==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 23:26 - 2014-09-10 23:26 - 00015105 _____ () C:\Users\sharon's\Downloads\FRST.txt 2014-09-10 23:25 - 2014-09-10 23:25 - 02105856 _____ (Farbar) C:\Users\sharon's\Downloads\FRST64.exe 2014-09-10 23:20 - 2014-09-10 23:20 - 00022039 _____ () C:\Users\sharon's\Documents\Addition.txt 2014-09-10 23:17 - 2014-09-10 23:26 - 00000000 ____D () C:\FRST 2014-09-10 20:37 - 2014-09-10 20:41 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate 2014-09-10 20:37 - 2014-09-10 20:37 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-09-10 20:37 - 2014-09-10 20:37 - 00000000 ____D () C:\Users\sharon's\AppData\Local\SlimWare Utilities Inc 2014-09-10 20:37 - 2014-09-10 20:37 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-09-10 16:43 - 2014-09-10 19:45 - 00000280 _____ () C:\Windows\setupact.log 2014-09-10 16:43 - 2014-09-10 16:43 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-10 16:42 - 2014-09-10 16:42 - 00000828 _____ () C:\Windows\PFRO.log 2014-09-10 16:15 - 2014-09-10 16:15 - 00329306 _____ () C:\Users\sharon's\Documents\cc_20140910_161501.reg 2014-09-10 15:57 - 2014-09-10 15:57 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-09-10 15:57 - 2014-09-10 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-09-10 15:57 - 2014-09-10 15:57 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-10 00:12 - 2014-09-10 00:12 - 00000000 _____ () C:\Windows\SysWOW64\shoB56B.tmp 2014-09-09 16:59 - 2014-09-09 16:59 - 00000000 _____ () C:\Windows\SysWOW64\sho6D25.tmp 2014-09-09 16:54 - 2014-09-09 16:54 - 00000000 ____D () C:\Users\sharon's\AppData\Roaming\ParetoLogic 2014-09-09 16:54 - 2014-09-09 16:54 - 00000000 ____D () C:\Users\sharon's\AppData\Roaming\DriverCure 2014-09-09 16:40 - 2014-09-09 17:07 - 00000000 ____D () C:\ProgramData\ParetoLogic 2014-09-09 11:41 - 2014-09-09 11:41 - 00000000 ____D () C:\Users\sharon's\AppData\Local\Deployment 2014-09-09 11:41 - 2014-09-09 11:41 - 00000000 ____D () C:\Users\sharon's\AppData\Local\Apps\2.0 2014-09-07 20:10 - 2014-09-07 20:10 - 04874632 _____ (LionSea Software co., ltd ) C:\Users\sharon's\Downloads\setup.exe 2014-09-07 18:06 - 2014-09-07 18:06 - 00000000 ____D () C:\Windows\pss 2014-09-07 17:54 - 2014-09-07 17:54 - 00000000 __SHD () C:\found.016 2014-09-07 17:10 - 2014-09-10 19:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-07 17:10 - 2014-09-07 17:10 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-07 17:10 - 2014-09-07 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-07 17:10 - 2014-09-07 17:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-07 17:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-07 17:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-07 17:10 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-07 16:53 - 2014-09-10 16:40 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-09-07 16:53 - 2014-09-10 16:40 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-09-07 16:53 - 2014-09-10 16:40 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-09-07 16:53 - 2014-09-10 16:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-09-07 15:37 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-09-07 15:36 - 2014-09-07 15:36 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-09-07 15:36 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-09-07 15:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-09-07 15:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-09-03 17:14 - 2014-09-03 17:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-01 18:59 - 2014-09-01 18:59 - 00000000 __SHD () C:\found.015 2014-08-31 20:10 - 2014-08-31 20:10 - 00000000 ____D () C:\Users\sharon's\AppData\Roaming\Macrovision ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 23:26 - 2014-09-10 23:26 - 00015105 _____ () C:\Users\sharon's\Downloads\FRST.txt 2014-09-10 23:26 - 2014-09-10 23:17 - 00000000 ____D () C:\FRST 2014-09-10 23:25 - 2014-09-10 23:25 - 02105856 _____ (Farbar) C:\Users\sharon's\Downloads\FRST64.exe 2014-09-10 23:20 - 2014-09-10 23:20 - 00022039 _____ () C:\Users\sharon's\Documents\Addition.txt 2014-09-10 23:00 - 2010-10-24 02:43 - 01572587 _____ () C:\Windows\WindowsUpdate.log 2014-09-10 20:41 - 2014-09-10 20:37 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate 2014-09-10 20:37 - 2014-09-10 20:37 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-09-10 20:37 - 2014-09-10 20:37 - 00000000 ____D () C:\Users\sharon's\AppData\Local\SlimWare Utilities Inc 2014-09-10 20:37 - 2014-09-10 20:37 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-09-10 19:54 - 2009-07-14 01:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-10 19:54 - 2009-07-14 01:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-10 19:48 - 2014-09-07 17:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-10 19:46 - 2013-06-06 11:13 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-09-10 19:45 - 2014-09-10 16:43 - 00000280 _____ () C:\Windows\setupact.log 2014-09-10 19:45 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-10 16:43 - 2014-09-10 16:43 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-10 16:42 - 2014-09-10 16:42 - 00000828 _____ () C:\Windows\PFRO.log 2014-09-10 16:40 - 2014-09-07 16:53 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-09-10 16:40 - 2014-09-07 16:53 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-09-10 16:40 - 2014-09-07 16:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-09-10 16:40 - 2014-09-07 16:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-09-10 16:38 - 2010-10-24 03:33 - 00000000 ____D () C:\ProgramData\WildTangent 2014-09-10 16:38 - 2009-07-14 02:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-09-10 16:15 - 2014-09-10 16:15 - 00329306 _____ () C:\Users\sharon's\Documents\cc_20140910_161501.reg 2014-09-10 16:11 - 2012-11-22 13:46 - 00000000 ____D () C:\Windows\Minidump 2014-09-10 16:11 - 2009-04-28 13:27 - 00000000 ____D () C:\Windows\Panther 2014-09-10 15:57 - 2014-09-10 15:57 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-09-10 15:57 - 2014-09-10 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-09-10 15:57 - 2014-09-10 15:57 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-10 00:12 - 2014-09-10 00:12 - 00000000 _____ () C:\Windows\SysWOW64\shoB56B.tmp 2014-09-09 22:08 - 2009-07-14 02:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-09 21:26 - 2012-09-14 21:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-09 19:55 - 2013-04-25 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-09-09 19:55 - 2009-07-14 02:13 - 00006450 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-09 17:07 - 2014-09-09 16:40 - 00000000 ____D () C:\ProgramData\ParetoLogic 2014-09-09 16:59 - 2014-09-09 16:59 - 00000000 _____ () C:\Windows\SysWOW64\sho6D25.tmp 2014-09-09 16:54 - 2014-09-09 16:54 - 00000000 ____D () C:\Users\sharon's\AppData\Roaming\ParetoLogic 2014-09-09 16:54 - 2014-09-09 16:54 - 00000000 ____D () C:\Users\sharon's\AppData\Roaming\DriverCure 2014-09-09 12:57 - 2012-09-14 21:46 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-09 12:56 - 2012-09-21 09:09 - 00000000 ____D () C:\Users\sharon's\AppData\Roaming\Skype 2014-09-09 12:56 - 2010-10-24 03:46 - 00000000 ____D () C:\ProgramData\Skype 2014-09-09 11:42 - 2012-09-14 21:46 - 00000000 ____D () C:\Users\sharon's\AppData\Local\Google 2014-09-09 11:41 - 2014-09-09 11:41 - 00000000 ____D () C:\Users\sharon's\AppData\Local\Deployment 2014-09-09 11:41 - 2014-09-09 11:41 - 00000000 ____D () C:\Users\sharon's\AppData\Local\Apps\2.0 2014-09-09 11:37 - 2010-10-24 03:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-09-09 11:34 - 2012-12-11 01:21 - 00000000 ____D () C:\Users\sharon's\Tracing 2014-09-07 20:32 - 2012-09-18 20:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-09-07 20:32 - 2012-09-18 20:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-09-07 20:10 - 2014-09-07 20:10 - 04874632 _____ (LionSea Software co., ltd ) C:\Users\sharon's\Downloads\setup.exe 2014-09-07 20:08 - 2012-09-18 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-09-07 18:06 - 2014-09-07 18:06 - 00000000 ____D () C:\Windows\pss 2014-09-07 17:59 - 2014-02-14 13:18 - 00000000 ____D () C:\ProgramData\SSaiverPro 2014-09-07 17:59 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\Cursors 2014-09-07 17:54 - 2014-09-07 17:54 - 00000000 __SHD () C:\found.016 2014-09-07 17:13 - 2014-01-30 21:13 - 00000000 ____D () C:\ProgramData\jmonjjpklephlpklfiicckefanpmjidk 2014-09-07 17:10 - 2014-09-07 17:10 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-07 17:10 - 2014-09-07 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-07 17:10 - 2014-09-07 17:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-07 16:53 - 2012-09-13 19:34 - 00000000 ____D () C:\ProgramData\MFAData 2014-09-07 16:52 - 2012-09-13 19:37 - 00000000 ___HD () C:\$AVG 2014-09-07 16:52 - 2012-09-13 19:37 - 00000000 ____D () C:\ProgramData\AVG2013 2014-09-07 15:37 - 2013-10-21 20:23 - 00000000 ____D () C:\ProgramData\Oracle 2014-09-07 15:36 - 2014-09-07 15:36 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-09-07 15:36 - 2013-06-25 11:27 - 00000000 ____D () C:\Program Files (x86)\Java 2014-09-07 13:42 - 2012-09-13 20:58 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-03 20:37 - 2012-09-18 20:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-03 17:14 - 2014-09-03 17:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-01 18:59 - 2014-09-01 18:59 - 00000000 __SHD () C:\found.015 2014-08-31 20:10 - 2014-08-31 20:10 - 00000000 ____D () C:\Users\sharon's\AppData\Roaming\Macrovision 2014-08-25 18:02 - 2012-09-13 19:37 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search 2014-08-14 13:32 - 2012-09-13 19:37 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys Files to move or delete: ==================== C:\Users\sharon's\jagex_cl_loginapplet_LIVE.dat C:\Users\sharon's\jagex_cl_runescape_LIVE.dat C:\Users\sharon's\jagex_cl_runescape_LIVE1.dat C:\Users\sharon's\random.dat Some content of TEMP: ==================== C:\Users\sharon's\AppData\Local\Temp\UNINSTALL.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-07 14:30 ==================== End Of Log ============================