Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-04-2014
- Ran by PC (administrator) on XEGANTHY on 30-04-2014 19:40:26
- Running from C:\Users\PC\Documents
- Microsoft Windows 7 Ultimate (X86) OS Language: English(US)
- Internet Explorer Version 8
- Boot Mode: Normal
- The only official download link for FRST:
- Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
- Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
- Download link from any site other than Bleeping Computer is unpermitted or outdated.
- See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
- (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
- () C:\Program Files\Garena Plus\ggdllhost.exe
- (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
- (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
- () C:\Program Files\Garena Plus\GarenaMessenger.exe
- (AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
- (Microsoft Corporation) C:\Windows\System32\wscript.exe
- (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
- (BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
- (Valve Corporation) C:\Program Files\Steam\Steam.exe
- (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
- (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
- (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
- (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
- ==================== Registry (Whitelisted) ==================
- HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1202560 2011-07-05] (cFos Software GmbH)
- HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software)
- HKLM\...\Run: [kpcgrhynko] => wscript.exe //B "C:\Users\PC\AppData\Roaming\kpcgrhynko..vbs" <===== ATTENTION
- HKLM\...\Runonce: [] - [X]
- HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
- HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
- HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [ASRockXTU] => [X]
- HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [zASRockInstantBoot] => [X]
- HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation)
- HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [uTorrent] => C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-04-29] (BitTorrent Inc.)
- HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [9899312 2014-02-26] ()
- HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-25] (AMD)
- HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [kpcgrhynko] => wscript.exe //B "C:\Users\PC\AppData\Roaming\kpcgrhynko..vbs" <===== ATTENTION
- HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Winlogon: [Shell] explorer.exe [2613248 2013-07-27] (Microsoft Corporation) <==== ATTENTION
- Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs ()
- ==================== Internet (Whitelisted) ====================
- HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
- HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7B14524E08FDCD01
- HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
- SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
- SearchScopes: HKCU - {AE722643-A0F7-4402-9427-711BFAF3942E} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
- BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
- BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
- BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
- BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
- Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
- Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
- Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
- Tcpip\..\Interfaces\{D51333AA-8FC5-40B3-8C56-28DB2F10FBD9}: [NameServer]8.8.8.8
- FireFox:
- ========
- FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default
- FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
- FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
- FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
- FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
- FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
- FF Plugin: @t.garena.com/garenatalk - C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
- FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
- FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
- FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
- FF Plugin: @wacom.com/wtPlugin,version=2.0.0.4 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
- FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
- FF Plugin HKCU: @g2.com/iggweb3dupdater - C:\Users\PC\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
- FF Plugin HKCU: @g2.com/joyconnectshell - C:\Users\PC\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
- FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
- FF Extension: FT DeepDark - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-02-22]
- FF Extension: YouTube Center - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-10-27]
- FF Extension: Reddit Enhancement Suite - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-04-29]
- FF Extension: Stratiform - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\Stratiform@SoapySpew.xpi [2013-09-15]
- FF Extension: Adblock Plus - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-15]
- FF Extension: Greasemonkey - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-15]
- FF Extension: Theme Font & Size Changer - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2013-11-30]
- FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
- FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-17]
- Chrome:
- =======
- CHR DefaultSearchKeyword: google.com.ph
- CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
- CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
- CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
- CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
- CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
- CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
- CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
- CHR Plugin: (Garena Talk Plugin) - C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
- CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
- CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
- CHR Plugin: (IGG Web3D Updater NP Plugin for Mozilla) - C:\Users\PC\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
- CHR Plugin: (JoyConnectShell NP Plugin for Mozilla) - C:\Users\PC\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
- CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
- CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-08]
- CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-08]
- CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-08]
- CHR Extension: (Adblock Plus) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-08-10]
- CHR Extension: (Google Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-08]
- CHR Extension: (Ghostery) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-08-15]
- CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-08]
- CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-02-17]
- ========================== Services (Whitelisted) =================
- S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-10-08] (Advanced Micro Devices, Inc.)
- R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
- R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [359808 2011-07-05] (cFos Software GmbH)
- S4 KMService; C:\Windows\system32\srvany.exe [8192 2013-06-26] ()
- S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-14] ()
- S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2013-07-03] ()
- S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
- S4 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [6321016 2012-01-23] (Wacom Technology, Corp.)
- S4 TouchServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [470904 2012-01-23] (Wacom Technology, Corp.)
- ==================== Drivers (Whitelisted) ====================
- R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
- R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-11] (Windows (R) Win 7 DDK provider)
- R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software)
- R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-31] (AVAST Software)
- R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-10-15] (AVAST Software)
- R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software)
- R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software)
- R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software)
- R1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1180032 2011-07-05] (cFos Software GmbH)
- S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2012-12-13] (Windows (R) Win 7 DDK provider)
- R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
- R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [45056 2011-08-25] (Etron Technology Inc)
- R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [64896 2011-08-25] (Etron Technology Inc)
- R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-30] (Malwarebytes Corporation)
- R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
- R3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
- S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
- S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
- S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]
- ==================== NetSvcs (Whitelisted) ===================
- ==================== One Month Created Files and Folders ========
- 2014-04-30 19:40 - 2014-04-30 19:40 - 00014173 _____ () C:\Users\PC\Documents\FRST.txt
- 2014-04-30 19:40 - 2014-04-30 19:40 - 00000000 ____D () C:\FRST
- 2014-04-30 19:36 - 2014-04-30 19:36 - 00007919 _____ () C:\UsbFix [Listing 1] XEGANTHY.txt
- 2014-04-30 19:36 - 2014-04-30 19:36 - 00001448 _____ () C:\Users\PC\Desktop\UsbFix.lnk
- 2014-04-30 19:27 - 2014-04-30 19:27 - 00000000 ____D () C:\Users\PC\Documents\fixes
- 2014-04-30 19:23 - 2014-04-30 19:23 - 01052160 _____ (Farbar) C:\Users\PC\Documents\FRST.exe
- 2014-04-30 19:22 - 2014-04-30 19:36 - 00000000 ____D () C:\UsbFix
- 2014-04-30 19:22 - 2014-04-30 19:27 - 00008074 _____ () C:\UsbFix [Scan 1] XEGANTHY.txt
- 2014-04-30 19:16 - 2014-04-30 19:16 - 00655360 _____ () C:\Users\PC\Documents\MicrosoftFixit50471.msi
- 2014-04-30 19:13 - 2014-04-30 19:14 - 03006996 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\PC\Documents\UsbFix.exe
- 2014-04-29 16:36 - 2013-08-17 23:16 - 00167773 ___SH () C:\Users\PC\AppData\Roaming\kpcgrhynko..vbs
- 2014-04-27 07:18 - 2014-04-28 10:46 - 256326537 ____R () C:\Users\PC\Downloads\[DeadFish] Fairy Tail (2014) - 04 [720p][AAC].mp4
- 2014-04-27 01:28 - 2014-04-30 00:06 - 236983739 ____R () C:\Users\PC\Downloads\[DeadFish] Akuma no Riddle - 04 [720p][AAC].mp4
- 2014-04-25 10:56 - 2014-04-25 10:56 - 00208496 _____ () C:\Windows\Minidump\042514-15678-01.dmp
- 2014-04-24 20:31 - 2014-04-24 20:31 - 00000012 _____ () C:\Users\PC\Documents\moose.txt
- 2014-04-24 16:04 - 2014-04-24 16:04 - 00000018 _____ () C:\Windows\cmm.dat
- 2014-04-24 11:44 - 2014-04-24 11:44 - 00000000 ____D () C:\Windows\CleanMem
- 2014-04-24 11:44 - 2014-04-24 11:44 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanMem
- 2014-04-24 11:44 - 2014-04-24 11:44 - 00000000 ____D () C:\Program Files\CleanMem
- 2014-04-24 11:44 - 2012-09-21 06:27 - 00061440 _____ (PcWinTech.com) C:\Windows\system32\CleanMem.exe
- 2014-04-24 11:44 - 2012-06-27 02:40 - 00000187 _____ () C:\Windows\system32\CleanMem.ini
- 2014-04-24 11:44 - 2009-02-22 14:53 - 00000565 _____ () C:\Windows\system32\CleanMem.exe.manifest
- 2014-04-23 21:36 - 2014-04-23 21:36 - 00000193 _____ () C:\Windows\WORDPAD.INI
- 2014-04-21 02:08 - 2014-04-21 02:08 - 00144400 _____ () C:\Windows\Minidump\042114-17175-01.dmp
- 2014-04-19 11:46 - 2014-04-19 11:47 - 06974773 _____ () C:\Users\PC\Documents\WBPG - Basics and Installers Intro pdf-35230-8-3.7z
- 2014-04-19 11:41 - 2014-04-30 19:39 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
- 2014-04-19 11:40 - 2014-04-19 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
- 2014-04-19 11:40 - 2014-04-19 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
- 2014-04-19 11:40 - 2014-04-19 11:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
- 2014-04-19 11:40 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
- 2014-04-19 11:40 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
- 2014-04-19 11:40 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
- 2014-04-15 16:03 - 2014-04-15 16:03 - 00144400 _____ () C:\Windows\Minidump\041514-16926-01.dmp
- 2014-04-14 20:42 - 2014-04-14 20:43 - 04182000 _____ (Black Tree Gaming ) C:\Users\PC\Documents\Nexus Mod Manager-0.49.2.exe
- 2014-04-14 09:58 - 2014-04-14 09:58 - 00182736 _____ () C:\Windows\Minidump\041414-26676-01.dmp
- 2014-04-14 09:20 - 2014-04-14 09:20 - 00266051 _____ () C:\Users\PC\Downloads\skse_1_06_16_installer.exe
- 2014-04-14 08:45 - 2014-04-14 08:48 - 12352845 _____ (BOSS Development Team) C:\Users\PC\Downloads\BOSS.Installer.exe
- 2014-04-14 02:21 - 2014-04-14 02:23 - 04182344 _____ (Black Tree Gaming ) C:\Users\PC\Documents\Nexus Mod Manager-0.49.3.exe
- 2014-04-13 13:38 - 2014-04-13 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Goat Simulator
- 2014-04-13 13:38 - 2014-04-13 13:38 - 00000000 ____D () C:\Program Files\Goat Simulator
- 2014-04-13 02:10 - 2014-04-13 02:17 - 00000000 ____D () C:\Users\PC\Downloads\Goat Simulator
- 2014-04-07 04:17 - 2014-04-07 04:17 - 00144400 _____ () C:\Windows\Minidump\040714-27034-01.dmp
- 2014-04-04 18:45 - 2013-07-14 16:47 - 00000088 _____ () C:\Program Files\update-CIV5.bat
- 2014-04-04 18:45 - 2012-06-15 18:24 - 00003153 _____ () C:\Program Files\visit-www.nosteam.ro.html
- 2014-04-04 18:36 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files\Civilization V
- 2014-04-04 18:27 - 2014-04-04 18:30 - 00000000 ____D () C:\Civilization V + DLC + Expansions PC MULTi-6 ^^nosTEAM^^
- 2014-04-03 22:33 - 2014-04-03 22:33 - 00144400 _____ () C:\Windows\Minidump\040314-13275-01.dmp
- ==================== One Month Modified Files and Folders =======
- 2014-04-30 19:40 - 2014-04-30 19:40 - 00014173 _____ () C:\Users\PC\Documents\FRST.txt
- 2014-04-30 19:40 - 2014-04-30 19:40 - 00000000 ____D () C:\FRST
- 2014-04-30 19:40 - 2013-01-28 11:17 - 00000000 ____D () C:\Users\PC\AppData\Roaming\uTorrent
- 2014-04-30 19:39 - 2014-04-19 11:41 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
- 2014-04-30 19:36 - 2014-04-30 19:36 - 00007919 _____ () C:\UsbFix [Listing 1] XEGANTHY.txt
- 2014-04-30 19:36 - 2014-04-30 19:36 - 00001448 _____ () C:\Users\PC\Desktop\UsbFix.lnk
- 2014-04-30 19:36 - 2014-04-30 19:22 - 00000000 ____D () C:\UsbFix
- 2014-04-30 19:27 - 2014-04-30 19:27 - 00000000 ____D () C:\Users\PC\Documents\fixes
- 2014-04-30 19:27 - 2014-04-30 19:22 - 00008074 _____ () C:\UsbFix [Scan 1] XEGANTHY.txt
- 2014-04-30 19:26 - 2009-07-14 12:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2014-04-30 19:26 - 2009-07-14 12:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2014-04-30 19:23 - 2014-04-30 19:23 - 01052160 _____ (Farbar) C:\Users\PC\Documents\FRST.exe
- 2014-04-30 19:23 - 2013-01-28 11:17 - 00010414 _____ () C:\Windows\system32\PerfStringBackup.INI
- 2014-04-30 19:22 - 2013-02-09 22:15 - 00000000 ____D () C:\Users\PC\AppData\Roaming\GarenaPlus
- 2014-04-30 19:22 - 2013-02-09 21:52 - 00000000 ____D () C:\ProgramData\GarenaMessenger
- 2014-04-30 19:20 - 2013-01-28 00:46 - 00000000 ____D () C:\Program Files\Steam
- 2014-04-30 19:19 - 2013-05-28 08:58 - 00089618 _____ () C:\Windows\setupact.log
- 2014-04-30 19:19 - 2009-07-14 12:53 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
- 2014-04-30 19:19 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
- 2014-04-30 19:16 - 2014-04-30 19:16 - 00655360 _____ () C:\Users\PC\Documents\MicrosoftFixit50471.msi
- 2014-04-30 19:14 - 2014-04-30 19:13 - 03006996 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\PC\Documents\UsbFix.exe
- 2014-04-30 15:20 - 2013-06-10 18:50 - 00000000 ____D () C:\Program Files\The Elder Scrolls V Skyrim
- 2014-04-30 15:20 - 2013-05-31 14:46 - 00000000 ____D () C:\Users\PC\AppData\Local\Skyrim
- 2014-04-30 00:06 - 2014-04-27 01:28 - 236983739 ____R () C:\Users\PC\Downloads\[DeadFish] Akuma no Riddle - 04 [720p][AAC].mp4
- 2014-04-29 16:03 - 2013-01-28 00:46 - 00000000 ____D () C:\Program Files\Common Files\Steam
- 2014-04-29 09:44 - 2013-03-26 12:43 - 00000000 ____D () C:\Users\PC\AppData\Roaming\foobar2000
- 2014-04-28 11:18 - 2013-01-28 14:21 - 00000000 ____D () C:\Users\PC\AppData\Local\CrashDumps
- 2014-04-28 10:46 - 2014-04-27 07:18 - 256326537 ____R () C:\Users\PC\Downloads\[DeadFish] Fairy Tail (2014) - 04 [720p][AAC].mp4
- 2014-04-25 10:56 - 2014-04-25 10:56 - 00208496 _____ () C:\Windows\Minidump\042514-15678-01.dmp
- 2014-04-25 10:56 - 2013-10-06 14:04 - 00000000 ____D () C:\Windows\Minidump
- 2014-04-24 20:31 - 2014-04-24 20:31 - 00000012 _____ () C:\Users\PC\Documents\moose.txt
- 2014-04-24 16:04 - 2014-04-24 16:04 - 00000018 _____ () C:\Windows\cmm.dat
- 2014-04-24 11:44 - 2014-04-24 11:44 - 00000000 ____D () C:\Windows\CleanMem
- 2014-04-24 11:44 - 2014-04-24 11:44 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanMem
- 2014-04-24 11:44 - 2014-04-24 11:44 - 00000000 ____D () C:\Program Files\CleanMem
- 2014-04-23 21:36 - 2014-04-23 21:36 - 00000193 _____ () C:\Windows\WORDPAD.INI
- 2014-04-22 07:10 - 2013-06-01 17:30 - 00000000 ____D () C:\Users\PC\Documents\Nexus Mod Manager
- 2014-04-21 02:08 - 2014-04-21 02:08 - 00144400 _____ () C:\Windows\Minidump\042114-17175-01.dmp
- 2014-04-19 11:49 - 2013-08-05 05:54 - 00106966 _____ () C:\Windows\PFRO.log
- 2014-04-19 11:49 - 2013-01-29 18:24 - 00000000 ____D () C:\Windows\W7SBC
- 2014-04-19 11:47 - 2014-04-19 11:46 - 06974773 _____ () C:\Users\PC\Documents\WBPG - Basics and Installers Intro pdf-35230-8-3.7z
- 2014-04-19 11:40 - 2014-04-19 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
- 2014-04-19 11:40 - 2014-04-19 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
- 2014-04-19 11:40 - 2014-04-19 11:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
- 2014-04-18 01:49 - 2013-08-11 01:28 - 00016574 _____ () C:\Windows\WindowsUpdate.log
- 2014-04-16 19:19 - 2013-02-09 21:52 - 00000000 ____D () C:\Program Files\Garena Plus
- 2014-04-16 19:08 - 2014-04-04 18:36 - 00000000 ____D () C:\Program Files\Civilization V
- 2014-04-15 16:03 - 2014-04-15 16:03 - 00144400 _____ () C:\Windows\Minidump\041514-16926-01.dmp
- 2014-04-14 20:45 - 2013-06-01 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
- 2014-04-14 20:45 - 2013-06-01 17:29 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
- 2014-04-14 20:43 - 2014-04-14 20:42 - 04182000 _____ (Black Tree Gaming ) C:\Users\PC\Documents\Nexus Mod Manager-0.49.2.exe
- 2014-04-14 09:58 - 2014-04-14 09:58 - 00182736 _____ () C:\Windows\Minidump\041414-26676-01.dmp
- 2014-04-14 09:20 - 2014-04-14 09:20 - 00266051 _____ () C:\Users\PC\Downloads\skse_1_06_16_installer.exe
- 2014-04-14 08:50 - 2013-12-01 00:10 - 00000000 ____D () C:\ProgramData\Package Cache
- 2014-04-14 08:50 - 2013-06-02 17:48 - 00000000 ____D () C:\BOSS
- 2014-04-14 08:48 - 2014-04-14 08:45 - 12352845 _____ (BOSS Development Team) C:\Users\PC\Downloads\BOSS.Installer.exe
- 2014-04-14 02:23 - 2014-04-14 02:21 - 04182344 _____ (Black Tree Gaming ) C:\Users\PC\Documents\Nexus Mod Manager-0.49.3.exe
- 2014-04-13 13:40 - 2013-04-05 01:23 - 00000000 ____D () C:\Users\PC\Documents\My Games
- 2014-04-13 13:38 - 2014-04-13 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Goat Simulator
- 2014-04-13 13:38 - 2014-04-13 13:38 - 00000000 ____D () C:\Program Files\Goat Simulator
- 2014-04-13 02:17 - 2014-04-13 02:10 - 00000000 ____D () C:\Users\PC\Downloads\Goat Simulator
- 2014-04-07 04:17 - 2014-04-07 04:17 - 00144400 _____ () C:\Windows\Minidump\040714-27034-01.dmp
- 2014-04-04 18:30 - 2014-04-04 18:27 - 00000000 ____D () C:\Civilization V + DLC + Expansions PC MULTi-6 ^^nosTEAM^^
- 2014-04-03 22:33 - 2014-04-03 22:33 - 00144400 _____ () C:\Windows\Minidump\040314-13275-01.dmp
- 2014-04-03 09:51 - 2014-04-19 11:40 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
- 2014-04-03 09:51 - 2014-04-19 11:40 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
- 2014-04-03 09:50 - 2014-04-19 11:40 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
- 2014-04-01 14:07 - 2013-04-05 01:09 - 00000000 ____D () C:\Program Files\2K Games
- 2014-04-01 03:18 - 2013-04-09 18:36 - 00000000 ____D () C:\Users\PC\Documents\Guides
- Some content of TEMP:
- ====================
- C:\Users\PC\AppData\Local\Temp\13-9_win7_win8_32_dd_ccc_whql.exe
- C:\Users\PC\AppData\Local\Temp\drm_dialogs.dll
- C:\Users\PC\AppData\Local\Temp\drm_dyndata_7400006.dll
- C:\Users\PC\AppData\Local\Temp\fp_pl_pfs_installer.exe
- C:\Users\PC\AppData\Local\Temp\Nexus%20Mod%20Manager-0.44.16.exe
- C:\Users\PC\AppData\Local\Temp\PH305_patch_130322to130404.exe
- C:\Users\PC\AppData\Local\Temp\utt8528.tmp.exe
- ==================== Bamital & volsnap Check =================
- C:\Windows\explorer.exe
- [2013-01-29 18:24] - [2013-07-27 00:35] - 2613248 ____A (Microsoft Corporation) 7115E69EDDA7C647F3B60B659CE53020
- C:\Windows\system32\winlogon.exe => MD5 is legit
- C:\Windows\system32\wininit.exe => MD5 is legit
- C:\Windows\system32\svchost.exe => MD5 is legit
- C:\Windows\system32\services.exe => MD5 is legit
- C:\Windows\system32\User32.dll => MD5 is legit
- C:\Windows\system32\userinit.exe => MD5 is legit
- C:\Windows\system32\rpcss.dll => MD5 is legit
- C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
- LastRegBack: 2014-04-30 03:10
- ==================== End Of Log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement