2014-03-07 12:51 - 34561710 _____ () C:\Users\Ricky\Downloads\selenium-server-standalone-2.40.0.jar
2014-03-07 09:47 - 2013-08-31 12:47 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\vlc
2014-03-07 09:46 - 2012-06-16 19:53 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\dvdcss
2014-03-07 09:28 - 2014-03-07 09:27 - 00000000 ____D () C:\Users\Ricky\Documents\Disc Images
2014-03-07 07:44 - 2014-03-07 07:44 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Skype
2014-03-07 07:44 - 2013-09-20 20:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-07 07:44 - 2012-05-05 03:54 - 00000000 ____D () C:\ProgramData\Skype
2014-03-06 22:55 - 2014-03-06 22:55 - 20772800 _____ (MiniTool Solution Ltd. ) C:\Users\Ricky\Downloads\pwhe8.exe
2014-03-06 22:55 - 2014-03-06 22:55 - 00001247 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2014-03-06 22:55 - 2014-03-06 22:55 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1
2014-03-06 18:51 - 2014-03-05 11:55 - 00000000 ____D () C:\Users\Ricky\Downloads\Person.of.Interest.S02.Season.2.720p.BluRay.x264-DEMAND [PublicHD]
2014-03-06 18:42 - 2012-08-04 07:55 - 00008704 _____ () C:\Users\Ricky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-06 18:40 - 2013-10-14 18:59 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\DivX
2014-03-06 07:38 - 2014-03-06 07:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 21:54 - 2014-03-04 20:59 - 00000000 ____D () C:\Users\Ryan\Documents\Application
2014-03-05 21:07 - 2013-12-20 12:45 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Nero
2014-03-05 20:54 - 2014-01-28 17:24 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\NVIDIA
2014-03-05 20:46 - 2014-03-05 20:46 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00001382 _____ () C:\Users\Public\Desktop\Foxit Advanced PDF Editor.lnk
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Aspell
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\ProgramData\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\ProgramData\Aspell
2014-03-05 11:47 - 2014-03-05 11:36 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-03-05 11:44 - 2014-03-05 11:44 - 00000000 ____D () C:\Users\Ricky\Downloads\Foxit Advanced PDF Editor v3.0.5 Incl Crack [TorDigger]
2014-03-05 11:37 - 2014-03-05 11:37 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Foxit Software
2014-03-05 11:37 - 2014-03-05 11:37 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-03-05 11:33 - 2014-02-26 13:51 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian
2014-03-05 11:20 - 2014-03-05 11:14 - 33488656 _____ (Foxit Corporation ) C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe
2014-03-05 09:57 - 2014-03-05 09:57 - 00000015 _____ () C:\Users\Public\Documents\class.txt
2014-03-04 22:16 - 2014-03-04 22:16 - 01588492 _____ () C:\Users\Public\Documents\Documents1.zip
2014-03-04 22:14 - 2014-03-04 22:14 - 01588410 _____ () C:\Users\Public\Documents\Documents.zip
2014-03-04 22:08 - 2014-03-04 22:08 - 00420784 _____ (WinZip Computing) C:\Users\Ryan\Downloads\WinZip180.exe
2014-03-04 21:56 - 2014-03-04 21:56 - 00000000 ____D () C:\Users\Ryan\Desktop\Transcript_p1 (2)
2014-03-04 21:54 - 2014-03-04 21:54 - 02654628 _____ () C:\Users\Ryan\Desktop\Transcript_p1 (2).zip
2014-03-04 21:42 - 2014-03-04 21:42 - 00000000 ____D () C:\Users\Public\Documents\Degree_Transcript
2014-03-04 21:25 - 2014-03-04 21:32 - 01022976 _____ () C:\Users\Ryan\Desktop\Transcript.part1 - Copy.zip
2014-03-04 21:25 - 2014-03-04 21:25 - 01022976 _____ () C:\Users\Ryan\Desktop\Transcript.part1.rar
2014-03-04 21:25 - 2014-03-04 21:25 - 00556900 _____ () C:\Users\Ryan\Desktop\Transcript.part2.rar
2014-03-04 21:10 - 2014-03-04 21:39 - 01550452 _____ () C:\Users\Public\Documents\Degree_Transcript.zip
2014-03-04 18:49 - 2014-03-04 18:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Creative
2014-03-04 17:39 - 2012-05-05 04:19 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-03-04 17:39 - 2012-05-05 03:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-04 17:32 - 2014-03-04 17:32 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\tmp
2014-03-04 15:43 - 2012-05-09 20:25 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Adobe
2014-03-04 15:42 - 2012-05-09 20:25 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Creative
2014-03-04 15:19 - 2014-03-04 15:17 - 00000000 ____D () C:\Users\Ricky\Documents\Dell WebCam Central
2014-03-04 15:04 - 2014-03-04 15:04 - 155377792 _____ () C:\Users\Ricky\Downloads\Dell_SX2210-Monitor_Webcam SW RC1.1_ R230103 (1).exe
2014-03-04 14:44 - 2012-05-05 04:13 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-03-04 14:35 - 2014-03-11 16:58 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 00033736 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-03-04 14:35 - 2014-03-11 16:57 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-04 14:35 - 2014-03-11 16:57 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00300320 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2014-03-04 14:35 - 2012-10-08 11:42 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-04 14:35 - 2012-05-05 04:26 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-04 14:23 - 2014-03-04 14:23 - 00000000 ____D () C:\Users\Ricky\Documents\Dell Webcam Center
2014-03-04 14:12 - 2014-03-04 14:06 - 147278480 _____ () C:\Users\Ricky\Downloads\R168730.EXE
2014-03-04 13:30 - 2014-03-04 13:30 - 00010350 _____ () C:\Users\Ricky\Downloads\SmartSource.MediaManager (1).application
2014-03-04 13:28 - 2014-03-04 13:28 - 00010350 _____ () C:\Users\Ricky\Downloads\SmartSource.MediaManager.application
2014-03-04 13:06 - 2012-05-05 05:05 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-04 13:06 - 2012-05-05 05:05 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin
2014-03-04 13:05 - 2012-05-05 05:05 - 02558808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 01075032 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-04 13:05 - 2012-05-05 05:05 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-04 12:45 - 2014-03-04 12:45 - 02087752 _____ (Dell Inc) C:\Users\Ricky\Downloads\aulauncher.exe
2014-03-04 12:27 - 2014-03-04 12:27 - 10104832 _____ ((c) Phoenix Technologies Ltd. ) C:\Users\Ricky\Downloads\L702X_A19.exe
2014-03-04 11:42 - 2014-03-04 11:42 - 00010350 _____ () C:\Users\Public\Documents\SmartSource.MediaManager.application
2014-03-04 11:32 - 2014-03-11 17:01 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-04 07:05 - 2012-05-09 20:49 - 00000000 ____D () C:\ProgramData\Creative
2014-03-03 23:45 - 2014-03-03 23:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Ricky\Downloads\mbar-1.07.0.1009.exe
2014-03-03 23:44 - 2014-03-03 23:44 - 00003288 _____ () C:\Windows\System32\Tasks\{6E0B85B0-D2FC-409A-A0BE-8AB9FEC899DE}
2014-03-03 16:12 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-03-02 20:39 - 2012-06-04 12:38 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\NVIDIA
2014-03-01 06:05 - 2014-03-13 07:31 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:17 - 2014-03-13 07:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 05:16 - 2014-03-13 07:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 - 2014-03-13 07:31 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 04:52 - 2014-03-13 07:31 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-13 07:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:42 - 2014-03-13 07:31 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 04:40 - 2014-03-13 07:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 04:37 - 2014-03-13 07:31 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 04:33 - 2014-03-13 07:31 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 04:33 - 2014-03-13 07:31 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 04:32 - 2014-03-13 07:31 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 04:30 - 2014-03-13 07:31 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 04:23 - 2014-03-13 07:31 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 - 2014-03-13 07:31 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:11 - 2014-03-13 07:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 04:02 - 2014-03-13 07:31 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 03:54 - 2014-03-13 07:31 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 03:52 - 2014-03-13 07:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 03:51 - 2014-03-13 07:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 03:47 - 2014-03-13 07:31 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 03:43 - 2014-03-13 07:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 03:43 - 2014-03-13 07:31 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 03:42 - 2014-03-13 07:31 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 03:40 - 2014-03-13 07:31 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 03:38 - 2014-03-13 07:31 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 03:37 - 2014-03-13 07:31 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 03:35 - 2014-03-13 07:31 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 03:18 - 2014-03-13 07:31 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 03:16 - 2014-03-13 07:31 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 03:14 - 2014-03-13 07:31 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 03:10 - 2014-03-13 07:31 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 03:03 - 2014-03-13 07:31 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 03:00 - 2014-03-13 07:31 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 02:57 - 2014-03-13 07:31 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 02:38 - 2014-03-13 07:31 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 02:32 - 2014-03-13 07:31 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 02:27 - 2014-03-13 07:31 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 02:25 - 2014-03-13 07:31 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 02:25 - 2014-03-13 07:31 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 22:20 - 2014-02-28 22:20 - 00001887 _____ () C:\Users\Public\Desktop\Perfect Effects 8.lnk
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\ProgramData\Nalpeiron
2014-02-28 22:19 - 2014-02-28 22:19 - 00000000 ____D () C:\Program Files\onOne Software
2014-02-28 22:19 - 2014-02-28 22:18 - 00000000 ____D () C:\ProgramData\onOne Software
2014-02-28 22:19 - 2013-12-15 20:20 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Adobe
2014-02-28 22:19 - 2012-08-11 20:15 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-02-28 22:18 - 2014-02-28 22:18 - 00000000 ____D () C:\Program Files (x86)\onOne Software
2014-02-28 20:36 - 2014-02-28 20:33 - 276555368 _____ (onOne Software) C:\Users\Public\Documents\Perfect_Effects_8.1.0_PE.exe
2014-02-27 22:17 - 2014-02-27 22:12 - 239047446 ____R () C:\Users\Ricky\Downloads\NCIS.S11E10.HDTV.x264-LOL.mp4
2014-02-26 22:38 - 2012-11-21 21:35 - 00000000 ___SD () C:\Users\Ricky\Google Drive
2014-02-26 14:24 - 2014-02-26 14:24 - 00000811 _____ () C:\Users\Public\Desktop\TPE.lnk
2014-02-26 14:24 - 2014-02-26 14:24 - 00000000 ____D () C:\Program Files (x86)\TPE
2014-02-26 14:23 - 2014-02-26 14:23 - 02510340 _____ () C:\Users\Ricky\Downloads\tpe_1_1_1 (1).air
2014-02-26 13:50 - 2014-02-26 13:50 - 00003248 _____ () C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-02-26 13:38 - 2014-02-26 13:38 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\iPadian
2014-02-26 12:59 - 2014-02-26 12:59 - 00000650 _____ () C:\Users\Ricky\TPE Locations.kml
2014-02-26 12:20 - 2013-05-22 20:27 - 00000000 ____D () C:\Program Files\My Dell
2014-02-25 22:53 - 2014-02-25 22:53 - 00026408 _____ () C:\Users\Ricky\Downloads\seats194.xlsx
2014-02-25 21:38 - 2011-02-10 14:54 - 00766780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 14:18 - 2014-02-25 14:18 - 00000000 ____D () C:\Users\Ricky\.thumbnails
2014-02-24 22:17 - 2014-02-24 22:17 - 00002297 _____ () C:\Users\Ricky\Desktop\Chrome App Launcher.lnk
2014-02-24 22:17 - 2014-02-24 22:17 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-02-24 21:49 - 2014-02-24 20:17 - 00000000 ____D () C:\Program Files (x86)\WildGames
2014-02-24 21:49 - 2013-09-08 20:27 - 00000000 ____D () C:\Users\Ricky\Downloads\NCIS.S10E02.HDTV.XviD-AFG
2014-02-24 21:49 - 2013-09-01 20:53 - 00000000 ____D () C:\Users\Ricky\Downloads\Star Wars Episode III Revenge of the Sith (2005) [1080p]
2014-02-24 21:49 - 2013-09-01 11:22 - 00000000 ____D () C:\Users\Ricky\Downloads\Despicable Me 2 2013 720p TS XviD MP3 MiLLENiUM
2014-02-24 21:49 - 2013-09-01 10:57 - 00000000 ____D () C:\Users\Ricky\Downloads\The Reluctant Fundamentalist[2012]BRRip XviD-ETRG
2014-02-24 21:49 - 2013-08-31 12:46 - 00000000 ____D () C:\Users\Ricky\Downloads\vlc-2.1.0-pre2-win32
2014-02-24 21:49 - 2013-08-22 21:18 - 00000000 ____D () C:\Users\Ricky\Downloads\Monty Python's Life of Brian (1979).DVDRip.XviD.Ekolb
2014-02-24 21:49 - 2013-08-20 07:00 - 00000000 ____D () C:\Users\Ricky\Downloads\Oblivion (2013) [1080p]
2014-02-24 21:49 - 2013-08-11 17:11 - 00000000 ____D () C:\Users\Ricky\Downloads\Microsoft Office 2010 Proffesional
2014-02-24 21:49 - 2013-07-22 14:43 - 00000000 ____D () C:\Users\Ricky\Downloads\RealTemp_370
2014-02-24 21:49 - 2013-01-28 05:05 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-02-24 21:49 - 2012-05-19 17:37 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Dell Edoc Viewer
2014-02-24 21:49 - 2012-05-05 03:17 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-24 21:49 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-24 20:32 - 2014-02-24 20:31 - 00000000 ____D () C:\Users\Ricky\Documents\CannonFodder3
2014-02-24 20:30 - 2014-02-24 20:12 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\WildTangent
2014-02-24 20:30 - 2014-02-24 20:12 - 00000000 ____D () C:\ProgramData\WildTangent
2014-02-24 20:30 - 2014-02-24 20:12 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-02-24 20:13 - 2014-02-24 20:13 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-24 13:02 - 2014-02-24 12:57 - 00004769 _____ () C:\WirelessDiagLog.csv
2014-02-23 18:40 - 2014-02-23 18:40 - 00034015 _____ () C:\Users\Ricky\Downloads\ben-more.gpx
2014-02-22 17:02 - 2013-07-27 08:15 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\DiskDefrag
2014-02-21 16:00 - 2014-02-21 16:00 - 00000011 _____ () C:\Users\Public\Documents\RBS weird phone number.txt
2014-02-21 12:27 - 2012-05-18 19:31 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Newsbin
2014-02-21 12:16 - 2014-02-21 12:16 - 00027087 _____ () C:\Users\Ricky\Downloads\soapui.nzb
2014-02-20 14:34 - 2014-02-20 12:44 - 00000000 ____D () C:\Users\Ricky\Downloads\Iron.Man.2008.720p.BRRip.XviD.AC3-RARBG
Files to move or delete:
====================
C:\ProgramData\PKP_DLdy.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\guitarpro.exe
C:\Users\Ricky\AppData\Local\Temp\Windows-Auth-Host-Service.exe
C:\Users\Ryan\AppData\Local\Temp\Windows-Auth-Host-Service.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-03 16:05
==================== End Of Log ============================
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
ProxyServer: localhost:21320
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {8AE39BE8-E198-4B5C-9DA4-49AF9C3DE02F} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {D58CF460-165A-4AEB-81C0-2A35D9787E40} URL =
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
FF user.js: detected! => C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\user.js
CHR Extension: (WhiteSmoke New) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2014-02-24]
CHR HKLM\...\Chrome\Extension: - C:\Users\Ricky\AppData\Local\funmoods.crx [2012-12-25]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Ricky\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-05-30]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Ricky\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-05-30]
C:\ProgramData\PKP_DLdy.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Guest\AppData\Local\Temp\guitarpro.exe
C:\Users\Ricky\AppData\Local\Temp\Windows-Auth-Host-Service.exe
C:\Users\Ryan\AppData\Local\Temp\Windows-Auth-Host-Service.exe
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
CMD: ipconfig /flushdns
Reboot:
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
[b]NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
******************
Please download and run RogueKiller 32 Bit (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.
RogueKiller 64 Bit (http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe) <---use this one for 64 bit systems
Which system am I using? (http://support.microsoft.com/kb/827218)
Quit all running programs.
For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!
Post back the report which should be located on your desktop.
Please post
Fixlog.txt
RogueKiller log
aranthrue
2014-03-23, 10:07
Hi Juliet, For future reference the url to Roguekiller is now http://www.adlice.com/softwares/roguekiller/
Fixlog.txt
=====================================================================================
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Ricky at 2014-03-22 18:39:39 Run:1
Running from C:\Users\Ricky\Desktop\New folder
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
ProxyServer: localhost:21320
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {8AE39BE8-E198-4B5C-9DA4-49AF9C3DE02F} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {D58CF460-165A-4AEB-81C0-2A35D9787E40} URL =
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
FF user.js: detected! => C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\user.js
CHR Extension: (WhiteSmoke New) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2014-02-24]
CHR HKLM\...\Chrome\Extension: - C:\Users\Ricky\AppData\Local\funmoods.crx [2012-12-25]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Ricky\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-05-30]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Ricky\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-05-30]
C:\ProgramData\PKP_DLdy.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Guest\AppData\Local\Temp\guitarpro.exe
C:\Users\Ricky\AppData\Local\Temp\Windows-Auth-Host-Service.exe
C:\Users\Ryan\AppData\Local\Temp\Windows-Auth-Host-Service.exe
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
CMD: ipconfig /flushdns
Reboot:
end
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D58CF460-165A-4AEB-81C0-2A35D9787E40} => Key deleted successfully.
HKCR\CLSID\{D58CF460-165A-4AEB-81C0-2A35D9787E40} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKCR\PROTOCOLS\Handler\belarc => Key deleted successfully.
HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} => Key not found.
C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\user.js => Moved successfully.
C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh => Key deleted successfully.
"C:\Users\Ricky\AppData\Local\funmoods.crx" => File/Directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => Key deleted successfully.
C:\Users\Ricky\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => Key deleted successfully.
"C:\Users\Ricky\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found.
C:\ProgramData\PKP_DLdy.DAT => Moved successfully.
C:\ProgramData\PKP_DLeo.DAT => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\guitarpro.exe => Moved successfully.
C:\Users\Ricky\AppData\Local\Temp\Windows-Auth-Host-Service.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Windows-Auth-Host-Service.exe => Moved successfully.
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart => Moved successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog ====
[B]ROGUEKILLER LOG
======================================================================================================
RogueKiller V8.8.12 _x64_ [Mar 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ricky [Admin rights]
Mode : Scan -- Date : 03/23/2014 07:57:09
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] DellSystemDetect.exe -- C:\Users\Ricky\AppData\Local\Apps\2.0\N7Y7VAL6.XPG\JA3PM5ZN.785\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [-] -> KILLED [TermProc]
[SUSP PATH] Audio-HD-Service.exe -- C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DellSystemDetect (C:\Users\Ricky\AppData\Local\Apps\2.0\N7Y7VAL6.XPG\JA3PM5ZN.785\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Windows-Audio-HD-Driver-Component ("C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe" [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-752273353-578144960-589867486-1001\[...]\Run : DellSystemDetect (C:\Users\Ricky\AppData\Local\Apps\2.0\N7Y7VAL6.XPG\JA3PM5ZN.785\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-752273353-578144960-589867486-1001\[...]\Run : Windows-Audio-HD-Driver-Component ("C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe" [-]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 activate.adobe.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] 9d490dd7e6adfb6a473e12293cc8b6b4
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST9500325AS +++++
--- User ---
[MBR] cd5e563f58f6c4f11e49249fbf9a78df
[BSP] 1b87bf9d260615b3f737422778593bb4 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_03232014_075709.txt >>
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sometimes the below scan appears to be stalled, please be patient.
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Please post
C:\AdwCleaner[S1].txt
JRT.txt
MBAM log
aranthrue
2014-03-23, 17:53
AdwCleaner
=====================================================================================
# AdwCleaner v3.022 - Report created 23/03/2014 at 14:54:36
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Ricky - RICKY-PC
# Running from : C:\Users\Ricky\Desktop\New folder\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Coonntuinnuoeettoysoavee
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Ricky\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Ricky\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Ricky\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Ricky\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\Ricky\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
File Deleted : C:\END
[x] Not Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v24.4.0 (en-GB)
[ File : C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\prefs.js ]
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "e0d8e911-ac32-46cb-9897-202b0e1183cc");
-\\ Google Chrome v33.0.1750.154
[ File : C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7845 octets] - [23/03/2014 14:51:31]
AdwCleaner[S0].txt - [7755 octets] - [23/03/2014 14:54:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7815 octets] ##########
JRT
===========================================================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by Ricky on 23/03/2014 at 15:05:10.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Ricky\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{0817DC5F-EABC-47C6-B43C-7FBA301A083B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{09BA59CD-D366-43F3-AFA1-C94C344AE23E}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{0A01D329-3CB9-4B5C-B11D-9BE8B97AA8A3}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{0B4326A1-E480-430A-9282-F25EAF3BF804}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{0DA8E3FF-3E38-46E5-B57C-7E55443DA6A5}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{0DF3CCC4-9015-4F81-9EF3-B501569A6F21}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{0F6B6039-339C-400E-8F21-167E6217A561}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{0FDCE846-E6C6-4475-BF53-68C7DF0C377E}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{12B08A9B-8D68-4CAC-984D-0E2D90EE0902}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{12B2E563-CE29-4C5E-B2E5-D3B73CDBA076}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{12C85B2F-6C6F-4426-8534-4B61C4C54DDF}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{12F5AE81-3D96-48E4-B667-3DD367731CB5}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{13CA938E-D059-4202-AE5E-606C18F4AAA4}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{13CF0761-5345-4926-B36F-ADB8F402061B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{15DA2C6C-FE5E-4373-9916-294140E2C63C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{18657BFD-6867-42F4-AE83-A01E878F76B0}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{186FC817-AB6F-4A5D-ADA8-D670FE11DBE3}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{19580434-4EBA-4EAA-861A-41E27F5298C7}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{1AD151B6-B6E4-4ECE-9FF5-8DF6BBB020C9}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{1B5EF5F2-9270-4FDE-9E9F-F1F64CF8BC80}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{1EB75F93-3C20-4EFB-ACF2-C2E1C6219A61}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{1F3D8D43-6E95-48DE-92CA-F4BF6E6AEDA5}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{1F74A880-5039-4CA7-A1F6-A663C49E18BD}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{229EA03C-1D3D-455F-9AF6-95617D451874}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{22C92266-3137-4899-A8AF-B42DCF489835}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{22CC6F05-99E6-4F0B-9C5E-128EB5A75709}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{23CFB46B-5AEC-41F7-8C34-7FFA810EA1E6}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{24156956-3284-455F-B1B5-0211BFBB3815}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{24E17BF8-643A-4D85-90ED-68AD73B65D92}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{2558B0A8-6E96-4CB7-A07F-F7D537D826EF}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{25C546DF-4B2B-4699-9D9C-C92A2DC00B0D}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{25F63C25-69C1-432A-8462-867EAB1D3458}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{2A28B332-38DA-4A0A-BF91-62E3932818F5}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{2CB8EA76-0016-475D-B153-E16F90498AD6}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{2F8D0FED-7EAE-4C24-A593-C92ECF5526AD}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{3065F691-1710-40BD-BC21-8E58085F7C8D}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{3096760C-BB79-4106-94DA-6AEE197A91CB}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{315D2D7B-D50D-473F-ACC1-3EBC1F1290D5}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{32C3D9C7-FF59-49DC-805B-8A0832B52D46}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{34DD638C-5086-4790-821A-EBDEDF0EDFFC}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{3539B94C-EE63-480A-841D-C5FED2DC5D67}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{35C40DFE-CAB5-4EB6-9F79-EFB9C4BBD5E9}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{35DD31A7-0D47-48CA-8B45-27A6F51ED356}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{3634D502-99D9-4FA8-A723-BED3228AF0BF}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{36385638-3C13-4FEF-B3D9-4C8E06DA0592}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{364F09FF-025B-4881-91AA-AA883370432B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{36C8B791-D4A3-438C-8176-C03BF0E9453D}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{383790F1-54FE-498D-8FFA-6286710E01F1}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{388EBEF1-6204-43F9-846A-0C18DAD00876}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{3957D6B3-45C9-49B2-8E66-9DD6E5C422DE}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{3CB8BB16-6C2E-4620-A1F6-7E3399364B5F}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{3D63D718-EA7B-429B-8B73-CD23384FD01C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{3F09AB78-0894-41EB-B4EE-FA0F013BE194}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{4048C0D6-3ADA-4282-9A8B-26053CF1781B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{42308544-27DD-4E20-A028-798F53F0EBBD}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{428625C4-65CD-450F-80ED-D2C2479F5C75}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{43CDD7EB-AD0D-4F90-AECA-684C8B7AF05E}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{46990A44-CF9A-4430-8E40-D2F0B6053D75}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{47C040A3-B74F-4479-ADC1-62512977D407}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{47D83BC7-38D9-4978-95E2-627110AF6744}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{48EA46F5-4CAD-4B6E-AD8A-3BEB7EA86623}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{49B76EB4-43FB-426D-867C-EB3021B7FF70}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{4C44B744-295B-4132-801B-25C1A724009C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{4D1BC8AA-4C3D-4AED-8B19-898626236E8C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{4DE8AFAD-ECF9-46D7-8B46-089042E4AD37}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{4E9423EE-AF3C-4B7E-8EF7-528B71568EE2}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{4E9B5969-09CC-4C09-A0B2-033DC5C3A461}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{4EE29C70-E06C-40CC-8B52-B71C2D9C14D8}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{4F8353D7-7905-4D95-AB12-31B3D6A94336}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{5025B13C-3C4A-4205-8689-60D9A7234D45}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{50FE9960-55FA-4F19-AC3D-CCB9585C9263}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{51E6F590-EF8C-4FB4-B783-6D81C32E98F5}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{5260B7F8-17A9-4499-80F1-95E4CFE3D4C4}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{52D2B36E-3CF3-482E-95AA-6CDB858841F5}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{5308D90A-B898-49E5-BC46-6C5272F3F5D1}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{55813F3D-4C92-4665-BD9C-4508C0F053AF}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{5862E637-2144-4809-9CAE-B35A0DA983BF}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{5D12A3ED-D937-48A2-B939-ABCE13F694E3}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{5D8FBADA-58D0-4CD8-AA9D-716D56107AF0}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{5F8C74B6-209F-40CE-B781-CB198BC62AF6}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{60E0D53B-94D1-4B75-BC7A-5B9EE632B3FF}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{621ADF16-6519-403E-807F-29C72F7543EE}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{63CE73AD-9833-442C-9900-9C557EB93C05}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{653317B8-5A7E-4329-A5DA-D123C61B00AC}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{680ABAE4-D37F-4737-B165-7D7103D0F17E}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{68D554F5-6F79-4ED1-AC83-88CF611AD1E5}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{6932960D-2B20-4329-ACD9-9726F4B52ED7}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{695F796C-AB42-41A2-9ABD-661E0250889B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{69A1E307-5F0A-4600-AD18-11E770528840}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{6AEE87AD-ED0E-4CD8-9A12-34C06F5A6996}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{6B036405-C790-4B73-83F4-29DCCA778073}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{6B33D60F-5DCB-4443-925F-C6366193E6B1}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{6B63518D-0053-4279-945D-7598CDE5E730}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{6E005568-8D7A-48E7-94A3-A2ED1D168D76}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{6ECB917C-CBD2-44DB-A78B-EABEE3A08BA9}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{6ECDF00D-4D47-4F18-BE12-5A3953EBDA92}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{6FD5DD28-5D53-44B0-92E0-C7894857E83E}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{709D6E2C-E6EB-4F00-81CD-E382DC8104CA}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{70FBE3E3-D95A-4928-96A9-BCB87B422A28}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{70FCF757-9FCC-4CAF-B3BB-DB6FB644DBD0}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{73A4C09D-8147-4619-9520-CE25572C4715}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{74861916-7201-44C9-AFA3-3D26352EBE78}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{75368049-921D-49A3-9622-B9DEC6D6177F}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{77071312-4094-464E-B082-3B0999039B28}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7714BA8A-BB54-45B0-B053-67C63E0E0AE4}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7849A696-73DA-40B3-9B23-6AD3C08C9D99}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{78948D4A-AC8A-45DF-B29E-DD36C32567DC}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{78BAB39B-4CA4-45F8-89CA-87EE55319B1B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7A485D49-A409-4416-B906-98B37AB910A8}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7A6A4FDB-3F70-4AD5-8BD7-B2502D6066C8}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7A703D4D-D218-4D51-9561-30FF4EEC89F4}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7AE1A929-F2D4-4816-9AD8-C19F00353A24}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7BBC576B-1C9B-4350-90EB-07151F1DF58A}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7C28B9C7-0EA9-48F3-A0C3-16848A308F39}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7CE64EA2-8C10-45D8-8AAC-E97B2B0DB86C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7D2D7591-97C9-4F87-A25D-A2D82A27BEEC}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7DB7700B-B06F-401A-AB4D-ADCBC133920C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7DBF3109-A693-4837-9E91-AD510D6913CC}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7F08554E-9FED-41FF-92F4-A0EECE6AFF4C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7F84DF6C-E6FD-42F0-A15E-D32178CB7CFA}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{7FD994C3-FAE9-4FCC-86AB-CCAAA7491949}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{8003A270-1D57-4152-BD5B-06C5CBD6EF59}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{81803938-1C55-4929-B76A-E319364F0BAC}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{81C2E656-8073-45ED-9A99-6DD28DDA739C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{82E28604-557A-4FD5-93F8-2CB2C26CF010}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{85AF77ED-0B17-43EB-9C33-7E70D911F282}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{8643B445-28C9-4A64-8744-51F1AB4B4B29}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{86CB2903-B04D-40BB-9691-DEF0709850ED}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{87C41D2F-CB28-4E3C-82B8-44D19AB49FD7}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{88271E5B-FDC0-4560-8EDD-C5FAB7F56F3E}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{88BFFEB3-3FEE-4FBE-96B7-37210A79C1EF}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{88E19D46-F573-4FB8-8F27-821A077030A1}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{89C5E5B3-858B-45B2-8C76-0E6952188EDC}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{8B78487A-4B52-4770-A6BA-E98005A4AE2C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{8D92286A-F74C-470A-99AA-CFBDA40DC345}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{8DBF3FEC-D092-4924-9CCF-530A9768C0D8}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{8EB2CF1C-6446-4DBF-BDE4-B6D23ED05544}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{90CF2797-A10B-413F-B3BA-8FA2AB0A8AE2}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{91293E52-EA2D-40CD-99AE-B46D49AFB5F8}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{91480237-5C2F-4C89-BCA5-42AE6165F28F}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{92B26468-A4FB-4D6E-AA68-F4376C243FE3}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{92DC2BF8-2522-47E7-AAA6-1514E5D1BC79}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{94450756-2833-4959-AB03-5471EC467536}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{9475D487-8F54-4587-AC2A-27D78B7F97D5}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{94D31744-7D54-41D6-B3BA-51CB82194AFB}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{9930E444-4A64-4986-BEEA-4530BD0E28B6}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{9A2E3823-7399-4928-B5E2-439C2C85372A}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{9A97B487-4945-4A04-8A54-323BA6D9AD2D}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{9D7D6BAE-BD4F-4CA9-8AB1-6448CC9D3934}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{9E9FBEA5-373C-4FC7-A003-ECA7221D1F00}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{9FB30578-E220-49A6-BB2E-24343D45323B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{A09DE5CE-8AC0-467B-A50D-44E710632E63}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{A58DA77F-1EBF-41D4-B896-28D7E3DE8074}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{A5DBC362-FEDE-4158-8076-52CA25FA227E}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{A5E4F056-D754-44B7-A197-5BBA73D694CE}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{A6795C1E-0FF2-4FA7-AF98-16EED2E5D5B7}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{A92C7B1F-ABF4-4B2E-B5F3-0D94498E5360}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{A9CF81E1-86ED-44E2-A3D5-13543205B47C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{AA453DB1-0F59-4382-A455-A3ADB957F479}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{ADE612CF-2550-4543-8E1A-C412B3559564}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{ADEE8B39-3B9B-471A-BD3C-E1EF0BD2F19B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{AED557ED-6DDC-4A32-AEAB-A0088DF6D433}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{AED79EC1-3A1D-41F8-9C33-CA033BDAA14E}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{AF75F0E3-1F9B-4A93-823E-D31228911EBE}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{B0D6A77D-6752-4599-92F8-6318FD34137C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{B1171BCF-1C7F-412C-98BB-BBCC0A83E235}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{B19D8154-1FA5-491A-B779-FC30B36B3C8F}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{B2BB10BC-8651-4C93-9507-D825D0867A0A}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{B2E6D196-D812-4A59-A2D5-1489992A8C10}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{B30DE0FD-9775-4B96-A87A-E307076F277B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{B7338C83-1251-4CF6-AA2C-265D779F512B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{B7D93870-B55A-4A2E-B5D6-534A909189F4}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{B82BFD77-57A7-4B47-B557-0DB6E57BB488}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{B92682BA-0EFF-45E5-9D76-4A2E9ED06271}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{B9D141A9-4ABD-4A4C-9AFA-39B269E70273}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{B9DC58B7-67A5-4337-8A4D-DE33515036B8}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{B9EB1B06-1264-4C87-936E-2A0CC5A2E167}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{BA8B1033-12DA-4D98-878D-B51D1947564F}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{BCC5AF2C-4443-491B-9D12-3A20CC1A13FC}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{BD48000B-EC65-4B2E-A3D9-AA55F4BDA14D}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{BE7A9454-E159-4B6D-8D5A-CB8F61EAA7CB}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{C00C7EB3-9DE1-4921-9EB5-772D13134C44}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{C04787BC-8C69-4F8D-A3C0-386EA51E02E8}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{C25811DE-A390-4EE4-B6FD-802C4B855B5B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{C39BE6A9-0A08-436C-898C-6F6BCBC64CDD}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{C3B48A90-67E7-4BB8-8408-DE4011D533AC}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{C82EDD26-DCAF-4E41-89F9-197797DDE3D3}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{C8DD98CA-B8C9-47F4-A616-71F4B6EA6B2C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{CD3271C1-ECFD-414A-B98A-20B0F22994F1}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{CD742197-12BA-4F1A-8858-337B647621DB}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{CF4AD1C2-81C2-44EC-8442-19D80F307F7B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{D027FC3B-B4B4-4393-8776-6FD805EA2706}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{D0649A00-C92F-4EB6-A843-2DDF31542EE4}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{D0EC6F5A-66BC-4AE4-85FB-65276D724F28}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{D16A3A16-ED42-43DA-866B-23FF8BB22DC4}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{D1F31024-F645-416E-907D-5D106EE00F6B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{D297A7E3-FBB0-4856-AEFA-F771020BACE9}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{D2E9D485-69FB-4905-A5B6-488F8B7D661B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{D3F86ABF-CA45-43B5-9E3D-82FF6E2B2DAB}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{D6264715-05F1-4507-8002-66B71756BE53}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{D87B949A-DB09-4870-9AA8-EB4AC7DFAE27}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{D89D8FDB-79CE-4660-9C77-6383D452278C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{DA5E53EC-6C75-4CEC-A435-D4F837D3907A}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{DAA7987D-344B-475F-93CC-4E90248669BC}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{DE2C90F6-C39E-4AE5-9055-7BAA20B79E3A}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{DE458647-356E-47E3-8C1F-819CA35E99FF}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{E0C2591C-4971-485C-8F99-669362600C9C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{E25E3105-4F7B-4F9B-BA00-59D3E6B47D9B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{E47B87A1-E80B-4B7C-B2CB-B5E771F787FE}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{E5EEF484-5DE6-4F78-AB6E-49B3B33CA175}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{E688AB76-2727-4858-90C2-5135FF51CF7C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{E6CCFCD7-2A7C-4005-8925-24E509C23B64}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{E86FF974-AFAC-4D5A-833B-13EAE325E7E2}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{EA6C7A5F-0D3B-4EFD-BA0D-323F51E4750F}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{EBAA9F6E-C96B-47F5-8575-6C881D470076}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{EC54D79D-03D7-4884-A600-9EDB835D77D0}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{ECCEBE89-D39D-425B-B9A8-D53AA9729CA6}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{ED0D232C-8213-4742-AD44-E30C03B99020}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{EDBED1EE-C687-45B7-A82D-767FC3FF36A6}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{EE27DA3C-D0E0-4691-AB43-7E1AEEB3ADE9}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{EF0C319E-FABA-46DB-9E9A-667D91AD0106}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{F0466166-2A21-44AC-AF87-5D49EBEBB737}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{F0969A7B-9ADF-42BB-BC70-5EE57A6EDE07}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{F0CCB8FC-7D6E-449A-BF24-3BF47E2DBB67}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{F128C3DD-1769-4C5E-9C5F-FB22F9B309F9}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{F22D1388-31DE-4C65-9AA9-242E3CF17E00}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{F4041FED-C577-4093-9AEE-05626578C27A}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{F58969C0-9BE6-487D-B8CA-D62961698184}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{F59591AE-08F6-40BB-B3F3-5FB34B236E34}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{F60DB9DF-9F5D-49D9-B88C-0C0084059941}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{F998C9A3-7497-40C2-A8AE-404E75DB8D6B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{FC074F59-5674-49E8-9307-FE61202FFA08}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{FC67EB35-020F-4AB3-811D-A1E0801F0668}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{FC8BE8FA-D401-40A1-88DC-7770C438FD16}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{FDA0BC37-4295-4BC3-B585-0A9851A1808B}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{FEC39958-11B4-4C91-9605-C804B90C438C}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{FF206D29-3CF6-425F-BFDE-AD4C3DA2CEC5}
Successfully deleted: [Empty Folder] C:\Users\Ricky\appdata\local\{FF930F85-AD55-47BE-AE41-0F2BFB4F3C6A}
~~~ FireFox
Emptied folder: C:\Users\Ricky\AppData\Roaming\mozilla\firefox\profiles\tvmtgsdp.default\minidumps [16 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/03/2014 at 15:25:50.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MalwareBytes
======================================================================================================
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.23.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Ricky :: RICKY-PC [administrator]
23/03/2014 15:30:01
mbam-log-2014-03-23 (15-30-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 295055
Time elapsed: 16 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Please update me on how the computer is at the moment.
aranthrue
2014-03-23, 22:54
Ive just ran Spybot again and Somoto is still reported. But now Ive another high threat entry. Here is the Spybot log.
Search results from Spybot - Search & Destroy
23/03/2014 20:52:23
Scan took 00:23:21.
46 items found.
Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp
Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp
Win32.Agent.dif: [SBI $3F4EDA9F] Autorun settings (Audio HD Driver) (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Audio HD Driver
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-501\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-501\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-501\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-501\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $63036C95] Open with list - .CAB extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-501\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\WinRAR\ArcHistory
WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\WinRAR\ArcHistory
WinRAR: [SBI $A59A1C0A] Recent exe file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\WinRAR\DialogEditHistory\ArcName
WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\WinRAR\General\LastFolder
WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\WinRAR\General\LastFolder
WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\WinRAR\DialogEditHistory\ExtrPath
WinRAR: [SBI $F07BB023] Managed by wizard archives history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1005\Software\WinRAR\DialogEditHistory\WizArcName
Cookie: [SBI $49804B54] Browser: Cookie (6) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (134) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (116) (Browser: History, nothing done)
Cache: [SBI $49804B54] Browser: Cache (32) (Browser: Cache, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (58) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-03-17 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-03-19 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-01-09 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-03-19 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-03-19 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-03-19 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
Let's see if this helps.
Better Installer <-- see if this is in your add/remove programs list
Please Run TFC by OldTimer to clear temporary files:
Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
Quit all other programs
Double-click RogueKiller.exe
Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
[RUN][SUSP PATH] HKCU\[...]\Run : Windows-Audio-HD-Driver-Component ("C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe" [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-752273353-578144960-589867486-1001\[...]\Run : Windows-Audio-HD-Driver-Component ("C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe" [-]) -> FOUND
Now click Delete
Another report will be created on your desktop.
Please post all of the RKreport.txt text files located on your desktop.
******************
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\Run: [Windows-Audio-HD-Driver-Component] - C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe [64512 2013-12-01] (Simon Tatham)
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\MountPoints2: {19b82ea9-a43b-11e1-9776-848f69d4b7b6} - IomegaEncryptionSetup v1.3.exe
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\MountPoints2: {297de788-eec3-11e1-a0fe-848f69d4b7b6} - G:\LaunchU3.exe -a
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\MountPoints2: {851200d3-54ed-11e2-b857-848f69d4b7b6} - G:\Startme.exe
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
Reboot:
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Please post these logs when finished.
aranthrue
2014-03-24, 14:13
Juliet, Better Installer is not listed in Add/Remove Programs
RKReport_S
=============================================================================================================
RogueKiller V8.8.12 _x64_ [Mar 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ricky [Admin rights]
Mode : Scan -- Date : 03/24/2014 11:42:24
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] DellSystemDetect.exe -- C:\Users\Ricky\AppData\Local\Apps\2.0\N7Y7VAL6.XPG\JA3PM5ZN.785\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [-] -> KILLED [TermProc]
[SUSP PATH] Audio-HD-Service.exe -- C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DellSystemDetect (C:\Users\Ricky\AppData\Local\Apps\2.0\N7Y7VAL6.XPG\JA3PM5ZN.785\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Windows-Audio-HD-Driver-Component ("C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe" [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-752273353-578144960-589867486-1001\[...]\Run : DellSystemDetect (C:\Users\Ricky\AppData\Local\Apps\2.0\N7Y7VAL6.XPG\JA3PM5ZN.785\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-752273353-578144960-589867486-1001\[...]\Run : Windows-Audio-HD-Driver-Component ("C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe" [-]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 activate.adobe.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] 9d490dd7e6adfb6a473e12293cc8b6b4
dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST9500325AS +++++
--- User ---
[MBR] cd5e563f58f6c4f11e49249fbf9a78df
[BSP] 1b87bf9d260615b3f737422778593bb4 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_03242014_114224.txt >>
RKreport[0]_S_03232014_075709.txt
[B]RKReport_D
=============================================================================================
RogueKiller V8.8.12 _x64_ [Mar 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ricky [Admin rights]
Mode : Remove -- Date : 03/24/2014 11:44:44
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] DellSystemDetect.exe -- C:\Users\Ricky\AppData\Local\Apps\2.0\N7Y7VAL6.XPG\JA3PM5ZN.785\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [-] -> KILLED [TermProc]
[SUSP PATH] Audio-HD-Service.exe -- C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DellSystemDetect (C:\Users\Ricky\AppData\Local\Apps\2.0\N7Y7VAL6.XPG\JA3PM5ZN.785\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [-]) -> NOT SELECTED
[RUN][SUSP PATH] HKCU\[...]\Run : Windows-Audio-HD-Driver-Component ("C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe" [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-752273353-578144960-589867486-1001\[...]\Run : DellSystemDetect (C:\Users\Ricky\AppData\Local\Apps\2.0\N7Y7VAL6.XPG\JA3PM5ZN.785\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [-]) -> NOT SELECTED
[RUN][SUSP PATH] HKUS\S-1-5-21-752273353-578144960-589867486-1001\[...]\Run : Windows-Audio-HD-Driver-Component ("C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe" [-]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 activate.adobe.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] 9d490dd7e6adfb6a473e12293cc8b6b4
dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST9500325AS +++++
--- User ---
[MBR] cd5e563f58f6c4f11e49249fbf9a78df
[BSP] 1b87bf9d260615b3f737422778593bb4 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_03242014_114444.txt >>
RKreport[0]_S_03232014_075709.txt;RKreport[0]_S_03242014_114224.txt
[B]FRST Fixlog.txt
===========================================================================================
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Ricky at 2014-03-24 11:57:34 Run:2
Running from C:\Users\Ricky\Desktop\New folder
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\Run: [Windows-Audio-HD-Driver-Component] - C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe [64512 2013-12-01] (Simon Tatham)
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\MountPoints2: {19b82ea9-a43b-11e1-9776-848f69d4b7b6} - IomegaEncryptionSetup v1.3.exe
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\MountPoints2: {297de788-eec3-11e1-a0fe-848f69d4b7b6} - G:\LaunchU3.exe -a
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\MountPoints2: {851200d3-54ed-11e2-b857-848f69d4b7b6} - G:\Startme.exe
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
Reboot:
end
*****************
HKU\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Windows-Audio-HD-Driver-Component => Value not found.
HKU\S-1-5-21-752273353-578144960-589867486-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19b82ea9-a43b-11e1-9776-848f69d4b7b6} => Key deleted successfully.
HKCR\CLSID\{19b82ea9-a43b-11e1-9776-848f69d4b7b6} => Key not found.
HKU\S-1-5-21-752273353-578144960-589867486-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{297de788-eec3-11e1-a0fe-848f69d4b7b6} => Key deleted successfully.
HKCR\CLSID\{297de788-eec3-11e1-a0fe-848f69d4b7b6} => Key not found.
HKU\S-1-5-21-752273353-578144960-589867486-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{851200d3-54ed-11e2-b857-848f69d4b7b6} => Key deleted successfully.
HKCR\CLSID\{851200d3-54ed-11e2-b857-848f69d4b7b6} => Key not found.
"C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart" => File/Directory not found.
The system needed a reboot.
==== End of Fixlog ====
Run FRST one more time:
Type the following in the edit box after "Search:".
Somoto
Click Search button and post the log (Search.txt) it makes to your reply.
********
NEXT
Download Windows Repair (all in one) from this site (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
Install the programme then run
Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:
Go to Step 4 and under "System Restore" click on Create button:
https://dl.dropbox.com/u/73555776/waio%20start.JPG
Go to Start Repairs tab and click Start button.
https://dl.dropbox.com/u/73555776/waio%20step3.JPG
Select the following items and tick restart system when finished
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair Hosts File
Remove Policies Set By Infections
Repair Missing Start menu Icons
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Set windows Services To Default
Repair MSI (windows Installer)
Repair File Associations
Repair windows Safe mode
Click on box next to the Restart System when Finished. Then click on Start.
After that come back and tell me if that has made a difference.
aranthrue
2014-03-24, 20:07
FRST search found nothing - log below
Ran Windows Repair as instructed
After restart I ran Spybot scan, and its still finding Somoto BetterInstaller - log below
FRST Search
=============================================================================================
Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Ricky at 2014-03-24 14:18:32
Running from C:\Users\Ricky\Desktop\New folder
Boot Mode: Normal
================== Search: "Somoto" ===================
====== End Of Search ======
Spybot Scan Result
=============================================================================================
Search results from Spybot - Search & Destroy
24/03/2014 17:56:37
Scan took 00:27:35.
28 items found.
Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp
Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Microsoft Management Console\Recent File List
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $63036C95] Open with list - .CAB extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList
Windows.OpenWith: [SBI $F1129B32] Open with list - .CPL extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\WinRAR\ArcHistory
WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-752273353-578144960-589867486-1001\Software\WinRAR\General\LastFolder
Cookie: [SBI $49804B54] Browser: Cookie (6) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (2215) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (123) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (58) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-03-17 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-03-19 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-01-09 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-03-19 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-03-19 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-03-19 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
Run FRST one more time:
Type the following in the edit box after "Search:".
BetterInstaller;CltMngSvc
Click Search button and post the log (Search.txt) it makes to your reply.
NEXT
Open Farbar Recovery Scan Tool Press Scan button.
FRST.txt --please post this log.
There should be 2 logs for you to post
Before running a scan did you elevate Administrator permissions? How can I get administrator rights under Windows Vista / Windows 7 / Windows 8? (http://forums.spybot.info/showthread.php?t=55946)
aranthrue
2014-03-25, 00:31
FRST Search.txt
====================================================================================
Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Ricky at 2014-03-24 22:13:48
Running from C:\Users\Ricky\Desktop\New folder
Boot Mode: Normal
================== Search: "BetterInstaller;CltMngSvc" ===================
====== End Of Search ======
FRST Scan in 2 parts
==============
FRST Scan part 1
============================================================================================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Ricky (administrator) on RICKY-PC on 24-03-2014 22:20:25
Running from C:\Users\Ricky\Desktop\New folder
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Dell) C:\Users\Ricky\AppData\Local\Apps\2.0\N7Y7VAL6.XPG\JA3PM5ZN.785\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
(Spotify Ltd) C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems) C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.6\Lightroom.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818856 2011-08-26] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7284328 2011-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2011-08-29] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2034752 2011-08-08] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462991 2010-06-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\Run: [DellSystemDetect] - C:\Users\Ricky\AppData\Local\Apps\2.0\N7Y7VAL6.XPG\JA3PM5ZN.785\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [253952 2014-02-27] (Dell)
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\Run: [Google Update] - C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-10] (Google Inc.)
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\Run: [Spotify Web Helper] - C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-27] (Spotify Ltd)
HKU\S-1-5-21-752273353-578144960-589867486-1001\...\Run: [5C0E380FD917D0431EF279815D582B2D7A0EBB3D._service_run] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKCU - {2F72DFC3-E470-4380-B7E0-B69CC342399C} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {A3523B44-BA57-4500-8259-63E052EE59F4} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
FireFox:
========
FF ProfilePath: C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.google.co.uk/
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=mcafee&type=A110GB105&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Ricky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Ricky\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ricky\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ricky\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll (C3D)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll (BEXTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Ricky\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ricky\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Selenium IDE: C# Formatters - C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\Extensions\csharpformatters@seleniumhq.org.xpi [2014-02-21]
FF Extension: Selenium IDE: Java Formatters - C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\Extensions\javaformatters@seleniumhq.org.xpi [2014-02-21]
FF Extension: Selenium IDE: Python Formatters - C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\Extensions\pythonformatters@seleniumhq.org.xpi [2014-02-21]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\Extensions\rubyformatters@seleniumhq.org.xpi [2014-02-21]
FF Extension: Selenium IDE - C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\tvmtgsdp.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2014-02-21]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-08-21]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-06-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2014-02-24]
CHR Extension: (Google Drive) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-25]
CHR Extension: (100,000 Books - Wattpad) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgbiianmgbopnpohjfbkmdjmmdlndjfj [2014-02-24]
CHR Extension: (YouTube) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-25]
CHR Extension: (McAfee Security Scan+) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-24]
CHR Extension: (FTP Editor) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljonifjecojdgoejokjfdffgpgliic [2014-02-24]
CHR Extension: (Background Image for Googleâ„¢ Homepage) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedihplmdadkgmhdlblolekfbpghnppa [2014-02-24]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-02-24]
CHR Extension: (Google Search) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-25]
CHR Extension: (Bing Maps Instant) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dphdjbpjmmdeijbhnnkamladknglcefc [2014-02-24]
CHR Extension: (Logitech SetPoint) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-06-09]
CHR Extension: (Radioplayer) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2014-02-24]
CHR Extension: (Tesco Food) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffibhmnkceoelgabpnpaaojflglampjb [2014-02-24]
CHR Extension: (PicMonkey) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-02-24]
CHR Extension: (SiteAdvisor) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-24]
CHR Extension: (Full Screen Weather) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2014-02-24]
CHR Extension: (Edmodo) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpcdidgjjebefhmlhjlgnkahlimgaemc [2014-03-03]
CHR Extension: (Close Tabs) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gadafnnkijfmbbmeielphlapddbmgbgo [2014-02-24]
CHR Extension: (XML Tree) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbammbheopgpmaagmckhpjbfgdfkpadb [2014-02-24]
CHR Extension: (The Camelizer - Amazon Price Tracker) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2014-02-24]
CHR Extension: (AdBlock) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-24]
CHR Extension: (TiltShiftMaker) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo [2014-02-24]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-02-24]
CHR Extension: (Google +1 Button) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-02-24]
CHR Extension: (BBC Good Food) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja [2014-02-24]
CHR Extension: (Virgin Media - TV Guide) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljcibkmlmeajifpnkkagcokggjlmcone [2014-02-24]
CHR Extension: (Google Maps) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-02-24]
CHR Extension: (Google Play Books) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-02-24]
CHR Extension: (SkyDrive) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-02-24]
CHR Extension: (Google Wallet) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (imo free video calls and text) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2014-02-24]
CHR Extension: (Doffy) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\olemcgkilokfkkmhdamnkblnnkkedpoe [2014-02-24]
CHR Extension: (Sky+) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookngkjbobceimcicokadhjonlejhobj [2014-02-24]
CHR Extension: (Outlook.com) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-02-24]
CHR Extension: (Gmail) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-25]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-06-09]
==================== Services (Whitelisted) =================
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [123384 2014-01-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-29] (AVG Technologies)
S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-04] (Windows (R) Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2014-03-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-24 21:26 - 2014-03-24 21:26 - 00000000 ____D () C:\Users\Ricky\Desktop\Forth
2014-03-24 17:56 - 2014-03-24 17:56 - 00011184 _____ () C:\Users\Ricky\Desktop\Scan Results.140324-1756.txt
2014-03-24 16:38 - 2014-03-24 17:17 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-03-24 16:02 - 2014-03-24 16:02 - 00003288 _____ () C:\bootsqm.dat
2014-03-24 15:46 - 2014-03-24 15:46 - 00002157 _____ () C:\Users\Ricky\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-03-24 15:46 - 2014-03-24 15:46 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-03-24 15:45 - 2014-03-24 15:45 - 05198480 _____ () C:\Users\Ricky\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-03-24 15:45 - 2014-03-24 15:45 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-24 11:44 - 2014-03-24 11:44 - 00003695 _____ () C:\Users\Ricky\Desktop\RKreport[0]_D_03242014_114444.txt
2014-03-24 11:42 - 2014-03-24 11:42 - 00003543 _____ () C:\Users\Ricky\Desktop\RKreport[0]_S_03242014_114224.txt
2014-03-24 11:24 - 2014-03-24 11:24 - 00448512 _____ (OldTimer Tools) C:\Users\Ricky\Desktop\TFC.exe
2014-03-23 15:25 - 2014-03-23 15:25 - 00026050 _____ () C:\Users\Ricky\Desktop\JRT.txt
2014-03-23 15:05 - 2014-03-23 15:05 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 14:51 - 2014-03-23 14:55 - 00000000 ____D () C:\AdwCleaner
2014-03-23 07:57 - 2014-03-23 07:57 - 00003378 _____ () C:\Users\Ricky\Desktop\RKreport[0]_S_03232014_075709.txt
2014-03-23 07:51 - 2014-03-24 11:44 - 00000000 ____D () C:\Users\Ricky\Desktop\RK_Quarantine
2014-03-23 07:05 - 2014-03-23 07:05 - 00008295 _____ () C:\Users\Ricky\AppData\Local\recently-used.xbel
2014-03-23 07:00 - 2014-03-23 07:00 - 00000000 ____D () C:\Users\Ricky\AppData\Local\webkit
2014-03-22 18:26 - 2014-03-23 14:11 - 00000000 ____D () C:\Users\Ricky\Desktop\yelp
2014-03-22 16:04 - 2014-03-22 16:04 - 00002111 _____ () C:\Users\Ricky\Desktop\aswMBR.txt
2014-03-22 16:04 - 2014-03-22 16:04 - 00000512 _____ () C:\Users\Ricky\Desktop\MBR.dat
2014-03-22 15:47 - 2014-03-24 22:20 - 00000000 ____D () C:\FRST
2014-03-22 15:39 - 2014-03-22 15:42 - 00002586 _____ () C:\Users\Ricky\Desktop\Rkill.txt
2014-03-21 13:37 - 2014-03-21 13:40 - 00000000 ____D () C:\Users\Ricky\Downloads\Adobe Photoshop CC 14.2.1 Final Multilanguage [ChingLiu]
2014-03-20 12:31 - 2014-03-20 12:32 - 00000000 ____D () C:\Users\Ricky\Desktop\New folder (2)
2014-03-20 12:06 - 2014-03-20 12:06 - 00096086 _____ () C:\Users\Ricky\Desktop\Extras.Txt
2014-03-20 12:03 - 2014-03-20 12:03 - 00256346 _____ () C:\Users\Ricky\Desktop\OTL.Txt
2014-03-20 10:09 - 2014-03-20 10:09 - 04745728 _____ (AVAST Software) C:\Users\Ricky\Desktop\aswMBR (1).exe
2014-03-20 10:05 - 2014-03-20 10:05 - 04745728 _____ (AVAST Software) C:\Users\Ricky\Desktop\aswMBR.exe
2014-03-20 09:49 - 2014-03-20 09:49 - 00602112 _____ (OldTimer Tools) C:\Users\Ricky\Desktop\OTL.exe
2014-03-19 23:32 - 2014-03-19 23:32 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Safer Networking
2014-03-19 23:32 - 2014-03-19 23:32 - 00000000 ____D () C:\Program Files (x86)\Safer Networking
2014-03-19 19:45 - 2014-03-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-18 10:56 - 2014-03-18 10:57 - 00858416 _____ () C:\Windows\Minidump\031814-37970-01.dmp
2014-03-17 22:45 - 2014-03-17 23:09 - 00000000 ____D () C:\Users\Ricky\Desktop\Clutha
2014-03-17 14:34 - 2014-03-17 14:34 - 00001377 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-17 14:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-17 14:24 - 2014-03-17 14:24 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Ricky\Downloads\Spybot_Search_Destroy_v2.2.exe
2014-03-16 21:38 - 2014-03-23 07:05 - 00000000 ____D () C:\Users\Ricky\AppData\Local\gtk-2.0
2014-03-16 21:20 - 2014-03-16 21:52 - 00000000 ____D () C:\Users\Ricky\Desktop\Lightroom
2014-03-14 13:12 - 2014-03-14 13:12 - 00000000 ____D () C:\Users\Ricky\Downloads\cycling-routes
2014-03-14 13:11 - 2014-03-14 13:11 - 00057035 _____ () C:\Users\Ricky\Downloads\cycling-routes.zip
2014-03-13 07:31 - 2014-03-01 06:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 07:31 - 2014-03-01 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 07:31 - 2014-03-01 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 07:31 - 2014-03-01 04:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 07:31 - 2014-03-01 04:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 07:31 - 2014-03-01 04:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 07:31 - 2014-03-01 04:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 07:31 - 2014-03-01 04:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 07:31 - 2014-03-01 04:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 07:31 - 2014-03-01 04:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 07:31 - 2014-03-01 04:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 07:31 - 2014-03-01 04:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 07:31 - 2014-03-01 04:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 07:31 - 2014-03-01 04:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 07:31 - 2014-03-01 04:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 07:31 - 2014-03-01 04:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 07:31 - 2014-03-01 04:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 07:31 - 2014-03-01 03:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 07:31 - 2014-03-01 03:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 07:31 - 2014-03-01 03:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 07:31 - 2014-03-01 03:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 07:31 - 2014-03-01 03:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 07:31 - 2014-03-01 03:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 07:31 - 2014-03-01 03:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 07:31 - 2014-03-01 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 07:31 - 2014-03-01 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 07:31 - 2014-03-01 03:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 07:31 - 2014-03-01 03:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 07:31 - 2014-03-01 03:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 07:31 - 2014-03-01 03:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 07:31 - 2014-03-01 03:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 07:31 - 2014-03-01 03:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 07:31 - 2014-03-01 03:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 07:31 - 2014-03-01 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 07:31 - 2014-03-01 02:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 07:31 - 2014-03-01 02:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 07:31 - 2014-03-01 02:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 07:31 - 2014-03-01 02:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 07:31 - 2014-03-01 02:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 07:31 - 2014-03-01 02:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 07:31 - 2014-02-07 01:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 07:31 - 2014-02-04 02:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 07:31 - 2014-02-04 02:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 07:31 - 2014-02-04 02:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 07:31 - 2014-02-04 02:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 07:31 - 2014-01-29 02:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 07:31 - 2014-01-29 02:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 07:31 - 2014-01-28 02:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 22:03 - 2014-03-12 22:08 - 00623789 ____R () C:\Users\Ricky\Downloads\Glasgow Herald [Sun, 21 Jul 2013] - calibre.epub
2014-03-11 17:05 - 2014-03-11 17:05 - 00001345 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-11 17:05 - 2014-03-11 17:05 - 00000000 ____D () C:\Users\Ricky\AppData\Local\NVIDIA Corporation
2014-03-11 17:04 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-03-11 17:04 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-03-11 17:04 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-03-11 17:04 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-03-11 17:04 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-03-11 17:03 - 2014-03-11 17:06 - 00000000 ____D () C:\Users\Ricky\AppData\Local\NVIDIA
2014-03-11 17:03 - 2014-02-05 09:31 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-03-11 17:03 - 2014-02-05 09:30 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-11 17:01 - 2014-03-11 17:01 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-03-11 17:01 - 2014-03-11 17:01 - 00000000 ____D () C:\Windows\system32\NV
2014-03-11 17:01 - 2014-03-04 11:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-11 16:58 - 2014-03-04 14:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-11 16:58 - 2014-03-04 14:35 - 00033736 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-03-11 16:58 - 2013-12-27 18:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-11 16:58 - 2013-12-27 18:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-03-11 16:58 - 2013-12-27 18:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-11 16:57 - 2014-03-04 14:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-11 16:57 - 2014-03-04 14:35 - 00300320 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2014-03-11 16:55 - 2014-03-11 16:55 - 00000000 ____D () C:\NVIDIA
2014-03-11 16:52 - 2014-03-11 16:53 - 276758080 _____ (NVIDIA Corporation) C:\Users\Ricky\Downloads\335.23-notebook-win8-win7-64bit-international-whql.exe
2014-03-08 14:24 - 2014-03-24 17:18 - 00003794 _____ () C:\Windows\PFRO.log
2014-03-07 22:21 - 2014-03-07 22:21 - 00000000 ____D () C:\Users\Ricky\Downloads\The Essential Guide to Portraits - 4th Edition
2014-03-07 17:30 - 2014-03-07 17:30 - 00000000 ____D () C:\Users\Ricky\Downloads\eclipse-standard-kepler-R-win32
2014-03-07 17:16 - 2014-03-07 17:19 - 208584371 _____ () C:\Users\Ricky\Downloads\eclipse-standard-kepler-R-win32.zip
2014-03-07 13:59 - 2014-03-07 13:59 - 00000000 ____D () C:\Users\Ricky\Documents\Selenium test cases
2014-03-07 13:49 - 2014-03-07 13:49 - 00253160 _____ () C:\Users\Ricky\Downloads\junit-4.10.jar
2014-03-07 13:36 - 2014-03-07 13:36 - 00000000 ____D () C:\Users\Ricky\Downloads\selenium-java-2.40.0
2014-03-07 13:22 - 2014-03-07 13:28 - 00000000 ____D () C:\Users\Ricky\workspace
2014-03-07 13:09 - 2014-03-07 13:08 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-07 13:09 - 2014-03-07 13:08 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-07 13:09 - 2014-03-07 13:08 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-07 13:09 - 2014-03-07 13:08 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-07 13:08 - 2014-03-07 13:08 - 00000000 ____D () C:\Program Files\Java
2014-03-07 13:07 - 2014-03-07 13:08 - 30796712 _____ (Oracle Corporation) C:\Users\Ricky\Downloads\jre-7u51-windows-x64.exe
aranthrue
2014-03-25, 00:34
FRST Scan part 2
===============================================================================================
2014-03-07 12:52 - 2014-03-07 12:52 - 24024159 _____ () C:\Users\Ricky\Downloads\selenium-java-2.40.0.zip
2014-03-07 12:51 - 2014-03-07 12:51 - 34561710 _____ () C:\Users\Ricky\Downloads\selenium-server-standalone-2.40.0.jar
2014-03-07 09:27 - 2014-03-07 09:28 - 00000000 ____D () C:\Users\Ricky\Documents\Disc Images
2014-03-07 07:44 - 2014-03-07 07:44 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Skype
2014-03-06 22:56 - 2013-09-30 16:26 - 03050808 _____ () C:\Windows\system32\pwNative.exe
2014-03-06 22:56 - 2013-09-30 16:26 - 00019152 ____N () C:\Windows\system32\pwdrvio.sys
2014-03-06 22:56 - 2013-09-30 16:26 - 00012504 ____N () C:\Windows\system32\pwdspio.sys
2014-03-06 22:55 - 2014-03-06 22:55 - 20772800 _____ (MiniTool Solution Ltd. ) C:\Users\Ricky\Downloads\pwhe8.exe
2014-03-06 22:55 - 2014-03-06 22:55 - 00001247 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2014-03-06 22:55 - 2014-03-06 22:55 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1
2014-03-06 07:38 - 2014-03-24 17:19 - 00005255 _____ () C:\Windows\setupact.log
2014-03-06 07:38 - 2014-03-06 07:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 20:46 - 2014-03-05 20:46 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Foxit Advanced PDF Editor
2014-03-05 11:55 - 2014-03-06 18:51 - 00000000 ____D () C:\Users\Ricky\Downloads\Person.of.Interest.S02.Season.2.720p.BluRay.x264-DEMAND [PublicHD]
2014-03-05 11:47 - 2014-03-05 11:47 - 00001382 _____ () C:\Users\Public\Desktop\Foxit Advanced PDF Editor.lnk
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Aspell
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\ProgramData\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\ProgramData\Aspell
2014-03-05 11:44 - 2014-03-05 11:44 - 00000000 ____D () C:\Users\Ricky\Downloads\Foxit Advanced PDF Editor v3.0.5 Incl Crack [TorDigger]
2014-03-05 11:37 - 2014-03-05 11:37 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Foxit Software
2014-03-05 11:37 - 2014-03-05 11:37 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-03-05 11:36 - 2014-03-05 11:47 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-03-05 11:14 - 2014-03-05 11:20 - 33488656 _____ (Foxit Corporation ) C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe
2014-03-05 09:57 - 2014-03-05 09:57 - 00000015 _____ () C:\Users\Public\Documents\class.txt
2014-03-04 22:16 - 2014-03-04 22:16 - 01588492 _____ () C:\Users\Public\Documents\Documents1.zip
2014-03-04 22:14 - 2014-03-04 22:14 - 01588410 _____ () C:\Users\Public\Documents\Documents.zip
2014-03-04 22:08 - 2014-03-04 22:08 - 00420784 _____ (WinZip Computing) C:\Users\Ryan\Downloads\WinZip180.exe
2014-03-04 21:56 - 2014-03-04 21:56 - 00000000 ____D () C:\Users\Ryan\Desktop\Transcript_p1 (2)
2014-03-04 21:54 - 2014-03-04 21:54 - 02654628 _____ () C:\Users\Ryan\Desktop\Transcript_p1 (2).zip
2014-03-04 21:42 - 2014-03-04 21:42 - 00000000 ____D () C:\Users\Public\Documents\Degree_Transcript
2014-03-04 21:39 - 2014-03-04 21:10 - 01550452 _____ () C:\Users\Public\Documents\Degree_Transcript.zip
2014-03-04 21:32 - 2014-03-04 21:25 - 01022976 _____ () C:\Users\Ryan\Desktop\Transcript.part1 - Copy.zip
2014-03-04 21:25 - 2014-03-04 21:25 - 01022976 _____ () C:\Users\Ryan\Desktop\Transcript.part1.rar
2014-03-04 21:25 - 2014-03-04 21:25 - 00556900 _____ () C:\Users\Ryan\Desktop\Transcript.part2.rar
2014-03-04 20:59 - 2014-03-05 21:54 - 00000000 ____D () C:\Users\Ryan\Documents\Application
2014-03-04 18:49 - 2014-03-04 18:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Creative
2014-03-04 17:32 - 2014-03-04 17:32 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\tmp
2014-03-04 15:33 - 2010-06-07 16:45 - 00174848 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CtClsFlt.sys
2014-03-04 15:33 - 2009-05-28 10:49 - 00224768 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CtAudDrv.sys
2014-03-04 15:17 - 2014-03-04 15:19 - 00000000 ____D () C:\Users\Ricky\Documents\Dell WebCam Central
2014-03-04 15:04 - 2014-03-04 15:04 - 155377792 _____ () C:\Users\Ricky\Downloads\Dell_SX2210-Monitor_Webcam SW RC1.1_ R230103 (1).exe
2014-03-04 14:23 - 2014-03-04 14:23 - 00000000 ____D () C:\Users\Ricky\Documents\Dell Webcam Center
2014-03-04 14:06 - 2014-03-04 14:12 - 147278480 _____ () C:\Users\Ricky\Downloads\R168730.EXE
2014-03-04 13:30 - 2014-03-04 13:30 - 00010350 _____ () C:\Users\Ricky\Downloads\SmartSource.MediaManager (1).application
2014-03-04 13:28 - 2014-03-04 13:28 - 00010350 _____ () C:\Users\Ricky\Downloads\SmartSource.MediaManager.application
2014-03-04 12:45 - 2014-03-04 12:45 - 02087752 _____ (Dell Inc) C:\Users\Ricky\Downloads\aulauncher.exe
2014-03-04 12:27 - 2014-03-04 12:27 - 10104832 _____ ((c) Phoenix Technologies Ltd. ) C:\Users\Ricky\Downloads\L702X_A19.exe
2014-03-04 11:42 - 2014-03-04 11:42 - 00010350 _____ () C:\Users\Public\Documents\SmartSource.MediaManager.application
2014-03-03 23:46 - 2014-03-08 14:22 - 00000000 ____D () C:\Users\Ricky\Desktop\mbar
2014-03-03 23:46 - 2014-03-08 09:09 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-03 23:45 - 2014-03-03 23:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Ricky\Downloads\mbar-1.07.0.1009.exe
2014-03-03 23:44 - 2014-03-03 23:44 - 00003288 _____ () C:\Windows\System32\Tasks\{6E0B85B0-D2FC-409A-A0BE-8AB9FEC899DE}
2014-02-28 22:20 - 2014-02-28 22:20 - 00001887 _____ () C:\Users\Public\Desktop\Perfect Effects 8.lnk
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\ProgramData\Nalpeiron
2014-02-28 22:19 - 2014-02-28 22:19 - 00000000 ____D () C:\Program Files\onOne Software
2014-02-28 22:18 - 2014-02-28 22:19 - 00000000 ____D () C:\ProgramData\onOne Software
2014-02-28 22:18 - 2014-02-28 22:18 - 00000000 ____D () C:\Program Files (x86)\onOne Software
2014-02-28 22:18 - 2014-01-23 13:53 - 00070768 _____ (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
2014-02-28 22:18 - 2014-01-23 13:53 - 00070768 _____ (Nalpeiron Ltd.) C:\Windows\system32\nlssrv32.exe
2014-02-28 20:33 - 2014-02-28 20:36 - 276555368 _____ (onOne Software) C:\Users\Public\Documents\Perfect_Effects_8.1.0_PE.exe
2014-02-27 22:12 - 2014-02-27 22:17 - 239047446 ____R () C:\Users\Ricky\Downloads\NCIS.S11E10.HDTV.x264-LOL.mp4
2014-02-26 14:24 - 2014-02-26 14:24 - 00000811 _____ () C:\Users\Public\Desktop\TPE.lnk
2014-02-26 14:24 - 2014-02-26 14:24 - 00000000 ____D () C:\Program Files (x86)\TPE
2014-02-26 14:23 - 2014-02-26 14:23 - 02510340 _____ () C:\Users\Ricky\Downloads\tpe_1_1_1 (1).air
2014-02-26 13:51 - 2014-03-05 11:33 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian
2014-02-26 13:38 - 2014-02-26 13:38 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\iPadian
2014-02-26 12:59 - 2014-02-26 12:59 - 00000650 _____ () C:\Users\Ricky\TPE Locations.kml
2014-02-25 22:53 - 2014-02-25 22:53 - 00026408 _____ () C:\Users\Ricky\Downloads\seats194.xlsx
2014-02-25 14:18 - 2014-02-25 14:18 - 00000000 ____D () C:\Users\Ricky\.thumbnails
2014-02-24 22:17 - 2014-03-15 13:01 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-24 22:17 - 2014-02-24 22:17 - 00002297 _____ () C:\Users\Ricky\Desktop\Chrome App Launcher.lnk
2014-02-24 22:17 - 2014-02-24 22:17 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-02-24 20:31 - 2014-02-24 20:32 - 00000000 ____D () C:\Users\Ricky\Documents\CannonFodder3
2014-02-24 20:20 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-02-24 20:17 - 2014-02-24 21:49 - 00000000 ____D () C:\Program Files (x86)\WildGames
2014-02-24 20:13 - 2014-02-24 20:13 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-24 20:12 - 2014-02-24 20:30 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\WildTangent
2014-02-24 20:12 - 2014-02-24 20:30 - 00000000 ____D () C:\ProgramData\WildTangent
2014-02-24 20:12 - 2014-02-24 20:30 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-02-24 12:57 - 2014-02-24 13:02 - 00004769 _____ () C:\WirelessDiagLog.csv
2014-02-23 18:40 - 2014-02-23 18:40 - 00034015 _____ () C:\Users\Ricky\Downloads\ben-more.gpx
==================== One Month Modified Files and Folders =======
2014-03-24 22:20 - 2014-03-22 15:47 - 00000000 ____D () C:\FRST
2014-03-24 22:20 - 2013-12-21 12:21 - 00000000 ____D () C:\Users\Ricky\Desktop\New folder
2014-03-24 22:13 - 2012-05-22 18:54 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Nero
2014-03-24 21:59 - 2012-05-13 21:04 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-24 21:51 - 2012-05-05 03:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 21:27 - 2012-05-10 05:06 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752273353-578144960-589867486-1001UA.job
2014-03-24 21:26 - 2014-03-24 21:26 - 00000000 ____D () C:\Users\Ricky\Desktop\Forth
2014-03-24 20:51 - 2012-05-05 05:05 - 01862487 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 19:23 - 2009-07-14 05:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-24 19:08 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-24 18:40 - 2013-04-14 18:08 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D20EA9F3-DC89-458E-BA34-98ED90FC408A}
2014-03-24 17:56 - 2014-03-24 17:56 - 00011184 _____ () C:\Users\Ricky\Desktop\Scan Results.140324-1756.txt
2014-03-24 17:26 - 2009-07-14 04:45 - 00026576 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-24 17:26 - 2009-07-14 04:45 - 00026576 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-24 17:24 - 2012-05-13 21:04 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 17:24 - 2012-05-05 03:51 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-24 17:23 - 2013-11-19 21:01 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-03-24 17:23 - 2012-05-05 03:56 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-24 17:23 - 2012-05-05 03:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-24 17:19 - 2014-03-06 07:38 - 00005255 _____ () C:\Windows\setupact.log
2014-03-24 17:19 - 2013-08-12 15:52 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-24 17:19 - 2012-05-05 05:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-24 17:19 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 17:19 - 2009-07-14 04:45 - 05217608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 17:18 - 2014-03-08 14:24 - 00003794 _____ () C:\Windows\PFRO.log
2014-03-24 17:17 - 2014-03-24 16:38 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-03-24 17:13 - 2009-07-14 02:34 - 00000546 _____ () C:\Windows\win.ini
2014-03-24 16:45 - 2012-05-09 20:22 - 00141360 _____ () C:\Users\Ricky\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-24 16:02 - 2014-03-24 16:02 - 00003288 _____ () C:\bootsqm.dat
2014-03-24 15:46 - 2014-03-24 15:46 - 00002157 _____ () C:\Users\Ricky\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-03-24 15:46 - 2014-03-24 15:46 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-03-24 15:45 - 2014-03-24 15:45 - 05198480 _____ () C:\Users\Ricky\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-03-24 15:45 - 2014-03-24 15:45 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-24 14:02 - 2012-05-23 07:00 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-24 14:01 - 2012-05-09 20:25 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Adobe
2014-03-24 13:54 - 2012-05-23 07:05 - 00000000 ____D () C:\Program Files\Adobe
2014-03-24 13:48 - 2012-05-05 03:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-24 13:37 - 2012-05-05 03:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-24 12:43 - 2009-07-14 02:34 - 00000854 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_644
2014-03-24 11:44 - 2014-03-24 11:44 - 00003695 _____ () C:\Users\Ricky\Desktop\RKreport[0]_D_03242014_114444.txt
2014-03-24 11:44 - 2014-03-23 07:51 - 00000000 ____D () C:\Users\Ricky\Desktop\RK_Quarantine
2014-03-24 11:42 - 2014-03-24 11:42 - 00003543 _____ () C:\Users\Ricky\Desktop\RKreport[0]_S_03242014_114224.txt
2014-03-24 11:30 - 2013-05-22 20:28 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-24 11:24 - 2014-03-24 11:24 - 00448512 _____ (OldTimer Tools) C:\Users\Ricky\Desktop\TFC.exe
2014-03-23 15:25 - 2014-03-23 15:25 - 00026050 _____ () C:\Users\Ricky\Desktop\JRT.txt
2014-03-23 15:05 - 2014-03-23 15:05 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 14:55 - 2014-03-23 14:51 - 00000000 ____D () C:\AdwCleaner
2014-03-23 14:11 - 2014-03-22 18:26 - 00000000 ____D () C:\Users\Ricky\Desktop\yelp
2014-03-23 07:57 - 2014-03-23 07:57 - 00003378 _____ () C:\Users\Ricky\Desktop\RKreport[0]_S_03232014_075709.txt
2014-03-23 07:55 - 2014-02-11 20:30 - 00000000 ____D () C:\Users\Ricky\.gimp-2.8
2014-03-23 07:05 - 2014-03-23 07:05 - 00008295 _____ () C:\Users\Ricky\AppData\Local\recently-used.xbel
2014-03-23 07:05 - 2014-03-16 21:38 - 00000000 ____D () C:\Users\Ricky\AppData\Local\gtk-2.0
2014-03-23 07:00 - 2014-03-23 07:00 - 00000000 ____D () C:\Users\Ricky\AppData\Local\webkit
2014-03-22 18:08 - 2013-04-07 12:30 - 00000000 ____D () C:\Users\Ricky\Desktop\For the web
2014-03-22 16:04 - 2014-03-22 16:04 - 00002111 _____ () C:\Users\Ricky\Desktop\aswMBR.txt
2014-03-22 16:04 - 2014-03-22 16:04 - 00000512 _____ () C:\Users\Ricky\Desktop\MBR.dat
2014-03-22 15:42 - 2014-03-22 15:39 - 00002586 _____ () C:\Users\Ricky\Desktop\Rkill.txt
2014-03-22 07:08 - 2012-05-05 04:31 - 00000000 ____D () C:\ProgramData\Sonic
2014-03-21 22:31 - 2012-05-09 21:01 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Windows Live
2014-03-21 22:19 - 2012-12-30 08:42 - 01037824 ___SH () C:\Users\Ricky\Downloads\Thumbs.db
2014-03-21 18:39 - 2012-05-12 13:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-03-21 14:08 - 2012-05-12 08:16 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\uTorrent
2014-03-21 14:01 - 2012-05-09 20:42 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Adobe
2014-03-21 13:40 - 2014-03-21 13:37 - 00000000 ____D () C:\Users\Ricky\Downloads\Adobe Photoshop CC 14.2.1 Final Multilanguage [ChingLiu]
2014-03-21 13:27 - 2014-02-09 10:16 - 00000000 ____D () C:\Users\Ricky\Downloads\Adobe Bridge CC X64 LS20
2014-03-21 07:41 - 2013-01-09 20:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 20:42 - 2013-08-15 11:39 - 00000000 ____D () C:\Users\Ricky\Documents\Outlook Files
2014-03-20 19:23 - 2013-12-22 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 12:46 - 2014-02-08 18:21 - 00000000 ____D () C:\Users\Ricky\Desktop\Untitled Export
2014-03-20 12:32 - 2014-03-20 12:31 - 00000000 ____D () C:\Users\Ricky\Desktop\New folder (2)
2014-03-20 12:30 - 2013-11-04 21:05 - 01522176 ___SH () C:\Users\Ricky\Desktop\Thumbs.db
2014-03-20 12:06 - 2014-03-20 12:06 - 00096086 _____ () C:\Users\Ricky\Desktop\Extras.Txt
2014-03-20 12:03 - 2014-03-20 12:03 - 00256346 _____ () C:\Users\Ricky\Desktop\OTL.Txt
2014-03-20 10:09 - 2014-03-20 10:09 - 04745728 _____ (AVAST Software) C:\Users\Ricky\Desktop\aswMBR (1).exe
2014-03-20 10:05 - 2014-03-20 10:05 - 04745728 _____ (AVAST Software) C:\Users\Ricky\Desktop\aswMBR.exe
2014-03-20 09:50 - 2014-02-19 18:15 - 00000000 ____D () C:\Users\Ricky\Downloads\Google Nik Collection 1.1.1.0 (2014) (patch VVK) [ChingLiu]
2014-03-20 09:49 - 2014-03-20 09:49 - 00602112 _____ (OldTimer Tools) C:\Users\Ricky\Desktop\OTL.exe
2014-03-20 00:00 - 2013-08-01 15:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 23:58 - 2012-05-13 21:09 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 23:32 - 2014-03-19 23:32 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Safer Networking
2014-03-19 23:32 - 2014-03-19 23:32 - 00000000 ____D () C:\Program Files (x86)\Safer Networking
2014-03-19 23:27 - 2012-05-10 05:06 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752273353-578144960-589867486-1001Core.job
2014-03-19 20:28 - 2012-09-16 11:45 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Mozilla
2014-03-19 20:23 - 2013-07-26 05:50 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\GlarySoft
2014-03-19 20:17 - 2013-12-15 20:19 - 00000000 ____D () C:\Users\Ryan
2014-03-19 20:17 - 2012-08-11 20:15 - 00000000 ____D () C:\Users\Guest
2014-03-19 20:17 - 2012-05-09 20:21 - 00000000 ____D () C:\Users\Ricky
2014-03-19 20:17 - 2012-05-05 05:06 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-03-19 20:17 - 2012-05-05 05:05 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-03-19 20:16 - 2013-08-06 07:18 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-19 20:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\security
2014-03-19 20:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-03-19 20:13 - 2012-05-12 08:55 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Skype
2014-03-19 20:12 - 2012-05-10 05:06 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Google
2014-03-19 19:45 - 2014-03-19 19:45 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-19 18:16 - 2012-05-10 05:05 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Deployment
2014-03-19 13:57 - 2013-07-26 06:16 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-03-18 16:01 - 2012-06-17 20:42 - 00143360 ___SH () C:\Users\Ricky\Documents\Thumbs.db
2014-03-18 13:43 - 2012-05-19 17:59 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Spotify
2014-03-18 12:38 - 2012-05-19 18:01 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Spotify
2014-03-18 10:57 - 2014-03-18 10:56 - 00858416 _____ () C:\Windows\Minidump\031814-37970-01.dmp
2014-03-18 10:56 - 2014-01-04 16:50 - 877600200 _____ () C:\Windows\MEMORY.DMP
2014-03-18 10:56 - 2012-07-14 09:32 - 00000000 ____D () C:\Windows\Minidump
2014-03-17 23:09 - 2014-03-17 22:45 - 00000000 ____D () C:\Users\Ricky\Desktop\Clutha
2014-03-17 22:02 - 2012-06-10 07:33 - 00002767 _____ () C:\Users\Public\Desktop\SyncUP.lnk
2014-03-17 22:00 - 2012-05-05 04:41 - 00000000 ____D () C:\ProgramData\Nero
2014-03-17 14:34 - 2014-03-17 14:34 - 00001377 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-17 14:34 - 2013-06-02 13:25 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-17 14:34 - 2012-08-20 20:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-17 14:27 - 2013-06-22 06:58 - 00000818 _____ () C:\Windows\wininit.ini
2014-03-17 14:24 - 2014-03-17 14:24 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Ricky\Downloads\Spybot_Search_Destroy_v2.2.exe
2014-03-16 21:52 - 2014-03-16 21:20 - 00000000 ____D () C:\Users\Ricky\Desktop\Lightroom
2014-03-15 13:01 - 2014-02-24 22:17 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 13:12 - 2014-03-14 13:12 - 00000000 ____D () C:\Users\Ricky\Downloads\cycling-routes
2014-03-14 13:11 - 2014-03-14 13:11 - 00057035 _____ () C:\Users\Ricky\Downloads\cycling-routes.zip
2014-03-13 21:32 - 2012-05-17 07:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 21:32 - 2012-05-05 04:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 20:42 - 2013-02-09 16:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 22:08 - 2014-03-12 22:03 - 00623789 ____R () C:\Users\Ricky\Downloads\Glasgow Herald [Sun, 21 Jul 2013] - calibre.epub
2014-03-12 15:52 - 2012-05-05 03:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 15:52 - 2012-05-05 03:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 15:52 - 2012-05-05 03:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 14:22 - 2014-02-10 20:08 - 00001456 _____ () C:\Users\Ricky\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-11 17:06 - 2014-03-11 17:03 - 00000000 ____D () C:\Users\Ricky\AppData\Local\NVIDIA
2014-03-11 17:05 - 2014-03-11 17:05 - 00001345 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-11 17:05 - 2014-03-11 17:05 - 00000000 ____D () C:\Users\Ricky\AppData\Local\NVIDIA Corporation
2014-03-11 17:05 - 2012-05-05 05:04 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-11 17:03 - 2012-05-05 05:04 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-11 17:03 - 2012-05-05 05:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-11 17:01 - 2014-03-11 17:01 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-03-11 17:01 - 2014-03-11 17:01 - 00000000 ____D () C:\Windows\system32\NV
2014-03-11 16:55 - 2014-03-11 16:55 - 00000000 ____D () C:\NVIDIA
2014-03-11 16:53 - 2014-03-11 16:52 - 276758080 _____ (NVIDIA Corporation) C:\Users\Ricky\Downloads\335.23-notebook-win8-win7-64bit-international-whql.exe
2014-03-08 14:24 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Cursors
2014-03-08 14:22 - 2014-03-03 23:46 - 00000000 ____D () C:\Users\Ricky\Desktop\mbar
2014-03-08 09:09 - 2014-03-03 23:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-07 22:21 - 2014-03-07 22:21 - 00000000 ____D () C:\Users\Ricky\Downloads\The Essential Guide to Portraits - 4th Edition
2014-03-07 17:30 - 2014-03-07 17:30 - 00000000 ____D () C:\Users\Ricky\Downloads\eclipse-standard-kepler-R-win32
2014-03-07 17:19 - 2014-03-07 17:16 - 208584371 _____ () C:\Users\Ricky\Downloads\eclipse-standard-kepler-R-win32.zip
2014-03-07 13:59 - 2014-03-07 13:59 - 00000000 ____D () C:\Users\Ricky\Documents\Selenium test cases
2014-03-07 13:49 - 2014-03-07 13:49 - 00253160 _____ () C:\Users\Ricky\Downloads\junit-4.10.jar
2014-03-07 13:36 - 2014-03-07 13:36 - 00000000 ____D () C:\Users\Ricky\Downloads\selenium-java-2.40.0
2014-03-07 13:28 - 2014-03-07 13:22 - 00000000 ____D () C:\Users\Ricky\workspace
2014-03-07 13:08 - 2014-03-07 13:09 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-07 13:08 - 2014-03-07 13:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-07 13:08 - 2014-03-07 13:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-07 13:08 - 2014-03-07 13:09 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-07 13:08 - 2014-03-07 13:08 - 00000000 ____D () C:\Program Files\Java
2014-03-07 13:08 - 2014-03-07 13:07 - 30796712 _____ (Oracle Corporation) C:\Users\Ricky\Downloads\jre-7u51-windows-x64.exe
2014-03-07 12:52 - 2014-03-07 12:52 - 24024159 _____ () C:\Users\Ricky\Downloads\selenium-java-2.40.0.zip
2014-03-07 12:51 - 2014-03-07 12:51 - 34561710 _____ () C:\Users\Ricky\Downloads\selenium-server-standalone-2.40.0.jar
2014-03-07 09:47 - 2013-08-31 12:47 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\vlc
2014-03-07 09:46 - 2012-06-16 19:53 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\dvdcss
2014-03-07 09:28 - 2014-03-07 09:27 - 00000000 ____D () C:\Users\Ricky\Documents\Disc Images
2014-03-07 07:44 - 2014-03-07 07:44 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Skype
2014-03-07 07:44 - 2013-09-20 20:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-07 07:44 - 2012-05-05 03:54 - 00000000 ____D () C:\ProgramData\Skype
2014-03-06 22:55 - 2014-03-06 22:55 - 20772800 _____ (MiniTool Solution Ltd. ) C:\Users\Ricky\Downloads\pwhe8.exe
2014-03-06 22:55 - 2014-03-06 22:55 - 00001247 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2014-03-06 22:55 - 2014-03-06 22:55 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1
2014-03-06 18:51 - 2014-03-05 11:55 - 00000000 ____D () C:\Users\Ricky\Downloads\Person.of.Interest.S02.Season.2.720p.BluRay.x264-DEMAND [PublicHD]
2014-03-06 18:42 - 2012-08-04 07:55 - 00008704 _____ () C:\Users\Ricky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-06 18:40 - 2013-10-14 18:59 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\DivX
2014-03-06 07:38 - 2014-03-06 07:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 21:54 - 2014-03-04 20:59 - 00000000 ____D () C:\Users\Ryan\Documents\Application
2014-03-05 21:07 - 2013-12-20 12:45 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Nero
2014-03-05 20:54 - 2014-01-28 17:24 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\NVIDIA
2014-03-05 20:46 - 2014-03-05 20:46 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00001382 _____ () C:\Users\Public\Desktop\Foxit Advanced PDF Editor.lnk
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Aspell
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\ProgramData\Foxit Advanced PDF Editor
2014-03-05 11:47 - 2014-03-05 11:47 - 00000000 ____D () C:\ProgramData\Aspell
2014-03-05 11:47 - 2014-03-05 11:36 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-03-05 11:44 - 2014-03-05 11:44 - 00000000 ____D () C:\Users\Ricky\Downloads\Foxit Advanced PDF Editor v3.0.5 Incl Crack [TorDigger]
2014-03-05 11:37 - 2014-03-05 11:37 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Foxit Software
2014-03-05 11:37 - 2014-03-05 11:37 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-03-05 11:33 - 2014-02-26 13:51 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian
2014-03-05 11:20 - 2014-03-05 11:14 - 33488656 _____ (Foxit Corporation ) C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe
2014-03-05 09:57 - 2014-03-05 09:57 - 00000015 _____ () C:\Users\Public\Documents\class.txt
2014-03-04 22:16 - 2014-03-04 22:16 - 01588492 _____ () C:\Users\Public\Documents\Documents1.zip
2014-03-04 22:14 - 2014-03-04 22:14 - 01588410 _____ () C:\Users\Public\Documents\Documents.zip
2014-03-04 22:08 - 2014-03-04 22:08 - 00420784 _____ (WinZip Computing) C:\Users\Ryan\Downloads\WinZip180.exe
2014-03-04 21:56 - 2014-03-04 21:56 - 00000000 ____D () C:\Users\Ryan\Desktop\Transcript_p1 (2)
2014-03-04 21:54 - 2014-03-04 21:54 - 02654628 _____ () C:\Users\Ryan\Desktop\Transcript_p1 (2).zip
2014-03-04 21:42 - 2014-03-04 21:42 - 00000000 ____D () C:\Users\Public\Documents\Degree_Transcript
2014-03-04 21:25 - 2014-03-04 21:32 - 01022976 _____ () C:\Users\Ryan\Desktop\Transcript.part1 - Copy.zip
2014-03-04 21:25 - 2014-03-04 21:25 - 01022976 _____ () C:\Users\Ryan\Desktop\Transcript.part1.rar
2014-03-04 21:25 - 2014-03-04 21:25 - 00556900 _____ () C:\Users\Ryan\Desktop\Transcript.part2.rar
2014-03-04 21:10 - 2014-03-04 21:39 - 01550452 _____ () C:\Users\Public\Documents\Degree_Transcript.zip
2014-03-04 18:49 - 2014-03-04 18:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Creative
2014-03-04 17:39 - 2012-05-05 04:19 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-03-04 17:39 - 2012-05-05 03:34 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-03-04 17:32 - 2014-03-04 17:32 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\tmp
2014-03-04 15:42 - 2012-05-09 20:25 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Creative
2014-03-04 15:19 - 2014-03-04 15:17 - 00000000 ____D () C:\Users\Ricky\Documents\Dell WebCam Central
2014-03-04 15:04 - 2014-03-04 15:04 - 155377792 _____ () C:\Users\Ricky\Downloads\Dell_SX2210-Monitor_Webcam SW RC1.1_ R230103 (1).exe
2014-03-04 14:44 - 2012-05-05 04:13 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-03-04 14:35 - 2014-03-11 16:58 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-04 14:35 - 2014-03-11 16:58 - 00033736 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-03-04 14:35 - 2014-03-11 16:57 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-04 14:35 - 2014-03-11 16:57 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-04 14:35 - 2014-03-11 16:57 - 00300320 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2014-03-04 14:35 - 2012-10-08 11:42 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-04 14:35 - 2012-05-05 04:26 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-04 14:35 - 2012-05-05 04:26 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-04 14:23 - 2014-03-04 14:23 - 00000000 ____D () C:\Users\Ricky\Documents\Dell Webcam Center
2014-03-04 14:12 - 2014-03-04 14:06 - 147278480 _____ () C:\Users\Ricky\Downloads\R168730.EXE
2014-03-04 13:30 - 2014-03-04 13:30 - 00010350 _____ () C:\Users\Ricky\Downloads\SmartSource.MediaManager (1).application
2014-03-04 13:28 - 2014-03-04 13:28 - 00010350 _____ () C:\Users\Ricky\Downloads\SmartSource.MediaManager.application
2014-03-04 13:06 - 2012-05-05 05:05 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-04 13:06 - 2012-05-05 05:05 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin
2014-03-04 13:05 - 2012-05-05 05:05 - 02558808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 01075032 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-04 13:05 - 2012-05-05 05:05 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-03-04 13:05 - 2012-05-05 05:05 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-04 12:45 - 2014-03-04 12:45 - 02087752 _____ (Dell Inc) C:\Users\Ricky\Downloads\aulauncher.exe
2014-03-04 12:27 - 2014-03-04 12:27 - 10104832 _____ ((c) Phoenix Technologies Ltd. ) C:\Users\Ricky\Downloads\L702X_A19.exe
2014-03-04 11:42 - 2014-03-04 11:42 - 00010350 _____ () C:\Users\Public\Documents\SmartSource.MediaManager.application
2014-03-04 11:32 - 2014-03-11 17:01 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-04 07:05 - 2012-05-09 20:49 - 00000000 ____D () C:\ProgramData\Creative
2014-03-03 23:45 - 2014-03-03 23:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Ricky\Downloads\mbar-1.07.0.1009.exe
2014-03-03 23:44 - 2014-03-03 23:44 - 00003288 _____ () C:\Windows\System32\Tasks\{6E0B85B0-D2FC-409A-A0BE-8AB9FEC899DE}
2014-03-03 16:12 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-03-02 20:39 - 2012-06-04 12:38 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\NVIDIA
2014-03-01 06:05 - 2014-03-13 07:31 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:17 - 2014-03-13 07:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 05:16 - 2014-03-13 07:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 - 2014-03-13 07:31 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 04:52 - 2014-03-13 07:31 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-13 07:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:42 - 2014-03-13 07:31 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 04:40 - 2014-03-13 07:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 04:37 - 2014-03-13 07:31 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 04:33 - 2014-03-13 07:31 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 04:33 - 2014-03-13 07:31 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 04:32 - 2014-03-13 07:31 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 04:30 - 2014-03-13 07:31 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 04:23 - 2014-03-13 07:31 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 - 2014-03-13 07:31 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:11 - 2014-03-13 07:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 04:02 - 2014-03-13 07:31 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 03:54 - 2014-03-13 07:31 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 03:52 - 2014-03-13 07:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 03:51 - 2014-03-13 07:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 03:47 - 2014-03-13 07:31 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 03:43 - 2014-03-13 07:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 03:43 - 2014-03-13 07:31 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 03:42 - 2014-03-13 07:31 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 03:40 - 2014-03-13 07:31 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 03:38 - 2014-03-13 07:31 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 03:37 - 2014-03-13 07:31 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 03:35 - 2014-03-13 07:31 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 03:18 - 2014-03-13 07:31 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 03:16 - 2014-03-13 07:31 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 03:14 - 2014-03-13 07:31 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 03:10 - 2014-03-13 07:31 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 03:03 - 2014-03-13 07:31 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 03:00 - 2014-03-13 07:31 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 02:57 - 2014-03-13 07:31 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 02:38 - 2014-03-13 07:31 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 02:32 - 2014-03-13 07:31 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 02:27 - 2014-03-13 07:31 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 02:25 - 2014-03-13 07:31 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 02:25 - 2014-03-13 07:31 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 22:20 - 2014-02-28 22:20 - 00001887 _____ () C:\Users\Public\Desktop\Perfect Effects 8.lnk
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\onOne Software
2014-02-28 22:20 - 2014-02-28 22:20 - 00000000 ____D () C:\ProgramData\Nalpeiron
2014-02-28 22:19 - 2014-02-28 22:19 - 00000000 ____D () C:\Program Files\onOne Software
2014-02-28 22:19 - 2014-02-28 22:18 - 00000000 ____D () C:\ProgramData\onOne Software
2014-02-28 22:19 - 2013-12-15 20:20 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Adobe
2014-02-28 22:19 - 2012-08-11 20:15 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-02-28 22:18 - 2014-02-28 22:18 - 00000000 ____D () C:\Program Files (x86)\onOne Software
2014-02-28 20:36 - 2014-02-28 20:33 - 276555368 _____ (onOne Software) C:\Users\Public\Documents\Perfect_Effects_8.1.0_PE.exe
2014-02-27 22:17 - 2014-02-27 22:12 - 239047446 ____R () C:\Users\Ricky\Downloads\NCIS.S11E10.HDTV.x264-LOL.mp4
2014-02-26 22:38 - 2012-11-21 21:35 - 00000000 ___SD () C:\Users\Ricky\Google Drive
2014-02-26 14:24 - 2014-02-26 14:24 - 00000811 _____ () C:\Users\Public\Desktop\TPE.lnk
2014-02-26 14:24 - 2014-02-26 14:24 - 00000000 ____D () C:\Program Files (x86)\TPE
2014-02-26 14:23 - 2014-02-26 14:23 - 02510340 _____ () C:\Users\Ricky\Downloads\tpe_1_1_1 (1).air
2014-02-26 13:38 - 2014-02-26 13:38 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\iPadian
2014-02-26 12:59 - 2014-02-26 12:59 - 00000650 _____ () C:\Users\Ricky\TPE Locations.kml
2014-02-26 12:20 - 2013-05-22 20:27 - 00000000 ____D () C:\Program Files\My Dell
2014-02-25 22:53 - 2014-02-25 22:53 - 00026408 _____ () C:\Users\Ricky\Downloads\seats194.xlsx
2014-02-25 21:38 - 2011-02-10 14:54 - 00766780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 14:18 - 2014-02-25 14:18 - 00000000 ____D () C:\Users\Ricky\.thumbnails
2014-02-24 22:17 - 2014-02-24 22:17 - 00002297 _____ () C:\Users\Ricky\Desktop\Chrome App Launcher.lnk
2014-02-24 22:17 - 2014-02-24 22:17 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-02-24 21:49 - 2014-02-24 20:17 - 00000000 ____D () C:\Program Files (x86)\WildGames
2014-02-24 21:49 - 2013-09-08 20:27 - 00000000 ____D () C:\Users\Ricky\Downloads\NCIS.S10E02.HDTV.XviD-AFG
2014-02-24 21:49 - 2013-09-01 20:53 - 00000000 ____D () C:\Users\Ricky\Downloads\Star Wars Episode III Revenge of the Sith (2005) [1080p]
2014-02-24 21:49 - 2013-09-01 11:22 - 00000000 ____D () C:\Users\Ricky\Downloads\Despicable Me 2 2013 720p TS XviD MP3 MiLLENiUM
2014-02-24 21:49 - 2013-09-01 10:57 - 00000000 ____D () C:\Users\Ricky\Downloads\The Reluctant Fundamentalist[2012]BRRip XviD-ETRG
2014-02-24 21:49 - 2013-08-31 12:46 - 00000000 ____D () C:\Users\Ricky\Downloads\vlc-2.1.0-pre2-win32
2014-02-24 21:49 - 2013-08-22 21:18 - 00000000 ____D () C:\Users\Ricky\Downloads\Monty Python's Life of Brian (1979).DVDRip.XviD.Ekolb
2014-02-24 21:49 - 2013-08-20 07:00 - 00000000 ____D () C:\Users\Ricky\Downloads\Oblivion (2013) [1080p]
2014-02-24 21:49 - 2013-08-11 17:11 - 00000000 ____D () C:\Users\Ricky\Downloads\Microsoft Office 2010 Proffesional
2014-02-24 21:49 - 2013-07-22 14:43 - 00000000 ____D () C:\Users\Ricky\Downloads\RealTemp_370
2014-02-24 21:49 - 2013-01-28 05:05 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-02-24 21:49 - 2012-05-19 17:37 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Dell Edoc Viewer
2014-02-24 21:49 - 2012-05-05 03:17 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-24 21:49 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-24 20:32 - 2014-02-24 20:31 - 00000000 ____D () C:\Users\Ricky\Documents\CannonFodder3
2014-02-24 20:30 - 2014-02-24 20:12 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\WildTangent
2014-02-24 20:30 - 2014-02-24 20:12 - 00000000 ____D () C:\ProgramData\WildTangent
2014-02-24 20:30 - 2014-02-24 20:12 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-02-24 20:13 - 2014-02-24 20:13 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-24 13:02 - 2014-02-24 12:57 - 00004769 _____ () C:\WirelessDiagLog.csv
2014-02-23 18:40 - 2014-02-23 18:40 - 00034015 _____ () C:\Users\Ricky\Downloads\ben-more.gpx
2014-02-22 17:02 - 2013-07-27 08:15 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\DiskDefrag
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-03 16:05
==================== End Of Log ============================
Not good when we see cracks/keygens
C:\Users\Ricky\Downloads\Foxit Advanced PDF Editor v3.0.5 Incl Crack [TorDigger]
They mostly come in bundled with unwanted added features.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:
C:\Users\Ryan\Downloads\WinZip180.exe
Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
****************
http://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php). Never download Malwarebytes' Anti-Malware from other sources.
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish
aranthrue
2014-03-25, 13:28
Update
After running Spybot for my last message, I did not attempt to fix the problems. This morning I ran Spybot again, and this time I chose to fix the problems. I then rebooted and ran Spybot one more time. This time Somoto was not found. It looks like the work you asked me to do removed the underlying disease but left a 'cosmetic' entity which Spybot was able to remove.
Juliet, thank you, you've been a massive help. If you ever find yourself in Glasgow, I'm buying! I'll also be making donations to the guys whose applications ive used.
Thank you once again Juliet. :)
aranthrue
2014-03-25, 17:49
Not good when we see cracks/keygens
C:\Users\Ricky\Downloads\Foxit Advanced PDF Editor v3.0.5 Incl Crack [TorDigger]
They mostly come in bundled with unwanted added features.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:
C:\Users\Ryan\Downloads\WinZip180.exe
Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
****************
http://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php). Never download Malwarebytes' Anti-Malware from other sources.
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish
==========================================================================================================================
Sorry, Juliet, I did not see this post until now. I've had malwarebytes for a nnumber of years but I cant remember where I downloaded it from. Ive therefore uninstalled it and installed it again as per your instruction. A scan is running right now. I'll post all results and upload the file on scan completion.
Update
After running Spybot for my last message, I did not attempt to fix the problems. This morning I ran Spybot again, and this time I chose to fix the problems. I then rebooted and ran Spybot one more time. This time Somoto was not found. It looks like the work you asked me to do removed the underlying disease but left a 'cosmetic' entity which Spybot was able to remove.
Juliet, thank you, you've been a massive help. If you ever find yourself in Glasgow, I'm buying! I'll also be making donations to the guys whose applications ive used.
Thank you once again Juliet. :)
I'll take you up on that beer!
I enjoy helping people who are grateful, and I do not expect to see much with the resulting scans.
After you report back with those, if there is a bad file we will remove it, then we'll remove tools and quarantine folders....giving preventive tips too.
aranthrue
2014-03-26, 01:54
Virus Total link - https://www.virustotal.com/en/file/15c1ce66a116441c79e1bacc0a0a0d3330d4f02fae7de1919549e513238864c4/analysis/
============================================================================================
Malwarebytes Scan - This found some of my Nikon RAW photograph files. Possibly because the file name started with an underscore. I cleaned them regardless
============================================================================================
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 25/03/2014
Scan Time: 16:26:26
Logfile:
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.03.25.04
Rootkit Database: v2014.03.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ricky
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331405
Time Elapsed: 44 min, 59 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 6
PUP.Optional.FunMoods.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [98e0bb4c0e6d6bcb6ddc62b20bf717e9],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-752273353-578144960-589867486-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [98e0bb4c0e6d6bcb6ddc62b20bf717e9],
PUP.Optional.FunMoods.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [98e0bb4c0e6d6bcb6ddc62b20bf717e9],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-752273353-578144960-589867486-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [98e0bb4c0e6d6bcb6ddc62b20bf717e9],
PUP.Optional.Funmoods.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [5325d6314a31db5bd3c6260fa45e946c],
PUP.Optional.Funmoods.A, HKU\S-1-5-21-752273353-578144960-589867486-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [5325d6314a31db5bd3c6260fa45e946c],
Registry Values: 1
Trojan.Downloader, HKU\S-1-5-21-752273353-578144960-589867486-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Audio HD Driver, C:\Users\Guest\AppData\Local\Temp\guitarpro.exe, Quarantined, [91e77b8c83f89b9b74717c561ee4e11f]
Registry Data: 0
(No malicious items detected)
Folders: 4
Trojan.Agent, C:\Users\Ricky\20131226, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131229, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20140104, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140105, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Files: 94
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4865.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4850.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4851.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4852.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4853.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4854.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4855.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4856.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4857.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4858.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4859.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4860.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4861.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4862.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4863.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4864.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4866.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4867.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4868.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4869.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4870.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4871.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4872.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4873.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4874.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4875.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4876.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4877.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4878.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4879.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4880.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4881.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4882.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4883.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4884.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4885.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4886.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4887.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4888.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4889.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4890.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4891.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4892.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131226\_DSC4893.NEF, Quarantined, [4533f90ec4b778be9abb430844be6898],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4902.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4903.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4904.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4905.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4906.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4907.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4908.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4909.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4910.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4911.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4912.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4913.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4914.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4915.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4916.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4917.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4918.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20131229\_DSC4919.NEF, Quarantined, [6711db2cdd9ea5917dd8d972fb0720e0],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4920.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4921.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4922.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4923.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4924.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4925.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4926.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4927.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4928.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4929.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4930.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4931.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4932.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4933.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4934.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4935.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4936.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4937.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140104\_DSC4938.NEF, Quarantined, [91e7c641f784aa8cada88cbfcc36f10f],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4939.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4940.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4941.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4942.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4943.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4944.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4945.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4946.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4947.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4948.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4949.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4950.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Trojan.Agent, C:\Users\Ricky\20140105\_DSC4951.NEF, Quarantined, [591f23e49eddfc3a9db81d2ec1415ba5],
Physical Sectors: 0
(No malicious items detected)
(end)
ESETSCAN
===========================================================================================================
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Temp\guitarpro.exe.xBAD MSIL/Arcdoor.AK worm
C:\FRST\Quarantine\C\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.26.9.505_0\APISupport\APISupport.dll a variant of Win32/Toolbar.Conduit.Z potentially unwanted application
C:\FRST\Quarantine\C\Users\Ricky\AppData\Local\Temp\Windows-Auth-Host-Service.exe.xBAD MSIL/Arcdoor.AK worm
C:\FRST\Quarantine\C\Users\Ryan\AppData\Local\Temp\Windows-Auth-Host-Service.exe.xBAD MSIL/Arcdoor.AK worm
C:\Program Files\Common Files\Windows-Auth-Host-Service.exe MSIL/Arcdoor.AK worm
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Guest\AppData\Roaming\guitarpro.exe MSIL/Arcdoor.AK worm
C:\Users\Guest\Downloads\Never_Blue04_8668_319894.exe Win32/InstallMonetizer.AG potentially unwanted application
C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe MSIL/Arcdoor.AK worm
C:\Users\Ricky\AppData\Roaming\GooglePlug\genius.exe MSIL/Arcdoor.AK worm
C:\Users\Ricky\Downloads\BickhamScriptFancy2_Font_Installer.exe a variant of Win32/OpenInstall potentially unwanted application
C:\Users\Ricky\Downloads\Core-Temp-setup.exe probably a variant of Win32/Complitly.A potentially unwanted application
C:\Users\Ricky\Downloads\CrK.rar a variant of MSIL/HackKMS.A potentially unsafe application
C:\Users\Ricky\Downloads\orionsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Ricky\Downloads\pal_install_r109888.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Ricky\Downloads\Unlockroot\Unlockroot\unlockroot.exe Win32/UnlockRoot potentially unsafe application
C:\Users\Ryan\AppData\Roaming\Audio-HD-Service.exe MSIL/Arcdoor.AK worm
C:\Users\Ryan\Downloads\WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application
D:\My Documents\Downloads\easetup.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application
D:\NewsBin\Amateur_Photographer_-_January_4_2014__UK.zip MSIL/TrojanDownloader.Agent.NZ trojan
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 10.zip a variant of Win32/OpenInstall potentially unwanted application
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 14.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 18.zip multiple threats
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 19.zip MSIL/Arcdoor.AK worm
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 27.zip a variant of Win32/Toolbar.Conduit.Z potentially unwanted application
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 1.zip a variant of Win32/OpenCandy.A potentially unsafe application
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 11.zip a variant of Win32/OpenInstall potentially unwanted application
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 15.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 20.zip Win32/UnlockRoot potentially unsafe application
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 21.zip MSIL/Arcdoor.AK worm
WINZIP180.exe - File Upload Manager refused to allow upload saying it was an invalid file
Did you speak too soon? These scans appear to have been productive. The beer's the being kept cold. :)
I need a big cold one after that!, just joking.
You had infected backup files too.
I'm going to script Farbar Recovery Scan Tool to reboot the computer at the end to completely remove what was found.
Afterwards please give me an update on how the computer is behaving.
This will be my last post for the night since it's late here but I'll be back in the morning.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
C:\Users\Ryan\Downloads\WinZip180.exe
C:\Program Files\Common Files\Windows-Auth-Host-Service.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
C:\Users\Guest\AppData\Roaming\guitarpro.exe
C:\Users\Guest\Downloads\Never_Blue04_8668_319894.exe
C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe
C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe
C:\Users\Ricky\AppData\Roaming\GooglePlug\genius.exe
C:\Users\Ricky\Downloads\BickhamScriptFancy2_Font_Installer.exe
C:\Users\Ricky\Downloads\Core-Temp-setup.exe
C:\Users\Ricky\Downloads\CrK.rar
C:\Users\Ricky\Downloads\orionsetup.exe
C:\Users\Ricky\Downloads\pal_install_r109888.exe
C:\Users\Ricky\Downloads\Unlockroot\Unlockroot\unlockroot.exe
C:\Users\Ryan\AppData\Roaming\Audio-HD-Service.exe
D:\My Documents\Downloads\easetup.exe
D:\NewsBin\Amateur_Photographer_-_January_4_2014__UK.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 10.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 14.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 18.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 19.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 27.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 1.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 11.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 15.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 20.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 21.zip
Reboot:
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
aranthrue
2014-03-26, 10:36
FRST fixlog
===================================================================
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Ricky at 2014-03-26 07:50:23 Run:3
Running from C:\Users\Ricky\Desktop\New Folder
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\Users\Ryan\Downloads\WinZip180.exe
C:\Program Files\Common Files\Windows-Auth-Host-Service.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
C:\Users\Guest\AppData\Roaming\guitarpro.exe
C:\Users\Guest\Downloads\Never_Blue04_8668_319894.exe
C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe
C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe
C:\Users\Ricky\AppData\Roaming\GooglePlug\genius.exe
C:\Users\Ricky\Downloads\BickhamScriptFancy2_Font_Installer.exe
C:\Users\Ricky\Downloads\Core-Temp-setup.exe
C:\Users\Ricky\Downloads\CrK.rar
C:\Users\Ricky\Downloads\orionsetup.exe
C:\Users\Ricky\Downloads\pal_install_r109888.exe
C:\Users\Ricky\Downloads\Unlockroot\Unlockroot\unlockroot.exe
C:\Users\Ryan\AppData\Roaming\Audio-HD-Service.exe
D:\My Documents\Downloads\easetup.exe
D:\NewsBin\Amateur_Photographer_-_January_4_2014__UK.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 10.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 14.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 18.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 19.zip
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 27.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 1.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 11.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 15.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 20.zip
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 21.zip
Reboot:
end
*****************
C:\Users\Ryan\Downloads\WinZip180.exe => Moved successfully.
C:\Program Files\Common Files\Windows-Auth-Host-Service.exe => Moved successfully.
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe => Moved successfully.
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe => Moved successfully.
C:\Users\Guest\AppData\Roaming\guitarpro.exe => Moved successfully.
C:\Users\Guest\Downloads\Never_Blue04_8668_319894.exe => Moved successfully.
C:\Users\Public\Documents\FoxitReader614.0217_enu_Setup.exe => Moved successfully.
C:\Users\Ricky\AppData\Roaming\Audio-HD-Service.exe => Moved successfully.
C:\Users\Ricky\AppData\Roaming\GooglePlug\genius.exe => Moved successfully.
C:\Users\Ricky\Downloads\BickhamScriptFancy2_Font_Installer.exe => Moved successfully.
C:\Users\Ricky\Downloads\Core-Temp-setup.exe => Moved successfully.
C:\Users\Ricky\Downloads\CrK.rar => Moved successfully.
C:\Users\Ricky\Downloads\orionsetup.exe => Moved successfully.
C:\Users\Ricky\Downloads\pal_install_r109888.exe => Moved successfully.
C:\Users\Ricky\Downloads\Unlockroot\Unlockroot\unlockroot.exe => Moved successfully.
C:\Users\Ryan\AppData\Roaming\Audio-HD-Service.exe => Moved successfully.
D:\My Documents\Downloads\easetup.exe => Moved successfully.
D:\NewsBin\Amateur_Photographer_-_January_4_2014__UK.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 10.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 14.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 18.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 19.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-02 202708\Backup Files 2014-03-02 202708\Backup files 27.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 1.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 11.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 15.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 20.zip => Moved successfully.
D:\RICKY-PC\Backup Set 2014-03-23 190004\Backup Files 2014-03-23 190004\Backup files 21.zip => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Hope you slept well, Juliet. How is this looking?
Looks good to me, how's the computer now?
aranthrue
2014-03-26, 17:56
Everything's ship shape and tickety boo. You're a star, Juliet. Once again, many thanks. I look forward to the beer. :)
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
start
DeleteQuarantine:
end
****************
Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg
Click Run
Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.
***************************
Your good to go, good job!
Please take the time to read over a few of my preventive tips.
Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.
Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
AdblockPlus
AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go
Yellow for caution
Red to stop
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)
*********************************************
Please read the following safe computing articles..
Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)
Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)
Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.