Jump to content

afalwell

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. OK did as you said and disabled any p2p.. heres the scan and thank you very much! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01 Ran by adam (administrator) on WINDOWS7 on 17-04-2014 20:56:55Running from C:\Users\adam\DownloadsWindows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe() C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe(Adobe Systems Inc.) H:\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe() C:\Windows\SysWOW64\PnkBstrA.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe(Microsoft Corporation) C:\Windows\System32\alg.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)HKLM\...\Run: [saiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)HKLM-x32\...\Run: [ASUS ShellProcess Execute] => C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe [252544 2010-11-25] (ASUSTeK Computer Inc.)HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442712 2013-11-17] (Razer Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [595144 2014-03-01] (Murray Hurps Software Pty Ltd)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => H:\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] => H:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)HKU\S-1-5-21-3499009517-249378216-1369760778-1000\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2639144 2010-11-26] (CyberLink Corp.)HKU\S-1-5-21-3499009517-249378216-1369760778-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-3499009517-249378216-1369760778-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4409480 2014-03-12] (Plex, Inc.)HKU\S-1-5-21-3499009517-249378216-1369760778-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)HKU\S-1-5-21-3499009517-249378216-1369760778-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -schedulerHKU\S-1-5-21-3499009517-249378216-1369760778-1000\...\Run: [GoogleChromeAutoLaunch_8D10E1676597F4FC1374B4572ED3AE1B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-01] (Google Inc.)HKU\S-1-5-21-3499009517-249378216-1369760778-1000\...\Run: [Google Update] => C:\Users\adam\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-06] (Google Inc.)HKU\S-1-5-21-3499009517-249378216-1369760778-1000\...\Run: [PyBitmessage] => C:\Bitmessage\Bitmessage.exe [15298071 2014-04-15] ()HKU\S-1-5-21-3499009517-249378216-1369760778-1000\...\MountPoints2: {0e561709-a3d9-11e3-8e36-002683348d69} - K:\menu.exeHKU\S-1-5-21-3499009517-249378216-1369760778-1000\...\MountPoints2: {47278540-76d9-11e3-bc45-806e6f6e6963} - G:\dvdcheck.exeHKU\S-1-5-21-3499009517-249378216-1369760778-1000\...\MountPoints2: {d9577675-c09e-11e3-bb5f-002683348d69} - K:\iStudio.exeHKU\S-1-5-21-3499009517-249378216-1369760778-1000\...\MountPoints2: {f5c6c840-76cf-11e3-934b-806e6f6e6963} - E:\setup.exeStartup: C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitcoin.lnkShortcutTarget: Bitcoin.lnk -> C:\Program Files\Bitcoin\bitcoin-qt.exe ()Startup: C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\namecoin-qt - Shortcut.lnkShortcutTarget: namecoin-qt - Shortcut.lnk -> C:\namecoin\namecoin-qt.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE36E7D6FDA0ACF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usBHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Tcpip\..\Interfaces\{93752441-14E9-4AC4-9CCD-BA5C3BD8E2F7}: [NameServer]192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @qq.com/npchrome - C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No FileFF Plugin-x32: @qq.com/npqscall - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No FileFF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Acrobat - H:\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\adam\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\adam\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - H:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - H:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-03-27] ==================== Services (Whitelisted) ================= R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)U2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe [1457664 2012-06-18] (ASUSTeK Computer Inc.)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-23] (Intel Corporation)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-21] ()R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-21] (AVG Technologies)S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)R3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] ()R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-01-02] ()R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2013-11-15] (Razer Inc)R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [30888 2013-11-15] (Razer Inc)R3 SaiK0764; C:\Windows\System32\DRIVERS\SaiK0764.sys [175624 2010-10-13] (Saitek)R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2014-01-06] (Duplex Secure Ltd.)S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-17 20:56 - 2014-04-17 20:57 - 00020862 _____ () C:\Users\adam\Downloads\FRST.txt2014-04-17 20:56 - 2014-04-17 20:56 - 02158592 _____ (Farbar) C:\Users\adam\Downloads\FRST64.exe2014-04-17 20:56 - 2014-04-17 20:56 - 00000000 ____D () C:\FRST2014-04-17 20:14 - 2014-04-17 20:15 - 00000243 _____ () C:\Users\adam\Downloads\namecoin.reg2014-04-17 04:56 - 2014-04-17 04:56 - 00000000 ___SD () C:\ComboFix2014-04-17 04:56 - 2014-04-17 04:56 - 00000000 ____D () C:\Windows\erdnt2014-04-17 04:56 - 2014-04-17 04:56 - 00000000 ____D () C:\Qoobox2014-04-17 04:56 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe2014-04-17 04:56 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe2014-04-17 04:56 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-04-17 04:56 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-04-17 04:56 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-04-17 04:56 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe2014-04-17 04:56 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe2014-04-17 04:56 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe2014-04-17 04:55 - 2014-04-17 04:55 - 00002798 _____ () C:\Users\adam\Desktop\RKreport[0]_S_04172014_045539.txt2014-04-17 04:53 - 2014-04-17 04:53 - 00000960 _____ () C:\Users\adam\Desktop\RKreport[0]_S_04172014_045322.txt2014-04-17 04:49 - 2014-04-17 04:55 - 00000000 ____D () C:\Users\adam\Desktop\RK_Quarantine2014-04-17 02:23 - 2014-04-17 20:51 - 00000000 ____D () C:\ProgramData\boost_interprocess2014-04-17 02:15 - 2014-04-17 02:19 - 00000000 ____D () C:\AdwCleaner2014-04-17 02:03 - 2014-04-17 02:03 - 00050477 _____ () C:\Users\adam\Downloads\Defogger.exe2014-04-17 02:03 - 2014-04-17 02:03 - 00000728 _____ () C:\Users\adam\Downloads\defogger_disable.log2014-04-17 02:03 - 2014-04-17 02:03 - 00000380 _____ () C:\Users\adam\defogger_reenable2014-04-17 00:31 - 2014-04-17 20:50 - 00001120 _____ () C:\Windows\setupact.log2014-04-17 00:31 - 2014-04-17 20:46 - 00001976 _____ () C:\Windows\PFRO.log2014-04-17 00:31 - 2014-04-17 00:31 - 00000000 _____ () C:\Windows\setuperr.log2014-04-17 00:13 - 2014-04-17 00:13 - 00001377 _____ () C:\Users\Public\Desktop\FolderSizes 7.lnk2014-04-17 00:13 - 2014-04-17 00:13 - 00000000 ____D () C:\ProgramData\Key Metric Software2014-04-17 00:13 - 2014-04-17 00:13 - 00000000 ____D () C:\ProgramData\2003-05.com.keymetricsoft2014-04-17 00:13 - 2014-04-17 00:13 - 00000000 ____D () C:\Program Files\Key Metric Software2014-04-17 00:12 - 2014-04-17 00:12 - 16964872 _____ (Key Metric Software) C:\Users\adam\Downloads\fs7-setup.exe2014-04-17 00:12 - 2014-04-17 00:12 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Key Metric Software2014-04-17 00:07 - 2014-04-17 00:07 - 00656118 _____ () C:\Users\adam\Documents\cc_20140417_000658.reg2014-04-17 00:07 - 2014-04-17 00:07 - 00000000 ____D () C:\Windows\pss2014-04-17 00:05 - 2014-04-17 00:05 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-04-17 00:05 - 2014-04-17 00:05 - 00000000 ____D () C:\Program Files\CCleaner2014-04-17 00:00 - 2014-04-17 00:09 - 00000000 ___RD () C:\Users\adam\Desktop\Former Desktop Items2014-04-16 23:52 - 2014-04-16 23:52 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core2014-04-16 23:52 - 2014-04-16 23:52 - 00000000 ____D () C:\Program Files\Bitcoin2014-04-16 12:01 - 2014-04-16 12:03 - 00000000 ____D () C:\Users\adam\Documents\Tencent Files2014-04-16 12:01 - 2014-04-16 12:01 - 00000000 ____D () C:\Users\Public\Documents\Tencent2014-04-16 12:00 - 2009-02-18 02:51 - 00018760 _____ () C:\Windows\SysWOW64\QQVistaHelper.dll2014-04-16 05:18 - 2014-04-16 05:22 - 00000000 ____D () C:\dimg2014-04-16 05:18 - 2014-04-16 05:18 - 00000000 ____D () C:\Program Files (x86)\ImageWriter2014-04-16 05:07 - 2014-04-16 05:07 - 00000000 ____D () C:\Users\adam\AppData\Roaming\BaiduYunGuanjia2014-04-15 20:22 - 2014-04-15 20:26 - 00000000 ____D () C:\Bitmessage2014-04-15 19:33 - 2014-04-17 00:24 - 00000000 ____D () C:\Users\adam\AppData\Roaming\PyBitmessage2014-04-15 05:42 - 2014-04-17 20:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-04-15 05:42 - 2014-04-15 05:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-15 05:42 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-04-15 05:42 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-04-15 05:39 - 2014-04-15 05:46 - 00000000 ____D () C:\cpuminer2014-04-15 05:35 - 2014-04-15 05:35 - 00000121 _____ () C:\cudaminer.bat2014-04-15 05:27 - 2014-04-15 05:27 - 00000000 ____D () C:\cudaminer2014-04-15 05:24 - 2014-04-15 05:24 - 00000000 ____D () C:\mining2014-04-10 20:29 - 2014-04-10 20:29 - 00000000 ___RD () C:\Users\adam\AppData\Roaming\Brother2014-04-09 14:36 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-04-09 14:36 - 2014-03-30 21:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-04-09 14:36 - 2014-03-30 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-04-09 14:36 - 2014-03-30 19:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-04-09 14:36 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2014-04-09 14:36 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2014-04-09 14:36 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2014-04-09 14:36 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2014-04-09 14:36 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2014-04-09 14:36 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2014-04-09 14:36 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2014-04-09 14:36 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2014-04-09 14:36 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2014-04-09 14:36 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2014-04-09 14:36 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2014-04-09 14:36 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys2014-04-09 14:36 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys2014-04-09 14:36 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys2014-04-09 14:36 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll2014-04-09 14:36 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll2014-04-09 14:36 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys2014-04-06 20:01 - 2014-04-06 20:01 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary2014-04-06 20:00 - 2014-04-17 20:12 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3499009517-249378216-1369760778-1000Core.job2014-04-06 20:00 - 2014-04-17 20:05 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3499009517-249378216-1369760778-1000UA.job2014-04-06 20:00 - 2014-04-06 20:00 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3499009517-249378216-1369760778-1000UA2014-04-06 20:00 - 2014-04-06 20:00 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3499009517-249378216-1369760778-1000Core2014-04-06 18:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll2014-04-06 18:56 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll2014-04-06 18:56 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll2014-04-06 18:46 - 2014-04-06 18:46 - 00000000 ____D () C:\ProgramData\PMB Files2014-04-06 18:46 - 2014-04-06 18:46 - 00000000 ____D () C:\Program Files (x86)\Pando Networks2014-04-06 18:45 - 2014-04-06 18:46 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Riot Games2014-03-29 18:29 - 2014-04-17 00:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-03-29 18:29 - 2014-03-29 18:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy2014-03-27 20:01 - 2014-03-27 20:01 - 00000000 ____D () C:\Users\adam\Documents\Fragments2014-03-27 19:58 - 2014-03-27 19:59 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe2014-03-27 19:40 - 2014-03-27 19:40 - 00000000 ____D () C:\Program Files\Adobe2014-03-27 19:38 - 2014-03-27 19:38 - 00000000 ____D () C:\ProgramData\ALM2014-03-27 19:29 - 2014-03-27 19:29 - 00000000 ____D () C:\Users\adam\Adobe Flash Builder 4.62014-03-27 19:14 - 2014-03-27 19:14 - 00000000 ____D () C:\Program Files (x86)\My Company Name2014-03-27 19:14 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys2014-03-27 19:14 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys2014-03-27 19:14 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys2014-03-27 19:11 - 2014-03-27 19:11 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia2014-03-27 19:11 - 2014-03-27 19:11 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia2014-03-27 19:04 - 2014-03-27 19:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-03-27 03:59 - 2014-03-27 03:59 - 00001515 _____ () C:\Users\adam\AppData\Roaming\SAS7_000.DAT2014-03-27 03:43 - 2014-03-27 03:43 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Nuance2014-03-27 03:09 - 2014-03-27 03:09 - 00000000 ____D () C:\ProgramData\Nuance2014-03-27 03:09 - 2014-03-27 03:09 - 00000000 ____D () C:\ProgramData\Macrovision2014-03-27 03:09 - 2014-03-27 03:09 - 00000000 ____D () C:\ProgramData\FLEXnet2014-03-27 03:05 - 2014-03-27 03:05 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Namecoin2014-03-27 03:04 - 2014-03-27 03:05 - 00000000 ____D () C:\namecoin2014-03-27 02:06 - 2014-04-15 04:37 - 00000000 ____D () C:\Windows\SysWOW64\apigidsys2014-03-27 02:06 - 2014-03-27 02:06 - 00000000 ____D () C:\Windows\msagent2014-03-27 02:06 - 2014-03-27 02:06 - 00000000 ____D () C:\Program Files (x86)\Zabaware2014-03-27 02:04 - 2014-03-27 02:04 - 00000000 ____D () C:\Windows\lhsp2014-03-27 02:04 - 2014-03-27 02:04 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haptek Player2014-03-27 02:04 - 2014-03-27 02:04 - 00000000 ____D () C:\Program Files (x86)\Haptek2014-03-27 02:04 - 2003-02-20 10:59 - 00413696 _____ (Haptek Inc) C:\Windows\SysWOW64\hapapi2.dll2014-03-26 23:29 - 2014-03-26 23:29 - 00000000 ____D () C:\Users\adam\AppData\Roaming\FLEXnet2014-03-20 13:56 - 2014-04-15 05:42 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Malwarebytes2014-03-20 13:55 - 2014-04-15 05:42 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-03-20 13:55 - 2014-04-15 05:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-03-20 13:55 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-03-19 10:28 - 2014-03-19 10:28 - 00000000 ____D () C:\Users\adam\Documents\My MQ Workspaces2014-03-19 10:01 - 2014-03-19 10:01 - 00000000 ____D () C:\Users\adam\Documents\My MQ Time Sales2014-03-19 06:28 - 2014-03-19 06:28 - 00000000 ____D () C:\Users\adam\.jstock2014-03-19 06:27 - 2014-03-19 06:29 - 00000780 _____ () C:\Users\adam\AppData\Roaming\Stock Meter_Settings.ini2014-03-19 06:26 - 2014-03-19 06:26 - 00000000 ____D () C:\Program Files (x86)\JStock2014-03-19 02:23 - 2014-03-21 10:45 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys ==================== One Month Modified Files and Folders ======= 2014-04-17 20:57 - 2014-04-17 20:56 - 00020862 _____ () C:\Users\adam\Downloads\FRST.txt2014-04-17 20:57 - 2014-04-15 05:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-04-17 20:56 - 2014-04-17 20:56 - 02158592 _____ (Farbar) C:\Users\adam\Downloads\FRST64.exe2014-04-17 20:56 - 2014-04-17 20:56 - 00000000 ____D () C:\FRST2014-04-17 20:56 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI2014-04-17 20:52 - 2014-01-31 01:21 - 00000500 _____ () C:\Windows\system32\Drivers\etc\hosts.ics2014-04-17 20:51 - 2014-04-17 02:23 - 00000000 ____D () C:\ProgramData\boost_interprocess2014-04-17 20:50 - 2014-04-17 00:31 - 00001120 _____ () C:\Windows\setupact.log2014-04-17 20:48 - 2014-03-14 21:50 - 00000000 ___RD () C:\Users\adam\Google Drive2014-04-17 20:46 - 2014-04-17 00:31 - 00001976 _____ () C:\Windows\PFRO.log2014-04-17 20:46 - 2014-01-06 08:49 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-04-17 20:46 - 2014-01-06 08:42 - 00000000 ____D () C:\ProgramData\NVIDIA2014-04-17 20:46 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-04-17 20:45 - 2014-01-06 10:22 - 01216208 _____ () C:\Windows\WindowsUpdate.log2014-04-17 20:44 - 2014-01-06 07:57 - 00000000 ____D () C:\Program Files (x86)\ASUS2014-04-17 20:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-04-17 20:24 - 2014-01-06 08:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-04-17 20:16 - 2014-02-27 06:11 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Bitcoin2014-04-17 20:15 - 2014-04-17 20:14 - 00000243 _____ () C:\Users\adam\Downloads\namecoin.reg2014-04-17 20:12 - 2014-04-06 20:00 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3499009517-249378216-1369760778-1000Core.job2014-04-17 20:05 - 2014-04-06 20:00 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3499009517-249378216-1369760778-1000UA.job2014-04-17 15:01 - 2014-01-06 04:37 - 00000000 ____D () C:\.Trashes2014-04-17 15:01 - 2014-01-06 04:37 - 00000000 ____D () C:\.fseventsd2014-04-17 04:56 - 2014-04-17 04:56 - 00000000 ___SD () C:\ComboFix2014-04-17 04:56 - 2014-04-17 04:56 - 00000000 ____D () C:\Windows\erdnt2014-04-17 04:56 - 2014-04-17 04:56 - 00000000 ____D () C:\Qoobox2014-04-17 04:55 - 2014-04-17 04:55 - 00002798 _____ () C:\Users\adam\Desktop\RKreport[0]_S_04172014_045539.txt2014-04-17 04:55 - 2014-04-17 04:49 - 00000000 ____D () C:\Users\adam\Desktop\RK_Quarantine2014-04-17 04:53 - 2014-04-17 04:53 - 00000960 _____ () C:\Users\adam\Desktop\RKreport[0]_S_04172014_045322.txt2014-04-17 02:19 - 2014-04-17 02:15 - 00000000 ____D () C:\AdwCleaner2014-04-17 02:03 - 2014-04-17 02:03 - 00050477 _____ () C:\Users\adam\Downloads\Defogger.exe2014-04-17 02:03 - 2014-04-17 02:03 - 00000728 _____ () C:\Users\adam\Downloads\defogger_disable.log2014-04-17 02:03 - 2014-04-17 02:03 - 00000380 _____ () C:\Users\adam\defogger_reenable2014-04-17 02:03 - 2014-01-06 07:38 - 00000000 ____D () C:\Users\adam2014-04-17 00:31 - 2014-04-17 00:31 - 00000000 _____ () C:\Windows\setuperr.log2014-04-17 00:31 - 2014-02-14 10:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-04-17 00:28 - 2009-07-14 00:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-04-17 00:28 - 2009-07-14 00:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-04-17 00:26 - 2014-01-14 17:50 - 00000000 ____D () C:\Windows\system32\appmgmt2014-04-17 00:24 - 2014-04-15 19:33 - 00000000 ____D () C:\Users\adam\AppData\Roaming\PyBitmessage2014-04-17 00:13 - 2014-04-17 00:13 - 00001377 _____ () C:\Users\Public\Desktop\FolderSizes 7.lnk2014-04-17 00:13 - 2014-04-17 00:13 - 00000000 ____D () C:\ProgramData\Key Metric Software2014-04-17 00:13 - 2014-04-17 00:13 - 00000000 ____D () C:\ProgramData\2003-05.com.keymetricsoft2014-04-17 00:13 - 2014-04-17 00:13 - 00000000 ____D () C:\Program Files\Key Metric Software2014-04-17 00:12 - 2014-04-17 00:12 - 16964872 _____ (Key Metric Software) C:\Users\adam\Downloads\fs7-setup.exe2014-04-17 00:12 - 2014-04-17 00:12 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Key Metric Software2014-04-17 00:09 - 2014-04-17 00:00 - 00000000 ___RD () C:\Users\adam\Desktop\Former Desktop Items2014-04-17 00:08 - 2014-02-14 10:44 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-04-17 00:08 - 2014-01-14 02:09 - 00002964 _____ () C:\Windows\System32\Tasks\{892370A8-F135-454F-958C-BA9F2358C4EE}2014-04-17 00:07 - 2014-04-17 00:07 - 00656118 _____ () C:\Users\adam\Documents\cc_20140417_000658.reg2014-04-17 00:07 - 2014-04-17 00:07 - 00000000 ____D () C:\Windows\pss2014-04-17 00:06 - 2014-03-29 18:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-04-17 00:06 - 2014-01-09 18:39 - 00000000 ____D () C:\Users\adam\AppData\Roaming\uTorrent2014-04-17 00:06 - 2014-01-06 10:19 - 00000000 ____D () C:\Windows\Panther2014-04-17 00:06 - 2014-01-06 08:08 - 00000000 ____D () C:\Users\adam\AppData\Roaming\DAEMON Tools Pro2014-04-17 00:05 - 2014-04-17 00:05 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-04-17 00:05 - 2014-04-17 00:05 - 00000000 ____D () C:\Program Files\CCleaner2014-04-17 00:01 - 2014-02-11 03:12 - 00000000 ____D () C:\Users\adam\AppData\Roaming\tixati2014-04-16 23:54 - 2014-01-06 07:40 - 00000000 ___RD () C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-04-16 23:52 - 2014-04-16 23:52 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core2014-04-16 23:52 - 2014-04-16 23:52 - 00000000 ____D () C:\Program Files\Bitcoin2014-04-16 12:03 - 2014-04-16 12:01 - 00000000 ____D () C:\Users\adam\Documents\Tencent Files2014-04-16 12:01 - 2014-04-16 12:01 - 00000000 ____D () C:\Users\Public\Documents\Tencent2014-04-16 05:22 - 2014-04-16 05:18 - 00000000 ____D () C:\dimg2014-04-16 05:18 - 2014-04-16 05:18 - 00000000 ____D () C:\Program Files (x86)\ImageWriter2014-04-16 05:07 - 2014-04-16 05:07 - 00000000 ____D () C:\Users\adam\AppData\Roaming\BaiduYunGuanjia2014-04-15 20:26 - 2014-04-15 20:22 - 00000000 ____D () C:\Bitmessage2014-04-15 17:50 - 2014-03-15 21:08 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Dogecoin2014-04-15 05:46 - 2014-04-15 05:39 - 00000000 ____D () C:\cpuminer2014-04-15 05:42 - 2014-04-15 05:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-15 05:42 - 2014-03-20 13:56 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Malwarebytes2014-04-15 05:42 - 2014-03-20 13:55 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-04-15 05:42 - 2014-03-20 13:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-04-15 05:35 - 2014-04-15 05:35 - 00000121 _____ () C:\cudaminer.bat2014-04-15 05:27 - 2014-04-15 05:27 - 00000000 ____D () C:\cudaminer2014-04-15 05:24 - 2014-04-15 05:24 - 00000000 ____D () C:\mining2014-04-15 04:37 - 2014-03-27 02:06 - 00000000 ____D () C:\Windows\SysWOW64\apigidsys2014-04-14 01:36 - 2014-02-23 21:21 - 00000600 _____ () C:\Users\adam\AppData\Roaming\winscp.rnd2014-04-14 01:08 - 2014-01-06 08:30 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Adobe2014-04-10 20:29 - 2014-04-10 20:29 - 00000000 ___RD () C:\Users\adam\AppData\Roaming\Brother2014-04-10 10:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-04-10 03:02 - 2014-01-06 22:42 - 00000000 ____D () C:\Windows\system32\MRT2014-04-10 03:00 - 2014-01-06 22:42 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-04-06 20:01 - 2014-04-06 20:01 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary2014-04-06 20:00 - 2014-04-06 20:00 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3499009517-249378216-1369760778-1000UA2014-04-06 20:00 - 2014-04-06 20:00 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3499009517-249378216-1369760778-1000Core2014-04-06 18:46 - 2014-04-06 18:46 - 00000000 ____D () C:\ProgramData\PMB Files2014-04-06 18:46 - 2014-04-06 18:46 - 00000000 ____D () C:\Program Files (x86)\Pando Networks2014-04-06 18:46 - 2014-04-06 18:45 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Riot Games2014-04-03 09:51 - 2014-04-15 05:42 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-04-03 09:51 - 2014-04-15 05:42 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-04-03 09:50 - 2014-03-20 13:55 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-04-02 17:49 - 2014-01-11 02:17 - 00000000 ____D () C:\Program Files (x86)\TorGuard2014-03-31 16:19 - 2014-01-06 08:49 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-31 16:19 - 2014-01-06 08:49 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-31 16:08 - 2009-07-14 00:45 - 04924344 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-30 21:16 - 2014-04-09 14:36 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-30 21:13 - 2014-04-09 14:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-30 20:13 - 2014-04-09 14:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-03-30 19:57 - 2014-04-09 14:36 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-03-29 18:39 - 2014-03-29 18:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy2014-03-28 03:44 - 2014-01-24 20:47 - 00000000 ____D () C:\Program Files (x86)\Brother2014-03-27 20:01 - 2014-03-27 20:01 - 00000000 ____D () C:\Users\adam\Documents\Fragments2014-03-27 19:59 - 2014-03-27 19:58 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe2014-03-27 19:51 - 2014-01-25 03:15 - 00000000 ____D () C:\ProgramData\Adobe2014-03-27 19:47 - 2014-03-27 19:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-03-27 19:40 - 2014-03-27 19:40 - 00000000 ____D () C:\Program Files\Adobe2014-03-27 19:38 - 2014-03-27 19:38 - 00000000 ____D () C:\ProgramData\ALM2014-03-27 19:36 - 2014-01-25 03:15 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-03-27 19:29 - 2014-03-27 19:29 - 00000000 ____D () C:\Users\adam\Adobe Flash Builder 4.62014-03-27 19:14 - 2014-03-27 19:14 - 00000000 ____D () C:\Program Files (x86)\My Company Name2014-03-27 19:11 - 2014-03-27 19:11 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia2014-03-27 19:11 - 2014-03-27 19:11 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia2014-03-27 03:59 - 2014-03-27 03:59 - 00001515 _____ () C:\Users\adam\AppData\Roaming\SAS7_000.DAT2014-03-27 03:43 - 2014-03-27 03:43 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Nuance2014-03-27 03:09 - 2014-03-27 03:09 - 00000000 ____D () C:\ProgramData\Nuance2014-03-27 03:09 - 2014-03-27 03:09 - 00000000 ____D () C:\ProgramData\Macrovision2014-03-27 03:09 - 2014-03-27 03:09 - 00000000 ____D () C:\ProgramData\FLEXnet2014-03-27 03:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Speech2014-03-27 03:05 - 2014-03-27 03:05 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Namecoin2014-03-27 03:05 - 2014-03-27 03:04 - 00000000 ____D () C:\namecoin2014-03-27 02:06 - 2014-03-27 02:06 - 00000000 ____D () C:\Windows\msagent2014-03-27 02:06 - 2014-03-27 02:06 - 00000000 ____D () C:\Program Files (x86)\Zabaware2014-03-27 02:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help2014-03-27 02:04 - 2014-03-27 02:04 - 00000000 ____D () C:\Windows\lhsp2014-03-27 02:04 - 2014-03-27 02:04 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haptek Player2014-03-27 02:04 - 2014-03-27 02:04 - 00000000 ____D () C:\Program Files (x86)\Haptek2014-03-26 23:29 - 2014-03-26 23:29 - 00000000 ____D () C:\Users\adam\AppData\Roaming\FLEXnet2014-03-26 23:29 - 2014-01-24 22:02 - 00000000 _____ () C:\ProgramData\Gpu.log2014-03-21 10:45 - 2014-03-19 02:23 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys2014-03-19 10:28 - 2014-03-19 10:28 - 00000000 ____D () C:\Users\adam\Documents\My MQ Workspaces2014-03-19 10:01 - 2014-03-19 10:01 - 00000000 ____D () C:\Users\adam\Documents\My MQ Time Sales2014-03-19 06:29 - 2014-03-19 06:27 - 00000780 _____ () C:\Users\adam\AppData\Roaming\Stock Meter_Settings.ini2014-03-19 06:28 - 2014-03-19 06:28 - 00000000 ____D () C:\Users\adam\.jstock2014-03-19 06:26 - 2014-03-19 06:26 - 00000000 ____D () C:\Program Files (x86)\JStock2014-03-19 02:24 - 2014-01-06 08:28 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-09 00:14 ==================== End Of Log ============================
  2. Hello, I am a pro user.. and lately I have been getting notifications from Malwarebytes saying a malicious website has been blocked. It pops up and shows an IP address. This can happen randomly at anytime. The IP also usually is the same most of the time then changes about once a day. I have scanned and found nothing. Any help?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.