Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think I am RATed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I think I am RATed

Unread postby The_Doctor » June 2nd, 2016, 2:15 pm

As you can see, THESE are not my aliases. Nor do I remember ever having created those accounts.
Image

Logs : FRST.TXT
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2016
Ran by Shade (administrator) on LINUX (02-06-2016 23:39:46)
Running from D:\Programming
Loaded Profiles: Shade (Available Profiles: UpdatusUser & 102 & Shade & Guest)
Platform: Microsoft Windows 8 Pro (X86) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\Run: [BitTorrent] => C:\Users\Shade\AppData\Roaming\BitTorrent\BitTorrent.exe [1698152 2015-08-19] (BitTorrent Inc.)
HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3077712 2016-04-01] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-06-27]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{60863B02-BB49-42B7-AB04-B9370333A12E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-17] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2015-06-27] (LastPass)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-17] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2015-06-27] (LastPass)

FireFox:
========
FF ProfilePath: C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\m2zpw8oc.default-1463598309198
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-17] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2015-06-27] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-3171145056-229118582-1774830325-1010: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shade\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxps://encrypted.google.com/
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-27]
CHR Extension: (Google Docs) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-27]
CHR Extension: (Google Drive) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-27]
CHR Extension: (Google Docs Offline) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]
CHR Extension: (AdBlock) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-02]
CHR Extension: (Chrono Download Manager) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2016-04-16]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-27]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1982752 2016-02-23] (ESET)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13864 2012-07-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206312 2016-02-23] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [146024 2016-02-23] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [111040 2016-02-23] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [152728 2016-02-23] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [44608 2016-02-23] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [71488 2016-02-23] (ESET)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-04-15] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [28072 2012-07-26] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [199920 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-02 23:26 - 2016-06-02 23:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-271870570.txt
2016-06-02 23:26 - 2016-06-02 23:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-271868932.txt
2016-06-02 22:41 - 2016-06-02 22:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-269191659.txt
2016-06-02 22:41 - 2016-06-02 22:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-269190598.txt
2016-06-02 22:18 - 2016-06-02 22:18 - 00322310 _____ C:\Users\Shade\Desktop\MTUI-43 (1).zip
2016-06-02 21:13 - 2016-06-02 21:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-263881541.txt
2016-06-02 21:13 - 2016-06-02 21:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-263879731.txt
2016-06-02 21:11 - 2016-06-02 21:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-263802916.txt
2016-06-02 21:11 - 2016-06-02 21:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-263795553.txt
2016-06-02 19:28 - 2016-06-02 19:28 - 00000117 _____ C:\WINDOWS\system32\netcfg-257629613.txt
2016-06-02 19:28 - 2016-06-02 19:28 - 00000117 _____ C:\WINDOWS\system32\netcfg-257628475.txt
2016-06-02 19:18 - 2016-06-02 21:19 - 00000000 ____D C:\Users\Shade\Desktop\Fallout 3 Mods
2016-06-02 18:54 - 2016-06-02 18:54 - 00000000 ____D C:\Users\Shade\Documents\FOMM
2016-06-02 18:53 - 2016-06-02 18:53 - 00000909 _____ C:\Users\Shade\Desktop\Fallout Mod Manager.lnk
2016-06-02 18:53 - 2016-06-02 18:53 - 00000000 ____D C:\Users\Shade\AppData\Local\FOMM
2016-06-02 18:53 - 2016-06-02 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
2016-06-02 18:53 - 2016-06-02 18:53 - 00000000 ____D C:\Program Files\GeMM
2016-06-02 18:28 - 2016-06-02 22:13 - 00000000 ____D C:\Users\Shade\AppData\Local\Fallout3
2016-06-02 18:23 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-06-02 18:23 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-06-02 18:23 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-06-02 18:20 - 2016-06-02 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 3
2016-06-02 17:26 - 2016-06-02 17:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-250268893.txt
2016-06-02 17:26 - 2016-06-02 17:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-250261546.txt
2016-06-01 20:31 - 2016-06-01 20:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-174970502.txt
2016-06-01 20:31 - 2016-06-01 20:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-174970440.txt
2016-06-01 20:30 - 2016-06-01 20:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-174951658.txt
2016-06-01 20:30 - 2016-06-01 20:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-174948678.txt
2016-06-01 20:25 - 2016-06-01 20:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-174625553.txt
2016-06-01 20:25 - 2016-06-01 20:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-174619609.txt
2016-06-01 05:10 - 2016-06-01 05:10 - 00266773 _____ C:\Users\102\Documents\watch (1).htm
2016-06-01 05:09 - 2016-06-01 05:09 - 00217193 _____ C:\Users\102\Documents\watch.htm
2016-06-01 02:05 - 2016-06-01 02:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-108638472.txt
2016-06-01 02:05 - 2016-06-01 02:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-108631686.txt
2016-05-31 21:42 - 2016-05-31 21:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-92880920.txt
2016-05-31 21:42 - 2016-05-31 21:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-92874259.txt
2016-05-31 15:31 - 2016-05-31 15:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-70587035.txt
2016-05-31 15:31 - 2016-05-31 15:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-70580811.txt
2016-05-31 13:47 - 2016-05-31 13:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-64358181.txt
2016-05-31 13:47 - 2016-05-31 13:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-64357775.txt
2016-05-31 12:09 - 2016-05-31 12:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-58483277.txt
2016-05-31 12:09 - 2016-05-31 12:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-58478753.txt
2016-05-31 04:32 - 2016-05-31 04:32 - 00391107 _____ C:\Users\102\Documents\Old is gold remix by dj ASH.wmv - YouTube.html
2016-05-31 04:32 - 2016-05-31 04:32 - 00000000 ____D C:\Users\102\Documents\Old is gold remix by dj ASH.wmv - YouTube_files
2016-05-31 01:15 - 2016-05-31 01:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-19225641.txt
2016-05-31 01:15 - 2016-05-31 01:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-19220914.txt
2016-05-30 17:42 - 2016-05-30 17:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-243295852.txt
2016-05-30 17:42 - 2016-05-30 17:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-243289939.txt
2016-05-30 14:21 - 2016-05-30 14:22 - 00984704 _____ ( ) C:\Users\102\Documents\HDVideoPlayer_3698888121.exe
2016-05-30 14:20 - 2016-05-30 14:21 - 00775320 _____ (Reimage®) C:\Users\102\Documents\ReimageRepair.exe
2016-05-30 11:53 - 2016-05-30 11:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-222403698.txt
2016-05-30 11:53 - 2016-05-30 11:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-222402482.txt
2016-05-30 11:27 - 2016-05-30 11:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-220831864.txt
2016-05-30 11:27 - 2016-05-30 11:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-220826029.txt
2016-05-30 01:31 - 2016-05-30 01:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-185048323.txt
2016-05-30 01:31 - 2016-05-30 01:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-185042629.txt
2016-05-29 21:29 - 2016-05-29 21:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-170532992.txt
2016-05-29 21:29 - 2016-05-29 21:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-170530542.txt
2016-05-29 18:33 - 2016-05-29 18:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-160014827.txt
2016-05-29 18:33 - 2016-05-29 18:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-160009632.txt
2016-05-29 14:57 - 2016-05-29 14:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-147070004.txt
2016-05-29 14:57 - 2016-05-29 14:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-147069193.txt
2016-05-29 12:06 - 2016-05-29 12:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-136804218.txt
2016-05-29 12:06 - 2016-05-29 12:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-136797744.txt
2016-05-29 11:48 - 2016-05-29 11:48 - 00000117 _____ C:\WINDOWS\system32\netcfg-135721603.txt
2016-05-29 11:48 - 2016-05-29 11:48 - 00000117 _____ C:\WINDOWS\system32\netcfg-135720245.txt
2016-05-29 10:44 - 2016-05-29 10:44 - 00526225 _____ C:\Users\102\Documents\salwars-and-dress-materials.htm
2016-05-29 10:02 - 2016-05-29 10:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-129322364.txt
2016-05-29 10:01 - 2016-05-29 10:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-129316732.txt
2016-05-28 20:48 - 2016-05-28 20:48 - 00000117 _____ C:\WINDOWS\system32\netcfg-81716911.txt
2016-05-28 20:48 - 2016-05-28 20:48 - 00000117 _____ C:\WINDOWS\system32\netcfg-81708347.txt
2016-05-28 15:48 - 2016-05-28 15:48 - 00000117 _____ C:\WINDOWS\system32\netcfg-63734676.txt
2016-05-28 15:48 - 2016-05-28 15:48 - 00000117 _____ C:\WINDOWS\system32\netcfg-63726658.txt
2016-05-28 14:36 - 2016-05-28 14:36 - 00000117 _____ C:\WINDOWS\system32\netcfg-59403137.txt
2016-05-28 14:36 - 2016-05-28 14:36 - 00000117 _____ C:\WINDOWS\system32\netcfg-59396288.txt
2016-05-28 11:39 - 2016-05-28 11:39 - 00000117 _____ C:\WINDOWS\system32\netcfg-48760109.txt
2016-05-28 11:39 - 2016-05-28 11:39 - 00000117 _____ C:\WINDOWS\system32\netcfg-48753214.txt
2016-05-28 10:35 - 2016-05-28 10:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-44928927.txt
2016-05-28 10:35 - 2016-05-28 10:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-44921564.txt
2016-05-28 01:11 - 2016-05-28 01:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-11107177.txt
2016-05-28 01:11 - 2016-05-28 01:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-11104088.txt
2016-05-28 01:11 - 2016-05-28 01:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-11083933.txt
2016-05-28 01:10 - 2016-05-28 01:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-11030674.txt
2016-05-28 01:01 - 2016-05-28 01:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-10480459.txt
2016-05-28 01:00 - 2016-05-28 01:00 - 00000117 _____ C:\WINDOWS\system32\netcfg-10475794.txt
2016-05-27 19:54 - 2016-05-27 19:54 - 00000117 _____ C:\WINDOWS\system32\netcfg-342015671.txt
2016-05-27 19:54 - 2016-05-27 19:54 - 00000117 _____ C:\WINDOWS\system32\netcfg-342009805.txt
2016-05-27 13:05 - 2016-05-27 13:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-317500223.txt
2016-05-27 13:05 - 2016-05-27 13:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-317494826.txt
2016-05-26 21:59 - 2016-05-26 21:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-263127135.txt
2016-05-26 21:59 - 2016-05-26 21:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-263122331.txt
2016-05-26 20:37 - 2016-05-26 20:37 - 00000117 _____ C:\WINDOWS\system32\netcfg-258222807.txt
2016-05-26 20:37 - 2016-05-26 20:37 - 00000117 _____ C:\WINDOWS\system32\netcfg-258216084.txt
2016-05-26 19:56 - 2016-05-26 19:56 - 00000117 _____ C:\WINDOWS\system32\netcfg-255738445.txt
2016-05-26 19:56 - 2016-05-26 19:56 - 00000117 _____ C:\WINDOWS\system32\netcfg-255733234.txt
2016-05-26 17:21 - 2016-05-26 17:21 - 00000117 _____ C:\WINDOWS\system32\netcfg-246454170.txt
2016-05-26 17:21 - 2016-05-26 17:21 - 00000117 _____ C:\WINDOWS\system32\netcfg-246449895.txt
2016-05-26 15:25 - 2016-05-26 15:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-239493826.txt
2016-05-26 15:25 - 2016-05-26 15:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-239488975.txt
2016-05-26 13:18 - 2016-05-26 13:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-231872054.txt
2016-05-26 13:18 - 2016-05-26 13:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-231864660.txt
2016-05-26 00:57 - 2016-05-26 00:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-187434046.txt
2016-05-26 00:57 - 2016-05-26 00:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-187426668.txt
2016-05-25 23:49 - 2016-05-25 23:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-183349862.txt
2016-05-25 23:49 - 2016-05-25 23:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-183343856.txt
2016-05-25 20:41 - 2016-05-25 20:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-172100053.txt
2016-05-25 20:41 - 2016-05-25 20:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-172093969.txt
2016-05-25 13:26 - 2016-05-25 13:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-145964519.txt
2016-05-25 13:26 - 2016-05-25 13:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-145959574.txt
2016-05-24 23:01 - 2016-05-24 23:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-94097712.txt
2016-05-24 23:01 - 2016-05-24 23:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-94090957.txt
2016-05-24 20:26 - 2016-05-24 20:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-84809163.txt
2016-05-24 20:26 - 2016-05-24 20:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-84801831.txt
2016-05-24 15:31 - 2016-05-24 15:31 - 00000000 ___HD C:\$Windows.~WS
2016-05-24 15:16 - 2016-05-24 15:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-66213922.txt
2016-05-24 15:16 - 2016-05-24 15:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-66208025.txt
2016-05-24 12:32 - 2016-05-24 12:32 - 00000117 _____ C:\WINDOWS\system32\netcfg-56369104.txt
2016-05-24 12:32 - 2016-05-24 12:32 - 00000117 _____ C:\WINDOWS\system32\netcfg-56363457.txt
2016-05-23 16:08 - 2016-05-23 16:08 - 00000117 _____ C:\WINDOWS\system32\netcfg-242409610.txt
2016-05-23 16:08 - 2016-05-23 16:08 - 00000117 _____ C:\WINDOWS\system32\netcfg-242402231.txt
2016-05-23 15:21 - 2016-05-23 15:21 - 00000117 _____ C:\WINDOWS\system32\netcfg-239558707.txt
2016-05-23 15:20 - 2016-05-23 15:20 - 00000117 _____ C:\WINDOWS\system32\netcfg-239552717.txt
2016-05-22 20:53 - 2016-05-22 20:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-173086229.txt
2016-05-22 20:53 - 2016-05-22 20:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-173080285.txt
2016-05-22 14:18 - 2016-05-22 14:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-149439613.txt
2016-05-22 14:18 - 2016-05-22 14:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-149433295.txt
2016-05-22 02:19 - 2016-05-22 02:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-106244746.txt
2016-05-22 02:18 - 2016-05-22 02:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-106237351.txt
2016-05-21 20:05 - 2016-05-21 20:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-83856309.txt
2016-05-21 20:05 - 2016-05-21 20:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-83848961.txt
2016-05-21 15:03 - 2016-05-21 15:03 - 00000117 _____ C:\WINDOWS\system32\netcfg-65733376.txt
2016-05-21 15:03 - 2016-05-21 15:03 - 00000117 _____ C:\WINDOWS\system32\netcfg-65728509.txt
2016-05-20 20:29 - 2016-05-20 20:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-66509481.txt
2016-05-20 20:29 - 2016-05-20 20:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-66502555.txt
2016-05-20 13:41 - 2016-05-20 13:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-42038338.txt
2016-05-20 13:41 - 2016-05-20 13:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-42031583.txt
2016-05-20 09:09 - 2016-05-20 09:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-25674145.txt
2016-05-20 09:08 - 2016-05-20 09:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-25668638.txt
2016-05-20 01:51 - 2016-05-20 01:51 - 00000000 ____D C:\Users\102\Documents\Slide 2 _ Top 5 Foods To Improve Your Hemoglobin_files
2016-05-20 01:50 - 2016-05-20 01:51 - 00309580 _____ C:\Users\102\Documents\Slide 2 _ Top 5 Foods To Improve Your Hemoglobin.html
2016-05-20 01:19 - 2016-05-20 01:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-9125465.txt
2016-05-20 01:19 - 2016-05-20 01:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-9121799.txt
2016-05-19 22:38 - 2016-05-19 22:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-169745389.txt
2016-05-19 22:38 - 2016-05-19 22:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-169739430.txt
2016-05-19 20:41 - 2016-05-19 20:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-162703395.txt
2016-05-19 20:41 - 2016-05-19 20:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-162696890.txt
2016-05-19 19:53 - 2016-05-19 19:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-159851494.txt
2016-05-19 19:53 - 2016-05-19 19:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-159845207.txt
2016-05-19 13:49 - 2016-05-19 13:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-137973539.txt
2016-05-19 13:49 - 2016-05-19 13:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-137969593.txt
2016-05-19 10:42 - 2016-05-19 10:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-126757629.txt
2016-05-19 10:42 - 2016-05-19 10:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-126751155.txt
2016-05-19 00:39 - 2016-05-19 00:51 - 40044072 _____ C:\Users\Shade\Downloads\_Toxicology_-_Ernest_Hodgson_et_al._(AP,_2015).pdf
2016-05-19 00:35 - 2016-05-19 00:35 - 00000000 ____D C:\Users\Shade\Desktop\Old Firefox Data
2016-05-18 22:31 - 2016-05-18 22:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-82907448.txt
2016-05-18 22:31 - 2016-05-18 22:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-82903595.txt
2016-05-18 22:02 - 2016-05-18 22:10 - 26705975 _____ C:\Users\Shade\Downloads\ion_2016)_Ann_M._Fabirkiewicz,_John_C._Stowell.pdf
2016-05-18 21:22 - 2016-05-18 21:31 - 00000000 ____D C:\Users\Shade\AppData\Local\Mozilla
2016-05-18 21:22 - 2016-05-18 21:22 - 00000000 ____D C:\Users\Shade\AppData\Roaming\Mozilla
2016-05-18 21:21 - 2016-05-18 21:21 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-18 21:21 - 2016-05-18 21:21 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-18 21:21 - 2016-05-18 21:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-05-18 21:21 - 2016-05-18 21:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-18 19:41 - 2016-05-18 19:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-72678525.txt
2016-05-18 19:40 - 2016-05-18 19:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-72671708.txt
2016-05-18 18:04 - 2016-05-18 18:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-66908033.txt
2016-05-18 18:04 - 2016-05-18 18:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-66902307.txt
2016-05-18 14:25 - 2016-05-18 14:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-53737134.txt
2016-05-18 14:25 - 2016-05-18 14:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-53734481.txt
2016-05-18 14:24 - 2016-05-18 14:24 - 00000117 _____ C:\WINDOWS\system32\netcfg-53711877.txt
2016-05-18 14:24 - 2016-05-18 14:24 - 00000117 _____ C:\WINDOWS\system32\netcfg-53711799.txt
2016-05-18 14:10 - 2016-05-18 14:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-52835417.txt
2016-05-18 14:10 - 2016-05-18 14:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-52835354.txt
2016-05-18 14:09 - 2016-05-18 14:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-52810238.txt
2016-05-18 14:09 - 2016-05-18 14:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-52803468.txt
2016-05-18 14:07 - 2016-05-18 14:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-52661569.txt
2016-05-18 14:07 - 2016-05-18 14:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-52652973.txt
2016-05-17 23:52 - 2016-05-17 23:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-1369813.txt
2016-05-17 23:52 - 2016-05-17 23:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-1369766.txt
2016-05-17 23:52 - 2016-05-17 23:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-1369688.txt
2016-05-17 23:52 - 2016-05-17 23:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-1369626.txt
2016-05-17 23:52 - 2016-05-17 23:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-1368861.txt
2016-05-17 23:52 - 2016-05-17 23:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-1367598.txt
2016-05-17 23:29 - 2016-05-17 23:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-473866531.txt
2016-05-17 19:43 - 2016-05-17 19:43 - 00000117 _____ C:\WINDOWS\system32\netcfg-460303928.txt
2016-05-17 19:43 - 2016-05-17 19:43 - 00000117 _____ C:\WINDOWS\system32\netcfg-460297595.txt
2016-05-17 18:12 - 2016-05-17 18:12 - 00000117 _____ C:\WINDOWS\system32\netcfg-454881817.txt
2016-05-17 18:12 - 2016-05-17 18:12 - 00000117 _____ C:\WINDOWS\system32\netcfg-454880242.txt
2016-05-17 18:10 - 2016-05-17 18:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-454720247.txt
2016-05-17 18:09 - 2016-05-17 18:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-454714413.txt
2016-05-17 16:06 - 2016-05-17 16:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-447339543.txt
2016-05-17 16:06 - 2016-05-17 16:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-447339465.txt
2016-05-17 16:06 - 2016-05-17 16:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-447288047.txt
2016-05-17 16:06 - 2016-05-17 16:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-447286425.txt
2016-05-17 14:22 - 2016-05-17 14:22 - 00000117 _____ C:\WINDOWS\system32\netcfg-441079223.txt
2016-05-17 14:22 - 2016-05-17 14:22 - 00000117 _____ C:\WINDOWS\system32\netcfg-441072593.txt
2016-05-17 13:53 - 2016-05-17 13:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-439350248.txt
2016-05-17 13:53 - 2016-05-17 13:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-439343478.txt
2016-05-17 12:56 - 2016-05-17 12:56 - 00000117 _____ C:\WINDOWS\system32\netcfg-435948179.txt
2016-05-17 12:56 - 2016-05-17 12:56 - 00000117 _____ C:\WINDOWS\system32\netcfg-435940878.txt
2016-05-16 23:47 - 2016-05-16 23:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-388579926.txt
2016-05-16 23:47 - 2016-05-16 23:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-388575027.txt
2016-05-16 19:38 - 2016-05-16 19:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-373674982.txt
2016-05-16 19:38 - 2016-05-16 19:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-373668836.txt
2016-05-16 17:55 - 2016-05-16 17:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-367477015.txt
2016-05-16 17:55 - 2016-05-16 17:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-367472819.txt
2016-05-16 13:41 - 2016-05-16 13:41 - 00064906 _____ C:\Users\102\Documents\Assistant Section Officer, Gr-B-Non Gazetted Pre and Main Examination.pdf
2016-05-16 13:11 - 2016-05-16 13:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-350441004.txt
2016-05-16 13:11 - 2016-05-16 13:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-350434998.txt
2016-05-16 09:15 - 2016-05-16 09:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-336306471.txt
2016-05-16 09:15 - 2016-05-16 09:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-336301245.txt
2016-05-15 19:47 - 2016-05-15 19:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-287790316.txt
2016-05-15 19:47 - 2016-05-15 19:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-287782360.txt
2016-05-15 16:07 - 2016-05-15 16:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-274601633.txt
2016-05-15 16:07 - 2016-05-15 16:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-274595487.txt
2016-05-15 14:47 - 2016-05-15 14:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-269780812.txt
2016-05-15 14:46 - 2016-05-15 14:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-269774026.txt
2016-05-14 22:50 - 2016-05-14 22:50 - 00000117 _____ C:\WINDOWS\system32\netcfg-212410930.txt
2016-05-14 22:50 - 2016-05-14 22:50 - 00000117 _____ C:\WINDOWS\system32\netcfg-212403629.txt
2016-05-14 17:10 - 2016-05-14 17:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-191983301.txt
2016-05-14 17:10 - 2016-05-14 17:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-191977170.txt
2016-05-14 14:46 - 2016-05-14 14:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-183373606.txt
2016-05-14 14:46 - 2016-05-14 14:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-183367490.txt
2016-05-13 20:51 - 2016-05-13 20:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-118844837.txt
2016-05-13 20:51 - 2016-05-13 20:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-118837989.txt
2016-05-13 17:23 - 2016-05-13 17:23 - 00000117 _____ C:\WINDOWS\system32\netcfg-106371294.txt
2016-05-13 17:23 - 2016-05-13 17:23 - 00000117 _____ C:\WINDOWS\system32\netcfg-106367128.txt
2016-05-13 12:36 - 2016-05-13 12:36 - 00000117 _____ C:\WINDOWS\system32\netcfg-89152652.txt
2016-05-13 12:36 - 2016-05-13 12:36 - 00000117 _____ C:\WINDOWS\system32\netcfg-89146802.txt
2016-05-13 10:43 - 2016-05-13 10:44 - 00000117 _____ C:\WINDOWS\system32\netcfg-82419852.txt
2016-05-13 10:43 - 2016-05-13 10:43 - 00000117 _____ C:\WINDOWS\system32\netcfg-82412410.txt
2016-05-13 05:10 - 2016-05-13 05:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-62433409.txt
2016-05-13 05:10 - 2016-05-13 05:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-62425438.txt
2016-05-13 01:23 - 2016-05-13 01:23 - 00000117 _____ C:\WINDOWS\system32\netcfg-48778548.txt
2016-05-13 01:23 - 2016-05-13 01:23 - 00000117 _____ C:\WINDOWS\system32\netcfg-48772589.txt
2016-05-12 20:44 - 2016-05-12 20:44 - 00000117 _____ C:\WINDOWS\system32\netcfg-32056614.txt
2016-05-12 20:44 - 2016-05-12 20:44 - 00000117 _____ C:\WINDOWS\system32\netcfg-32049266.txt
2016-05-12 17:55 - 2016-05-12 17:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-21925176.txt
2016-05-12 17:55 - 2016-05-12 17:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-21923865.txt
2016-05-12 16:26 - 2016-05-12 16:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-16555528.txt
2016-05-12 16:25 - 2016-05-12 16:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-16551550.txt
2016-05-05 16:47 - 2016-05-05 16:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-152644809.txt
2016-05-05 16:47 - 2016-05-05 16:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-152638101.txt
2016-05-05 11:08 - 2016-05-05 11:08 - 00000117 _____ C:\WINDOWS\system32\netcfg-132280907.txt
2016-05-05 11:08 - 2016-05-05 11:08 - 00000117 _____ C:\WINDOWS\system32\netcfg-132277178.txt
2016-05-04 21:13 - 2016-05-04 21:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-82187005.txt
2016-05-04 21:13 - 2016-05-04 21:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-82179985.txt
2016-05-04 15:38 - 2016-05-04 15:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-62132234.txt
2016-05-04 15:38 - 2016-05-04 15:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-62126742.txt
2016-05-04 11:53 - 2016-05-04 11:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-48641486.txt
2016-05-04 11:53 - 2016-05-04 11:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-48637008.txt
2016-05-03 23:06 - 2016-05-03 23:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-2612751.txt
2016-05-03 23:06 - 2016-05-03 23:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-2604202.txt
2016-05-03 22:25 - 2016-05-03 22:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-138138.txt
2016-05-03 22:25 - 2016-05-03 22:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-135112.txt
2016-05-03 22:25 - 2016-05-03 22:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-116205.txt
2016-05-03 22:25 - 2016-05-03 22:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-113319.txt
2016-05-03 20:05 - 2016-05-03 20:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-166675118.txt
2016-05-03 20:05 - 2016-05-03 20:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-166668363.txt
2016-05-03 12:36 - 2016-05-03 12:36 - 00000117 _____ C:\WINDOWS\system32\netcfg-139709316.txt
2016-05-03 12:36 - 2016-05-03 12:36 - 00000117 _____ C:\WINDOWS\system32\netcfg-139702342.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-02 23:39 - 2015-05-02 14:02 - 00000000 ____D C:\FRST
2016-06-02 23:27 - 2015-09-03 19:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-06-02 23:26 - 2015-06-27 19:14 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-02 23:09 - 2015-06-27 19:14 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-02 23:06 - 2012-07-26 12:23 - 00000000 ____D C:\WINDOWS\tracing
2016-06-02 22:05 - 2015-07-23 18:54 - 00000000 ____D C:\Users\Shade\AppData\Local\FalloutNV
2016-06-02 18:54 - 2016-04-17 20:46 - 00000000 ____D C:\Users\Shade\AppData\Local\LOOT
2016-06-02 18:28 - 2015-07-23 18:54 - 00000000 ____D C:\Users\Shade\Documents\My Games
2016-06-02 18:20 - 2015-02-04 21:17 - 00000771 _____ C:\Users\Public\Desktop\Fallout 3.lnk
2016-05-30 19:55 - 2015-11-03 22:43 - 00065536 _____ C:\WINDOWS\system32\Ikeext.etl
2016-05-30 19:54 - 2015-03-20 12:28 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-30 19:54 - 2012-07-26 11:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-24 15:31 - 2015-03-17 23:11 - 00000000 ____D C:\WINDOWS\Panther
2016-05-24 15:31 - 2015-03-17 12:35 - 00015341 _____ C:\WINDOWS\diagwrn.xml
2016-05-24 15:31 - 2015-03-17 12:35 - 00009420 _____ C:\WINDOWS\diagerr.xml
2016-05-22 14:21 - 2012-07-26 12:23 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-19 21:22 - 2015-08-02 12:15 - 00000000 ____D C:\Program Files\Steam
2016-05-13 11:25 - 2015-06-27 19:26 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 11:25 - 2015-06-27 19:26 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-13 01:19 - 2016-04-03 23:13 - 00000000 ____D C:\Users\Shade\AppData\Roaming\CodeBlocks
2016-05-13 01:19 - 2015-03-17 12:35 - 00000000 ____D C:\Users\UpdatusUser
2016-05-13 01:19 - 2015-03-17 12:35 - 00000000 ____D C:\Users\Harsha
2016-05-13 01:19 - 2015-03-17 12:35 - 00000000 ____D C:\Users\Guest
2016-05-13 01:19 - 2015-03-17 12:35 - 00000000 ____D C:\Users\102
2016-05-13 01:19 - 2012-07-26 12:23 - 00000000 ____D C:\WINDOWS\registration
2016-05-12 16:33 - 2016-04-03 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-05-12 16:33 - 2016-04-03 14:15 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-05-12 12:35 - 2015-03-17 12:35 - 00000000 ____D C:\Users\Shade
2016-05-06 19:48 - 2015-12-22 20:54 - 00000000 ____D C:\Users\Shade\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2015-06-27 19:41 - 2015-06-27 19:45 - 11873336 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2016-02-25 09:25 - 2016-02-25 09:25 - 0000000 _____ () C:\Users\Shade\AppData\Local\{0170CB6F-0854-45CD-87ED-979821DA7578}

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-26 16:28

==================== End of FRST.txt ============================
ADDITION.TXT
Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-06-2016
Ran by Shade (2016-06-02 23:42:23)
Running from D:\Programming
Microsoft Windows 8 Pro (X86) (2015-03-17 07:07:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

102 (S-1-5-21-3171145056-229118582-1774830325-1008 - Limited - Enabled) => C:\Users\102
Administrator (S-1-5-21-3171145056-229118582-1774830325-500 - Administrator - Disabled)
Guest (S-1-5-21-3171145056-229118582-1774830325-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3171145056-229118582-1774830325-1003 - Limited - Enabled)
Shade (S-1-5-21-3171145056-229118582-1774830325-1010 - Administrator - Enabled) => C:\Users\Shade
UpdatusUser (S-1-5-21-3171145056-229118582-1774830325-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.375.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.375.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
BitTorrent (HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\BitTorrent) (Version: 7.9.4.40912 - BitTorrent Inc.)
BOSS (HKLM\...\BOSS) (Version: 2.3.2 - BOSS Development Team)
CHM Viewer (HKLM\...\{8DD85CC4-D7A0-4332-A9A8-7FBAC360B180}_is1) (Version: - chmviewer.com)
CodeBlocks (HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
CodeLite (HKLM\...\CodeLite_is1) (Version: 9.1.0 - Eran Ifrah)
ESET Smart Security (HKLM\...\{8FFA27DB-0D5F-4472-A1E2-EB54CCE7A98E}) (Version: 9.0.375.0 - ESET, spol. s r.o.)
Fallout 3 Game of the Year Edition - DLCs (HKLM\...\{12CFDA5C-BDB9-460D-9E0D-F7879D9E2351}}_is1) (Version: - Bethesda Softworks)
Fallout 3 Game of the Year Edition (HKLM\...\{552F1CCF-1364-424C-85F7-46D4D006BB69}}_is1) (Version: - Bethesda Softworks)
Fallout Mod Manager 0.13.21 (HKLM\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
Fallout New Vegas (HKLM\...\Fallout New Vegas_is1) (Version: - )
Frhed 1.7.1 (HKLM\...\Frhed) (Version: 1.7.1 - Raihan Kibria)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
LastPass (uninstall only) (HKLM\...\LastPass) (Version: - LastPass)
LOOT version 0.8.1 (HKLM\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.8.1 - LOOT Team)
Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.16 - Black Tree Gaming)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
TDM-GCC (HKLM\...\TDM-GCC) (Version: 1.1309.0 - TDM)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
Unity Web Player (HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wrye Bash (HKLM\...\Wrye Bash) (Version: 0.3.0.6 - Wrye & Wrye Bash Development Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3171145056-229118582-1774830325-1010_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Shade\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26B9577F-A930-4899-8241-EBB9B3D6051D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-27] (Google Inc.)
Task: {B772E3CA-ED7D-4182-9183-90A7CD2CBBA4} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {FFFE08CD-ABFC-4354-9F84-6C7CA34C543E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 12:27 - 2014-07-03 01:12 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-05-13 11:25 - 2016-05-11 17:18 - 01738904 _____ () C:\Program Files\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 11:25 - 2016-05-11 17:18 - 00086168 _____ () C:\Program Files\Google\Chrome\Application\50.0.2661.102\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 09:47 - 2012-07-26 09:47 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3171145056-229118582-1774830325-1010\Control Panel\Desktop\\Wallpaper -> D:\Programming\Happy_Independence_Day_Indian_Flag_Tricolor_HD_Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{69892DA2-369A-4836-9AD5-F75DB3CC8ABC}] => (Allow) C:\Users\Shade\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EA17BDA5-BC31-4902-87BC-4850E5F7ADAA}] => (Allow) C:\Users\Shade\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2065E14F-C7A4-46D8-BDF3-8C333033EA56}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{981CFE88-1752-4B51-B182-8751CD56CB14}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{98740CB0-E992-4304-AF97-AAEF35FFC526}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{92A0E1B3-1EAD-42E4-9D42-F369D68C0071}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{3D0F6F68-586D-4C6C-96B5-A1B14D42A3F7}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{A65EF34C-CB8C-40FC-B9A8-DBF3334ECD05}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{A2496E42-BD50-47B8-AF41-B254A5F5D9A4}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{2337F557-9ED3-4C2E-8039-F07FD339787F}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{B447DAB4-716A-4C1A-AD93-6CC1DDF1ED23}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{376C82D5-B24D-4C5A-8822-5235E59CD53B}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{460BF74C-A156-45AE-BEC5-C2119A975739}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{5B7F1DD2-DDDF-48E5-A144-A32F32016580}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{98D8DEA0-C6D4-4E7E-9E5A-FA1569777CFC}] => (Allow) E:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{05414264-92C0-441E-B13C-3D242CACEB49}] => (Allow) E:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A4F54268-C3DE-4D9B-B857-733C9F3D92A7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{1C7DE3B5-535D-463F-A116-CE91F9238F05}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E31F1D41-0600-4589-957A-526A6D6486C4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

05-05-2016 18:18:32 Scheduled Checkpoint
18-05-2016 23:03:37 Scheduled Checkpoint
29-05-2016 21:47:25 Scheduled Checkpoint
02-06-2016 18:21:01 Installed DirectX

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2016 05:29:56 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Update Windows license and product key tokens failed with 0xC004F012.
%windir%\system32\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms

Error: (06/02/2016 05:26:10 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (06/01/2016 08:29:02 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Update Windows license and product key tokens failed with 0xC004F012.
%windir%\system32\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms

Error: (05/31/2016 09:43:38 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Update Windows license and product key tokens failed with 0xC004F012.
%windir%\system32\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms

Error: (05/31/2016 02:00:53 AM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Update Windows license and product key tokens failed with 0xC004F012.
%windir%\system32\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms

Error: (05/30/2016 07:58:37 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Update Windows license and product key tokens failed with 0xC004F012.
%windir%\system32\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms

Error: (05/30/2016 06:22:36 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (05/30/2016 11:37:54 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (05/30/2016 11:28:54 AM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Update Windows license and product key tokens failed with 0xC004F012.
%windir%\system32\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms

Error: (05/29/2016 12:10:25 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Update Windows license and product key tokens failed with 0xC004F012.
%windir%\system32\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms


System errors:
=============
Error: (06/02/2016 11:26:44 PM) (Source: DCOM) (EventID: 10010) (User: Linux)
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

Error: (06/02/2016 11:26:19 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (06/02/2016 10:41:35 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (06/02/2016 09:12:58 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (06/02/2016 07:48:44 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (06/02/2016 07:28:45 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (06/01/2016 11:57:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (06/01/2016 05:22:40 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (05/31/2016 11:29:28 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (05/31/2016 03:47:07 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 53%
Total physical RAM: 2046.18 MB
Available physical RAM: 945.96 MB
Total Virtual: 3390.18 MB
Available Virtual: 2030.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:17.07 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:97.66 GB) (Free:10.63 GB) NTFS
Drive e: () (Fixed) (Total:102.77 GB) (Free:25.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 000A6F8F)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================
The_Doctor
Active Member
 
Posts: 2
Joined: June 2nd, 2016, 2:05 pm
Advertisement
Register to Remove

Re: I think I am RATed

Unread postby capnkrunch » June 3rd, 2016, 2:00 pm

Hello The_Doctor :)

My name is capnkrunch and I will be helping you with your malware problems.

P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
BitTorrent

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assitance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.

Otherwise, there are instructions for removing it in the next step.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step one...

Uninstall Programs
  • Press the Windows Key + R.
  • Enter appwiz.cpl into the text box and click OK.
  • Locate the following programs:
    BitTorrent[b]
  • Press the [b]Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
    • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
    • Do this for every program listed.
    • Don't worry if you can't find one of the programs. Just be sure to let me know in your reply.
  • Once finished reboot your computer.

Step two...

LicDiag Command
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    @Echo off
    Licensingdiag.exe -report %userprofile%\desktop\report.txt -log NUL
    Notepad.exe %userprofile%\desktop\report.txt
    del %0
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Licdiag.bat to your Desktop.
  • Save as file type All Files or it won't work.
  • Now right click on Licdiag.bat and select Run as administrator.
  • A file report.txt will open on your Desktop, please post the contents in your next reply.

Step three...

CKScanner
Please download CKScanner and save it to your Desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  • Right click on the CKScanner.exe icon and select Run as administrator.
  • Click the Search For Files button.
  • When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  • Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  • Please copy/paste the contents of ckfiles.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Your decision about P2P software
  • report.txt
  • ckfiles.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: I think I am RATed

Unread postby The_Doctor » June 4th, 2016, 11:07 am

May I ask why you need my Windows license information?
The_Doctor
Active Member
 
Posts: 2
Joined: June 2nd, 2016, 2:05 pm

Re: I think I am RATed

Unread postby capnkrunch » June 4th, 2016, 1:40 pm

Because this site does not support the use of cracked software. Please post the requested logs.
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: I think I am RATed

Unread postby pgmigg » June 7th, 2016, 8:59 pm

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal OS or software
  • Cracked software
  • Illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW FRST logs :

  • FRST.txt.
  • Addition.txt.
  • Details of the problems you're experiencing.
  • Link to your closed topic.

Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3179
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware