API tools faq
paste
Advertisement
Guest User

FRST.txt

a guest
Apr 30th, 2014
375
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.46 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-04-2014
  2. Ran by PC (administrator) on XEGANTHY on 30-04-2014 19:40:26
  3. Running from C:\Users\PC\Documents
  4. Microsoft Windows 7 Ultimate (X86) OS Language: English(US)
  5. Internet Explorer Version 8
  6. Boot Mode: Normal
  7.  
  8. The only official download link for FRST:
  9. Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
  10. Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
  11. Download link from any site other than Bleeping Computer is unpermitted or outdated.
  12. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  13.  
  14. ==================== Processes (Whitelisted) =================
  15.  
  16. (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
  17. (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
  18. () C:\Program Files\Garena Plus\ggdllhost.exe
  19. (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
  20. (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
  21. () C:\Program Files\Garena Plus\GarenaMessenger.exe
  22. (AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
  23. (Microsoft Corporation) C:\Windows\System32\wscript.exe
  24. (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
  25. (BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
  26. (Valve Corporation) C:\Program Files\Steam\Steam.exe
  27. (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
  28. (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
  29. (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
  30. (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
  31.  
  32.  
  33. ==================== Registry (Whitelisted) ==================
  34.  
  35. HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1202560 2011-07-05] (cFos Software GmbH)
  36. HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software)
  37. HKLM\...\Run: [kpcgrhynko] => wscript.exe //B "C:\Users\PC\AppData\Roaming\kpcgrhynko..vbs" <===== ATTENTION
  38. HKLM\...\Runonce: [] - [X]
  39. HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
  40. HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
  41. HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [ASRockXTU] => [X]
  42. HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [zASRockInstantBoot] => [X]
  43. HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation)
  44. HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [uTorrent] => C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-04-29] (BitTorrent Inc.)
  45. HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [9899312 2014-02-26] ()
  46. HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-25] (AMD)
  47. HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Run: [kpcgrhynko] => wscript.exe //B "C:\Users\PC\AppData\Roaming\kpcgrhynko..vbs" <===== ATTENTION
  48. HKU\S-1-5-21-3038131283-417028895-3252822844-1000\...\Winlogon: [Shell] explorer.exe [2613248 2013-07-27] (Microsoft Corporation) <==== ATTENTION
  49. Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs ()
  50.  
  51. ==================== Internet (Whitelisted) ====================
  52.  
  53. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
  54. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7B14524E08FDCD01
  55. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
  56. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
  57. SearchScopes: HKCU - {AE722643-A0F7-4402-9427-711BFAF3942E} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
  58. BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
  59. BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
  60. BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
  61. BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
  62. Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
  63. Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
  64. Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
  65. Tcpip\..\Interfaces\{D51333AA-8FC5-40B3-8C56-28DB2F10FBD9}: [NameServer]8.8.8.8
  66.  
  67. FireFox:
  68. ========
  69. FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default
  70. FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
  71. FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
  72. FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
  73. FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  74. FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
  75. FF Plugin: @t.garena.com/garenatalk - C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
  76. FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
  77. FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
  78. FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
  79. FF Plugin: @wacom.com/wtPlugin,version=2.0.0.4 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
  80. FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
  81. FF Plugin HKCU: @g2.com/iggweb3dupdater - C:\Users\PC\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
  82. FF Plugin HKCU: @g2.com/joyconnectshell - C:\Users\PC\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
  83. FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
  84. FF Extension: FT DeepDark - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-02-22]
  85. FF Extension: YouTube Center - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-10-27]
  86. FF Extension: Reddit Enhancement Suite - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-04-29]
  87. FF Extension: Stratiform - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\Stratiform@SoapySpew.xpi [2013-09-15]
  88. FF Extension: Adblock Plus - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-15]
  89. FF Extension: Greasemonkey - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-15]
  90. FF Extension: Theme Font &amp; Size Changer - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ysz88hdl.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2013-11-30]
  91. FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
  92. FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-17]
  93.  
  94. Chrome:
  95. =======
  96. CHR DefaultSearchKeyword: google.com.ph
  97. CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
  98. CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
  99. CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
  100. CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
  101. CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
  102. CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  103. CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
  104. CHR Plugin: (Garena Talk Plugin) - C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
  105. CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
  106. CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
  107. CHR Plugin: (IGG Web3D Updater NP Plugin for Mozilla) - C:\Users\PC\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
  108. CHR Plugin: (JoyConnectShell NP Plugin for Mozilla) - C:\Users\PC\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
  109. CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
  110. CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-08]
  111. CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-08]
  112. CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-08]
  113. CHR Extension: (Adblock Plus) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-08-10]
  114. CHR Extension: (Google Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-08]
  115. CHR Extension: (Ghostery) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-08-15]
  116. CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-08]
  117. CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-02-17]
  118.  
  119. ========================== Services (Whitelisted) =================
  120.  
  121. S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-10-08] (Advanced Micro Devices, Inc.)
  122. R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
  123. R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [359808 2011-07-05] (cFos Software GmbH)
  124. S4 KMService; C:\Windows\system32\srvany.exe [8192 2013-06-26] ()
  125. S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-14] ()
  126. S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2013-07-03] ()
  127. S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
  128. S4 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [6321016 2012-01-23] (Wacom Technology, Corp.)
  129. S4 TouchServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [470904 2012-01-23] (Wacom Technology, Corp.)
  130.  
  131. ==================== Drivers (Whitelisted) ====================
  132.  
  133. R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
  134. R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-11] (Windows (R) Win 7 DDK provider)
  135. R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software)
  136. R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-31] (AVAST Software)
  137. R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-10-15] (AVAST Software)
  138. R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software)
  139. R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software)
  140. R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software)
  141. R1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1180032 2011-07-05] (cFos Software GmbH)
  142. S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2012-12-13] (Windows (R) Win 7 DDK provider)
  143. R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
  144. R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [45056 2011-08-25] (Etron Technology Inc)
  145. R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [64896 2011-08-25] (Etron Technology Inc)
  146. R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-30] (Malwarebytes Corporation)
  147. R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
  148. R3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
  149. S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
  150. S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
  151. S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]
  152.  
  153. ==================== NetSvcs (Whitelisted) ===================
  154.  
  155.  
  156. ==================== One Month Created Files and Folders ========
  157.  
  158. 2014-04-30 19:40 - 2014-04-30 19:40 - 00014173 _____ () C:\Users\PC\Documents\FRST.txt
  159. 2014-04-30 19:40 - 2014-04-30 19:40 - 00000000 ____D () C:\FRST
  160. 2014-04-30 19:36 - 2014-04-30 19:36 - 00007919 _____ () C:\UsbFix [Listing 1] XEGANTHY.txt
  161. 2014-04-30 19:36 - 2014-04-30 19:36 - 00001448 _____ () C:\Users\PC\Desktop\UsbFix.lnk
  162. 2014-04-30 19:27 - 2014-04-30 19:27 - 00000000 ____D () C:\Users\PC\Documents\fixes
  163. 2014-04-30 19:23 - 2014-04-30 19:23 - 01052160 _____ (Farbar) C:\Users\PC\Documents\FRST.exe
  164. 2014-04-30 19:22 - 2014-04-30 19:36 - 00000000 ____D () C:\UsbFix
  165. 2014-04-30 19:22 - 2014-04-30 19:27 - 00008074 _____ () C:\UsbFix [Scan 1] XEGANTHY.txt
  166. 2014-04-30 19:16 - 2014-04-30 19:16 - 00655360 _____ () C:\Users\PC\Documents\MicrosoftFixit50471.msi
  167. 2014-04-30 19:13 - 2014-04-30 19:14 - 03006996 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\PC\Documents\UsbFix.exe
  168. 2014-04-29 16:36 - 2013-08-17 23:16 - 00167773 ___SH () C:\Users\PC\AppData\Roaming\kpcgrhynko..vbs
  169. 2014-04-27 07:18 - 2014-04-28 10:46 - 256326537 ____R () C:\Users\PC\Downloads\[DeadFish] Fairy Tail (2014) - 04 [720p][AAC].mp4
  170. 2014-04-27 01:28 - 2014-04-30 00:06 - 236983739 ____R () C:\Users\PC\Downloads\[DeadFish] Akuma no Riddle - 04 [720p][AAC].mp4
  171. 2014-04-25 10:56 - 2014-04-25 10:56 - 00208496 _____ () C:\Windows\Minidump\042514-15678-01.dmp
  172. 2014-04-24 20:31 - 2014-04-24 20:31 - 00000012 _____ () C:\Users\PC\Documents\moose.txt
  173. 2014-04-24 16:04 - 2014-04-24 16:04 - 00000018 _____ () C:\Windows\cmm.dat
  174. 2014-04-24 11:44 - 2014-04-24 11:44 - 00000000 ____D () C:\Windows\CleanMem
  175. 2014-04-24 11:44 - 2014-04-24 11:44 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanMem
  176. 2014-04-24 11:44 - 2014-04-24 11:44 - 00000000 ____D () C:\Program Files\CleanMem
  177. 2014-04-24 11:44 - 2012-09-21 06:27 - 00061440 _____ (PcWinTech.com) C:\Windows\system32\CleanMem.exe
  178. 2014-04-24 11:44 - 2012-06-27 02:40 - 00000187 _____ () C:\Windows\system32\CleanMem.ini
  179. 2014-04-24 11:44 - 2009-02-22 14:53 - 00000565 _____ () C:\Windows\system32\CleanMem.exe.manifest
  180. 2014-04-23 21:36 - 2014-04-23 21:36 - 00000193 _____ () C:\Windows\WORDPAD.INI
  181. 2014-04-21 02:08 - 2014-04-21 02:08 - 00144400 _____ () C:\Windows\Minidump\042114-17175-01.dmp
  182. 2014-04-19 11:46 - 2014-04-19 11:47 - 06974773 _____ () C:\Users\PC\Documents\WBPG - Basics and Installers Intro pdf-35230-8-3.7z
  183. 2014-04-19 11:41 - 2014-04-30 19:39 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
  184. 2014-04-19 11:40 - 2014-04-19 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
  185. 2014-04-19 11:40 - 2014-04-19 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
  186. 2014-04-19 11:40 - 2014-04-19 11:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
  187. 2014-04-19 11:40 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
  188. 2014-04-19 11:40 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
  189. 2014-04-19 11:40 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
  190. 2014-04-15 16:03 - 2014-04-15 16:03 - 00144400 _____ () C:\Windows\Minidump\041514-16926-01.dmp
  191. 2014-04-14 20:42 - 2014-04-14 20:43 - 04182000 _____ (Black Tree Gaming ) C:\Users\PC\Documents\Nexus Mod Manager-0.49.2.exe
  192. 2014-04-14 09:58 - 2014-04-14 09:58 - 00182736 _____ () C:\Windows\Minidump\041414-26676-01.dmp
  193. 2014-04-14 09:20 - 2014-04-14 09:20 - 00266051 _____ () C:\Users\PC\Downloads\skse_1_06_16_installer.exe
  194. 2014-04-14 08:45 - 2014-04-14 08:48 - 12352845 _____ (BOSS Development Team) C:\Users\PC\Downloads\BOSS.Installer.exe
  195. 2014-04-14 02:21 - 2014-04-14 02:23 - 04182344 _____ (Black Tree Gaming ) C:\Users\PC\Documents\Nexus Mod Manager-0.49.3.exe
  196. 2014-04-13 13:38 - 2014-04-13 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Goat Simulator
  197. 2014-04-13 13:38 - 2014-04-13 13:38 - 00000000 ____D () C:\Program Files\Goat Simulator
  198. 2014-04-13 02:10 - 2014-04-13 02:17 - 00000000 ____D () C:\Users\PC\Downloads\Goat Simulator
  199. 2014-04-07 04:17 - 2014-04-07 04:17 - 00144400 _____ () C:\Windows\Minidump\040714-27034-01.dmp
  200. 2014-04-04 18:45 - 2013-07-14 16:47 - 00000088 _____ () C:\Program Files\update-CIV5.bat
  201. 2014-04-04 18:45 - 2012-06-15 18:24 - 00003153 _____ () C:\Program Files\visit-www.nosteam.ro.html
  202. 2014-04-04 18:36 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files\Civilization V
  203. 2014-04-04 18:27 - 2014-04-04 18:30 - 00000000 ____D () C:\Civilization V + DLC + Expansions PC MULTi-6 ^^nosTEAM^^
  204. 2014-04-03 22:33 - 2014-04-03 22:33 - 00144400 _____ () C:\Windows\Minidump\040314-13275-01.dmp
  205.  
  206. ==================== One Month Modified Files and Folders =======
  207.  
  208. 2014-04-30 19:40 - 2014-04-30 19:40 - 00014173 _____ () C:\Users\PC\Documents\FRST.txt
  209. 2014-04-30 19:40 - 2014-04-30 19:40 - 00000000 ____D () C:\FRST
  210. 2014-04-30 19:40 - 2013-01-28 11:17 - 00000000 ____D () C:\Users\PC\AppData\Roaming\uTorrent
  211. 2014-04-30 19:39 - 2014-04-19 11:41 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
  212. 2014-04-30 19:36 - 2014-04-30 19:36 - 00007919 _____ () C:\UsbFix [Listing 1] XEGANTHY.txt
  213. 2014-04-30 19:36 - 2014-04-30 19:36 - 00001448 _____ () C:\Users\PC\Desktop\UsbFix.lnk
  214. 2014-04-30 19:36 - 2014-04-30 19:22 - 00000000 ____D () C:\UsbFix
  215. 2014-04-30 19:27 - 2014-04-30 19:27 - 00000000 ____D () C:\Users\PC\Documents\fixes
  216. 2014-04-30 19:27 - 2014-04-30 19:22 - 00008074 _____ () C:\UsbFix [Scan 1] XEGANTHY.txt
  217. 2014-04-30 19:26 - 2009-07-14 12:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  218. 2014-04-30 19:26 - 2009-07-14 12:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  219. 2014-04-30 19:23 - 2014-04-30 19:23 - 01052160 _____ (Farbar) C:\Users\PC\Documents\FRST.exe
  220. 2014-04-30 19:23 - 2013-01-28 11:17 - 00010414 _____ () C:\Windows\system32\PerfStringBackup.INI
  221. 2014-04-30 19:22 - 2013-02-09 22:15 - 00000000 ____D () C:\Users\PC\AppData\Roaming\GarenaPlus
  222. 2014-04-30 19:22 - 2013-02-09 21:52 - 00000000 ____D () C:\ProgramData\GarenaMessenger
  223. 2014-04-30 19:20 - 2013-01-28 00:46 - 00000000 ____D () C:\Program Files\Steam
  224. 2014-04-30 19:19 - 2013-05-28 08:58 - 00089618 _____ () C:\Windows\setupact.log
  225. 2014-04-30 19:19 - 2009-07-14 12:53 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
  226. 2014-04-30 19:19 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
  227. 2014-04-30 19:16 - 2014-04-30 19:16 - 00655360 _____ () C:\Users\PC\Documents\MicrosoftFixit50471.msi
  228. 2014-04-30 19:14 - 2014-04-30 19:13 - 03006996 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\PC\Documents\UsbFix.exe
  229. 2014-04-30 15:20 - 2013-06-10 18:50 - 00000000 ____D () C:\Program Files\The Elder Scrolls V Skyrim
  230. 2014-04-30 15:20 - 2013-05-31 14:46 - 00000000 ____D () C:\Users\PC\AppData\Local\Skyrim
  231. 2014-04-30 00:06 - 2014-04-27 01:28 - 236983739 ____R () C:\Users\PC\Downloads\[DeadFish] Akuma no Riddle - 04 [720p][AAC].mp4
  232. 2014-04-29 16:03 - 2013-01-28 00:46 - 00000000 ____D () C:\Program Files\Common Files\Steam
  233. 2014-04-29 09:44 - 2013-03-26 12:43 - 00000000 ____D () C:\Users\PC\AppData\Roaming\foobar2000
  234. 2014-04-28 11:18 - 2013-01-28 14:21 - 00000000 ____D () C:\Users\PC\AppData\Local\CrashDumps
  235. 2014-04-28 10:46 - 2014-04-27 07:18 - 256326537 ____R () C:\Users\PC\Downloads\[DeadFish] Fairy Tail (2014) - 04 [720p][AAC].mp4
  236. 2014-04-25 10:56 - 2014-04-25 10:56 - 00208496 _____ () C:\Windows\Minidump\042514-15678-01.dmp
  237. 2014-04-25 10:56 - 2013-10-06 14:04 - 00000000 ____D () C:\Windows\Minidump
  238. 2014-04-24 20:31 - 2014-04-24 20:31 - 00000012 _____ () C:\Users\PC\Documents\moose.txt
  239. 2014-04-24 16:04 - 2014-04-24 16:04 - 00000018 _____ () C:\Windows\cmm.dat
  240. 2014-04-24 11:44 - 2014-04-24 11:44 - 00000000 ____D () C:\Windows\CleanMem
  241. 2014-04-24 11:44 - 2014-04-24 11:44 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanMem
  242. 2014-04-24 11:44 - 2014-04-24 11:44 - 00000000 ____D () C:\Program Files\CleanMem
  243. 2014-04-23 21:36 - 2014-04-23 21:36 - 00000193 _____ () C:\Windows\WORDPAD.INI
  244. 2014-04-22 07:10 - 2013-06-01 17:30 - 00000000 ____D () C:\Users\PC\Documents\Nexus Mod Manager
  245. 2014-04-21 02:08 - 2014-04-21 02:08 - 00144400 _____ () C:\Windows\Minidump\042114-17175-01.dmp
  246. 2014-04-19 11:49 - 2013-08-05 05:54 - 00106966 _____ () C:\Windows\PFRO.log
  247. 2014-04-19 11:49 - 2013-01-29 18:24 - 00000000 ____D () C:\Windows\W7SBC
  248. 2014-04-19 11:47 - 2014-04-19 11:46 - 06974773 _____ () C:\Users\PC\Documents\WBPG - Basics and Installers Intro pdf-35230-8-3.7z
  249. 2014-04-19 11:40 - 2014-04-19 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
  250. 2014-04-19 11:40 - 2014-04-19 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
  251. 2014-04-19 11:40 - 2014-04-19 11:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
  252. 2014-04-18 01:49 - 2013-08-11 01:28 - 00016574 _____ () C:\Windows\WindowsUpdate.log
  253. 2014-04-16 19:19 - 2013-02-09 21:52 - 00000000 ____D () C:\Program Files\Garena Plus
  254. 2014-04-16 19:08 - 2014-04-04 18:36 - 00000000 ____D () C:\Program Files\Civilization V
  255. 2014-04-15 16:03 - 2014-04-15 16:03 - 00144400 _____ () C:\Windows\Minidump\041514-16926-01.dmp
  256. 2014-04-14 20:45 - 2013-06-01 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
  257. 2014-04-14 20:45 - 2013-06-01 17:29 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
  258. 2014-04-14 20:43 - 2014-04-14 20:42 - 04182000 _____ (Black Tree Gaming ) C:\Users\PC\Documents\Nexus Mod Manager-0.49.2.exe
  259. 2014-04-14 09:58 - 2014-04-14 09:58 - 00182736 _____ () C:\Windows\Minidump\041414-26676-01.dmp
  260. 2014-04-14 09:20 - 2014-04-14 09:20 - 00266051 _____ () C:\Users\PC\Downloads\skse_1_06_16_installer.exe
  261. 2014-04-14 08:50 - 2013-12-01 00:10 - 00000000 ____D () C:\ProgramData\Package Cache
  262. 2014-04-14 08:50 - 2013-06-02 17:48 - 00000000 ____D () C:\BOSS
  263. 2014-04-14 08:48 - 2014-04-14 08:45 - 12352845 _____ (BOSS Development Team) C:\Users\PC\Downloads\BOSS.Installer.exe
  264. 2014-04-14 02:23 - 2014-04-14 02:21 - 04182344 _____ (Black Tree Gaming ) C:\Users\PC\Documents\Nexus Mod Manager-0.49.3.exe
  265. 2014-04-13 13:40 - 2013-04-05 01:23 - 00000000 ____D () C:\Users\PC\Documents\My Games
  266. 2014-04-13 13:38 - 2014-04-13 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Goat Simulator
  267. 2014-04-13 13:38 - 2014-04-13 13:38 - 00000000 ____D () C:\Program Files\Goat Simulator
  268. 2014-04-13 02:17 - 2014-04-13 02:10 - 00000000 ____D () C:\Users\PC\Downloads\Goat Simulator
  269. 2014-04-07 04:17 - 2014-04-07 04:17 - 00144400 _____ () C:\Windows\Minidump\040714-27034-01.dmp
  270. 2014-04-04 18:30 - 2014-04-04 18:27 - 00000000 ____D () C:\Civilization V + DLC + Expansions PC MULTi-6 ^^nosTEAM^^
  271. 2014-04-03 22:33 - 2014-04-03 22:33 - 00144400 _____ () C:\Windows\Minidump\040314-13275-01.dmp
  272. 2014-04-03 09:51 - 2014-04-19 11:40 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
  273. 2014-04-03 09:51 - 2014-04-19 11:40 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
  274. 2014-04-03 09:50 - 2014-04-19 11:40 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
  275. 2014-04-01 14:07 - 2013-04-05 01:09 - 00000000 ____D () C:\Program Files\2K Games
  276. 2014-04-01 03:18 - 2013-04-09 18:36 - 00000000 ____D () C:\Users\PC\Documents\Guides
  277.  
  278. Some content of TEMP:
  279. ====================
  280. C:\Users\PC\AppData\Local\Temp\13-9_win7_win8_32_dd_ccc_whql.exe
  281. C:\Users\PC\AppData\Local\Temp\drm_dialogs.dll
  282. C:\Users\PC\AppData\Local\Temp\drm_dyndata_7400006.dll
  283. C:\Users\PC\AppData\Local\Temp\fp_pl_pfs_installer.exe
  284. C:\Users\PC\AppData\Local\Temp\Nexus%20Mod%20Manager-0.44.16.exe
  285. C:\Users\PC\AppData\Local\Temp\PH305_patch_130322to130404.exe
  286. C:\Users\PC\AppData\Local\Temp\utt8528.tmp.exe
  287.  
  288.  
  289. ==================== Bamital & volsnap Check =================
  290.  
  291. C:\Windows\explorer.exe
  292. [2013-01-29 18:24] - [2013-07-27 00:35] - 2613248 ____A (Microsoft Corporation) 7115E69EDDA7C647F3B60B659CE53020
  293.  
  294. C:\Windows\system32\winlogon.exe => MD5 is legit
  295. C:\Windows\system32\wininit.exe => MD5 is legit
  296. C:\Windows\system32\svchost.exe => MD5 is legit
  297. C:\Windows\system32\services.exe => MD5 is legit
  298. C:\Windows\system32\User32.dll => MD5 is legit
  299. C:\Windows\system32\userinit.exe => MD5 is legit
  300. C:\Windows\system32\rpcss.dll => MD5 is legit
  301. C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
  302.  
  303.  
  304. LastRegBack: 2014-04-30 03:10
  305.  
  306. ==================== End Of Log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!