Jump to content

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 01

Ran by Joseph (administrator) on GOONIE on 16-01-2014 09:44:15

Running from C:\Users\Joseph\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Bison Inc.) C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

() C:\Program Files (x86)\Hotkey\Hotkey.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Farbar) C:\Users\Joseph\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)

HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [25600 2010-09-14] (Creative Technology Ltd.)

HKLM\...\Run: [DeLay] - C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe [53248 2008-12-05] (Bison Inc.)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [intelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)

HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)

HKLM-x32\...\Run: [CLMLServer] - c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)

HKLM-x32\...\Run: [RemoteControl10] - c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)

HKLM-x32\...\Run: [bDRegion] - c:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-11] (cyberlink)

HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

MountPoints2: {d8c405f9-719f-11e2-8e72-0090f5ccfbc0} - F:\Install.exe

AppInit_DLLs: C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE7B0BA2FD3FDCE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=024a3010-719f-11e2-8454-0090f5ccfbc0&q={searchTerms}

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65

 

Chrome: 

=======


CHR Extension: (Google Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1 [2014-01-15]

 

==================== Services (Whitelisted) =================

 

S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-12] (CyberLink)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)

R2 nvsvc; C:\Windows\SysWOW64\nvvsvc.exe [0 2014-01-02] ()

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-04-24] ()

R2 PowerBiosServer; c:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2011-02-18] ()

R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-01-02] ()

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

S3 SaiU0CFA; C:\Windows\System32\DRIVERS\SaiU0CFA.sys [41352 2010-07-21] (Saitek)

S3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)

S3 GPU-Z; \??\C:\Users\Joseph\AppData\Local\Temp\GPU-Z.sys [x]

S3 WinRing0_1_2_0; \??\C:\Users\Joseph\Downloads\RealTemp_370\WinRing0x64.sys [x]

S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-15 15:16 - 2013-12-20 14:49 - 00098304 _____ C:\Windows\Lavish.dll

2014-01-15 15:01 - 2014-01-15 15:01 - 00000634 _____ C:\Users\Joseph\Desktop\JRT.txt

2014-01-15 14:51 - 2014-01-15 14:51 - 00001851 _____ C:\Users\Joseph\Desktop\RKreport[0]_D_01152014_145135.txt

2014-01-15 14:51 - 2014-01-15 14:51 - 00001815 _____ C:\Users\Joseph\Desktop\RKreport[0]_S_01152014_145133.txt

2014-01-15 14:48 - 2014-01-15 13:44 - 00000723 _____ C:\Users\Joseph\Desktop\fixlist.txt

2014-01-15 14:47 - 2014-01-15 14:47 - 00002334 _____ C:\Users\Joseph\Desktop\RKreport[0]_D_01152014_144723.txt

2014-01-15 14:46 - 2014-01-15 14:46 - 00002264 _____ C:\Users\Joseph\Desktop\RKreport[0]_S_01152014_144656.txt

2014-01-15 13:47 - 2014-01-15 13:48 - 01037068 _____ (Thisisu) C:\Users\Joseph\Downloads\JRT (2).exe

2014-01-15 13:47 - 2014-01-15 13:47 - 00048362 _____ C:\Users\Joseph\Desktop\FRST.txt

2014-01-15 13:44 - 2014-01-15 13:44 - 00000723 _____ C:\Users\Joseph\Downloads\fixlist (1).txt

2014-01-15 13:25 - 2014-01-15 13:25 - 02076160 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64 (1).exe

2014-01-15 12:48 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-01-15 12:48 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-01-15 12:48 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-01-15 12:48 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-01-15 12:48 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-01-15 12:48 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-01-15 12:48 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-01-15 12:48 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-01-15 12:48 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-01-15 02:19 - 2014-01-15 02:19 - 00000000 ____D C:\Windows\SysWOW64\NV

2014-01-15 02:19 - 2014-01-15 02:19 - 00000000 ____D C:\Windows\system32\NV

2014-01-15 02:18 - 2013-12-19 12:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-01-15 02:18 - 2013-12-19 12:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys

2014-01-14 19:25 - 2014-01-14 19:25 - 00002098 _____ C:\Users\Joseph\Desktop\RKreport[0]_S_01142014_192512.txt

2014-01-14 19:23 - 2014-01-14 19:23 - 04406272 _____ C:\Users\Joseph\Downloads\RogueKillerX64 (4).exe

2014-01-14 18:14 - 2014-01-14 18:14 - 00020545 _____ C:\Users\Joseph\Downloads\dds.txt

2014-01-14 18:13 - 2014-01-14 18:13 - 00007436 _____ C:\Users\Joseph\Downloads\attach.txt

2014-01-14 18:13 - 2014-01-14 18:13 - 00007436 _____ C:\Users\Joseph\Downloads\attach (1).txt

2014-01-14 18:06 - 2014-01-14 18:06 - 00688992 ____R (Swearware) C:\Users\Joseph\Downloads\dds.scr

2014-01-14 18:06 - 2014-01-14 18:06 - 00020545 _____ C:\Users\Joseph\Desktop\dds.txt

2014-01-14 18:06 - 2014-01-14 18:06 - 00007436 _____ C:\Users\Joseph\Desktop\attach.txt

2014-01-14 17:39 - 2014-01-14 17:40 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Joseph\Downloads\tdsskiller.exe

2014-01-14 17:37 - 2014-01-14 17:37 - 00002416 _____ C:\Users\Joseph\Desktop\RKreport[0]_S_01142014_173740.txt

2014-01-14 17:32 - 2014-01-15 14:47 - 00000000 ____D C:\Users\Joseph\Desktop\RK_Quarantine

2014-01-14 16:48 - 2014-01-14 16:48 - 01236282 _____ C:\Users\Joseph\Downloads\AdwCleaner (1).exe

2014-01-14 16:30 - 2014-01-14 16:30 - 00000000 ____D C:\_OTL

2014-01-14 16:24 - 2014-01-14 16:29 - 00112996 _____ C:\Users\Joseph\Downloads\OTL.Txt

2014-01-14 16:24 - 2014-01-14 16:24 - 00104140 _____ C:\Users\Joseph\Downloads\Extras.Txt

2014-01-14 16:21 - 2014-01-14 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Joseph\Downloads\OTL.exe

2014-01-14 16:15 - 2014-01-14 16:15 - 01037068 _____ (Thisisu) C:\Users\Joseph\Downloads\JRT (1).exe

2014-01-14 16:14 - 2014-01-16 09:44 - 00011708 _____ C:\Users\Joseph\Downloads\FRST.txt

2014-01-14 16:14 - 2014-01-14 16:15 - 00024687 _____ C:\Users\Joseph\Downloads\Addition.txt

2014-01-14 16:14 - 2014-01-14 16:14 - 02076160 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64.exe

2014-01-14 16:14 - 2014-01-14 16:14 - 00000000 ____D C:\FRST

2014-01-14 15:23 - 2014-01-14 15:23 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Malwarebytes

2014-01-14 15:22 - 2014-01-14 15:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joseph\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-14 15:22 - 2014-01-14 15:22 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-14 15:22 - 2014-01-14 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-14 15:22 - 2014-01-14 15:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-14 15:22 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-01-14 15:17 - 2014-01-15 16:36 - 00000000 ____D C:\AdwCleaner

2014-01-14 15:17 - 2014-01-14 15:17 - 00000000 ____D C:\Windows\ERUNT

2014-01-14 15:16 - 2014-01-14 15:16 - 01236282 _____ C:\Users\Joseph\Downloads\AdwCleaner.exe

2014-01-14 15:16 - 2014-01-14 15:16 - 01037068 _____ (Thisisu) C:\Users\Joseph\Desktop\JRT.exe

2014-01-14 13:06 - 2014-01-14 13:06 - 00001175 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk

2014-01-09 11:24 - 2014-01-14 16:09 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3

2014-01-05 10:09 - 2014-01-05 10:09 - 00062927 _____ C:\Users\Joseph\Downloads\Loot Settings.ini

2014-01-04 12:21 - 2014-01-04 12:21 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Oracle

2014-01-04 12:18 - 2014-01-04 12:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-01-04 12:18 - 2014-01-04 12:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-01-04 12:18 - 2014-01-04 12:18 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-01-04 12:18 - 2014-01-04 12:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-01-04 12:18 - 2014-01-04 12:18 - 00000000 ____D C:\Program Files (x86)\Java

2014-01-04 12:16 - 2014-01-04 12:16 - 00915368 _____ (Oracle Corporation) C:\Users\Joseph\Downloads\chromeinstall-7u45 (3).exe

2014-01-04 12:15 - 2014-01-04 12:15 - 00915368 _____ (Oracle Corporation) C:\Users\Joseph\Downloads\chromeinstall-7u45 (2).exe

2014-01-04 12:12 - 2014-01-04 12:12 - 00000000 ____D C:\Program Files (x86)\SaveraExTensioun

2014-01-04 06:26 - 2014-01-04 06:26 - 00000015 _____ C:\Users\Joseph\Desktop\Graphics reset.txt

2014-01-04 04:43 - 2014-01-04 04:43 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2014-01-04 04:43 - 2014-01-04 04:43 - 00000000 ____D C:\Program Files (x86)\TechSmith

2014-01-04 04:43 - 2014-01-04 04:43 - 00000000 ____D C:\Program Files (x86)\QuickTime

2014-01-04 04:41 - 2014-01-04 04:41 - 255479656 _____ C:\Users\Joseph\Downloads\camtasia.exe

2014-01-02 20:54 - 2014-01-02 20:54 - 00737017 _____ C:\Users\Joseph\AppData\Local\census.cache

2014-01-02 20:54 - 2014-01-02 20:54 - 00082115 _____ C:\Users\Joseph\AppData\Local\ars.cache

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\WUDFHost.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\winlogon.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\taskhost.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\spoolsv.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\smss.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\services.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\nvvsvc.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\lsm.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\lsass.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\igfxpers.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\hkcmd.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\dwm.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\csrss.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\conhost.exe

2014-01-02 20:35 - 2014-01-02 20:35 - 02049128 _____ (Trend Micro Inc.) C:\Users\Joseph\Downloads\HousecallLauncher.exe

2014-01-02 20:35 - 2014-01-02 20:35 - 00000036 _____ C:\Users\Joseph\AppData\Local\housecall.guid.cache

2013-12-30 15:00 - 2014-01-14 16:09 - 00000000 ____D C:\ProgramData\RoboSaver

2013-12-30 15:00 - 2014-01-05 02:26 - 00000000 ____D C:\ProgramData\SaveraExTensioun

2013-12-30 15:00 - 2014-01-04 12:12 - 00000000 ____D C:\ProgramData\97876a884d7d3416

2013-12-30 15:00 - 2013-12-30 15:00 - 00000000 ____D C:\ProgramData\nhkdjgiongcgfhedhbglbbhjbajkkkoo

2013-12-30 06:23 - 2014-01-01 04:56 - 00000000 ____D C:\ProgramData\Content Accelerator

2013-12-29 08:40 - 2013-12-29 08:40 - 00297280 _____ C:\Windows\Minidump\122913-19546-01.dmp

2013-12-25 21:40 - 2013-12-25 21:40 - 00000930 _____ C:\Users\Joseph\Desktop\EverQuest - Neenjapoke.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000922 _____ C:\Users\Joseph\Desktop\EverQuest - Bonkaroo.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000918 _____ C:\Users\Joseph\Desktop\EverQuest - Stubble.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000914 _____ C:\Users\Joseph\Desktop\EverQuest - Portly.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000910 _____ C:\Users\Joseph\Desktop\EverQuest - Pudgy.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000910 _____ C:\Users\Joseph\Desktop\EverQuest - Bonks.lnk

2013-12-25 21:39 - 2013-12-25 21:39 - 00000914 _____ C:\Users\Joseph\Desktop\EverQuest - Upshot.lnk

2013-12-20 16:48 - 2013-12-20 16:48 - 00001091 _____ C:\Users\Joseph\Downloads\PEQTGC-Stryd (1).ini

2013-12-20 16:38 - 2013-12-20 16:48 - 00000000 ____D C:\Users\Joseph\Desktop\EQINIS

2013-12-20 16:38 - 2013-12-20 16:38 - 00001821 _____ C:\Users\Joseph\Downloads\PEQTGC-Maddix.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00001513 _____ C:\Users\Joseph\Downloads\PEQTGC-Jazzem.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00001328 _____ C:\Users\Joseph\Downloads\PEQTGC-Khazad.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00000715 _____ C:\Users\Joseph\Downloads\PEQTGC-Rucus.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00000696 _____ C:\Users\Joseph\Downloads\PEQTGC-Striking.ini

2013-12-20 13:53 - 2013-12-20 13:53 - 00000000 ____D C:\Users\Joseph\AppData\Local\cache

2013-12-20 13:53 - 2013-12-20 13:53 - 00000000 ____D C:\Users\Joseph\.android

2013-12-20 13:53 - 2013-12-20 13:53 - 00000000 _____ C:\Users\Joseph\daemonprocess.txt

2013-12-20 13:52 - 2013-12-20 15:10 - 00000000 ____D C:\Program Files (x86)\WinEQ2

2013-12-20 13:52 - 2013-12-20 13:52 - 00000990 _____ C:\Users\Joseph\Desktop\WinEQ 2.0.lnk

2013-12-20 13:51 - 2013-12-20 13:51 - 00923784 _____ (CNET Download.com) C:\Users\Joseph\Downloads\cbsidlm-cbsi145-WinEQ-SEO-10526904.exe

2013-12-20 13:06 - 2013-12-20 13:06 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Mozilla

2013-12-20 11:59 - 2013-12-20 11:59 - 78936289 _____ C:\Users\Joseph\Downloads\UF_missing_files.rar

2013-12-20 11:58 - 2013-12-20 12:17 - 2161365751 _____ C:\Users\Joseph\Downloads\UF.zip

2013-12-19 16:48 - 2013-12-19 16:48 - 00153216 _____ (Amônétízé Ltd) C:\Users\Joseph\Downloads\everquest underfoot client__3515_i201775776_il11981137.exe

2013-12-19 16:47 - 2013-12-19 16:47 - 00327232 _____ C:\Users\Joseph\Downloads\EverQuest_Underfoot_Client.exe

2013-12-19 16:42 - 2013-12-19 16:42 - 00153216 _____ (Amônétízé Ltd) C:\Users\Joseph\Downloads\everquest underfoot client__3516_i201770421_il11980222.exe

2013-12-19 14:39 - 2013-12-19 14:39 - 00000663 _____ C:\Users\Joseph\Desktop\eqbcs - Shortcut.lnk

2013-12-19 14:37 - 2013-12-19 14:37 - 00001128 _____ C:\Users\Joseph\Desktop\MacroQuest2 - Shortcut.lnk

2013-12-19 14:29 - 2013-12-19 14:29 - 00154357 _____ C:\Users\Joseph\Downloads\e3 v5.1.4.zip

2013-12-19 14:29 - 2013-12-19 14:29 - 00010078 _____ C:\Users\Joseph\Downloads\Hot Fixes (r4).zip

2013-12-19 14:28 - 2013-12-19 14:29 - 10430528 _____ C:\Users\Joseph\Downloads\Killians' MacroQuest2.zip

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\modules

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\js

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\images

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\html

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\css

2013-12-17 22:12 - 2013-12-05 00:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2013-12-17 22:12 - 2013-12-05 00:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

 

==================== One Month Modified Files and Folders =======

 

2014-01-16 09:44 - 2014-01-14 16:14 - 00011708 _____ C:\Users\Joseph\Downloads\FRST.txt

2014-01-16 09:43 - 2013-06-30 20:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-16 09:43 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-16 09:43 - 2009-07-13 20:51 - 00099422 _____ C:\Windows\setupact.log

2014-01-16 09:42 - 2009-07-13 20:45 - 00277608 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-16 01:20 - 2012-04-17 11:53 - 01713500 _____ C:\Windows\WindowsUpdate.log

2014-01-16 01:19 - 2013-08-14 02:00 - 00000000 ____D C:\Windows\system32\MRT

2014-01-16 01:19 - 2012-04-27 18:00 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-01-16 00:57 - 2013-06-30 20:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-16 00:48 - 2012-09-04 16:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-15 16:43 - 2009-07-13 20:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-15 16:43 - 2009-07-13 20:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-15 16:42 - 2009-07-13 21:13 - 00006450 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-15 16:36 - 2014-01-14 15:17 - 00000000 ____D C:\AdwCleaner

2014-01-15 15:01 - 2014-01-15 15:01 - 00000634 _____ C:\Users\Joseph\Desktop\JRT.txt

2014-01-15 14:51 - 2014-01-15 14:51 - 00001851 _____ C:\Users\Joseph\Desktop\RKreport[0]_D_01152014_145135.txt

2014-01-15 14:51 - 2014-01-15 14:51 - 00001815 _____ C:\Users\Joseph\Desktop\RKreport[0]_S_01152014_145133.txt

2014-01-15 14:47 - 2014-01-15 14:47 - 00002334 _____ C:\Users\Joseph\Desktop\RKreport[0]_D_01152014_144723.txt

2014-01-15 14:47 - 2014-01-14 17:32 - 00000000 ____D C:\Users\Joseph\Desktop\RK_Quarantine

2014-01-15 14:46 - 2014-01-15 14:46 - 00002264 _____ C:\Users\Joseph\Desktop\RKreport[0]_S_01152014_144656.txt

2014-01-15 13:58 - 2013-06-30 20:53 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2014-01-15 13:48 - 2014-01-15 13:47 - 01037068 _____ (Thisisu) C:\Users\Joseph\Downloads\JRT (2).exe

2014-01-15 13:48 - 2012-04-20 17:00 - 00000000 ____D C:\Users\Joseph

2014-01-15 13:47 - 2014-01-15 13:47 - 00048362 _____ C:\Users\Joseph\Desktop\FRST.txt

2014-01-15 13:44 - 2014-01-15 14:48 - 00000723 _____ C:\Users\Joseph\Desktop\fixlist.txt

2014-01-15 13:44 - 2014-01-15 13:44 - 00000723 _____ C:\Users\Joseph\Downloads\fixlist (1).txt

2014-01-15 13:25 - 2014-01-15 13:25 - 02076160 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64 (1).exe

2014-01-15 02:19 - 2014-01-15 02:19 - 00000000 ____D C:\Windows\SysWOW64\NV

2014-01-15 02:19 - 2014-01-15 02:19 - 00000000 ____D C:\Windows\system32\NV

2014-01-15 02:19 - 2012-04-17 11:50 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-14 19:25 - 2014-01-14 19:25 - 00002098 _____ C:\Users\Joseph\Desktop\RKreport[0]_S_01142014_192512.txt

2014-01-14 19:23 - 2014-01-14 19:23 - 04406272 _____ C:\Users\Joseph\Downloads\RogueKillerX64 (4).exe

2014-01-14 18:14 - 2014-01-14 18:14 - 00020545 _____ C:\Users\Joseph\Downloads\dds.txt

2014-01-14 18:13 - 2014-01-14 18:13 - 00007436 _____ C:\Users\Joseph\Downloads\attach.txt

2014-01-14 18:13 - 2014-01-14 18:13 - 00007436 _____ C:\Users\Joseph\Downloads\attach (1).txt

2014-01-14 18:06 - 2014-01-14 18:06 - 00688992 ____R (Swearware) C:\Users\Joseph\Downloads\dds.scr

2014-01-14 18:06 - 2014-01-14 18:06 - 00020545 _____ C:\Users\Joseph\Desktop\dds.txt

2014-01-14 18:06 - 2014-01-14 18:06 - 00007436 _____ C:\Users\Joseph\Desktop\attach.txt

2014-01-14 17:40 - 2014-01-14 17:39 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Joseph\Downloads\tdsskiller.exe

2014-01-14 17:37 - 2014-01-14 17:37 - 00002416 _____ C:\Users\Joseph\Desktop\RKreport[0]_S_01142014_173740.txt

2014-01-14 16:50 - 2012-04-17 12:14 - 00055520 _____ C:\Windows\PFRO.log

2014-01-14 16:48 - 2014-01-14 16:48 - 01236282 _____ C:\Users\Joseph\Downloads\AdwCleaner (1).exe

2014-01-14 16:30 - 2014-01-14 16:30 - 00000000 ____D C:\_OTL

2014-01-14 16:29 - 2014-01-14 16:24 - 00112996 _____ C:\Users\Joseph\Downloads\OTL.Txt

2014-01-14 16:24 - 2014-01-14 16:24 - 00104140 _____ C:\Users\Joseph\Downloads\Extras.Txt

2014-01-14 16:21 - 2014-01-14 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Joseph\Downloads\OTL.exe

2014-01-14 16:15 - 2014-01-14 16:15 - 01037068 _____ (Thisisu) C:\Users\Joseph\Downloads\JRT (1).exe

2014-01-14 16:15 - 2014-01-14 16:14 - 00024687 _____ C:\Users\Joseph\Downloads\Addition.txt

2014-01-14 16:14 - 2014-01-14 16:14 - 02076160 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64.exe

2014-01-14 16:14 - 2014-01-14 16:14 - 00000000 ____D C:\FRST

2014-01-14 16:09 - 2014-01-09 11:24 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3

2014-01-14 16:09 - 2013-12-30 15:00 - 00000000 ____D C:\ProgramData\RoboSaver

2014-01-14 16:09 - 2013-02-07 19:21 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\BitTorrent

2014-01-14 15:23 - 2014-01-14 15:23 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Malwarebytes

2014-01-14 15:22 - 2014-01-14 15:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joseph\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-14 15:22 - 2014-01-14 15:22 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-14 15:22 - 2014-01-14 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-14 15:22 - 2014-01-14 15:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-14 15:17 - 2014-01-14 15:17 - 00000000 ____D C:\Windows\ERUNT

2014-01-14 15:16 - 2014-01-14 15:16 - 01236282 _____ C:\Users\Joseph\Downloads\AdwCleaner.exe

2014-01-14 15:16 - 2014-01-14 15:16 - 01037068 _____ (Thisisu) C:\Users\Joseph\Desktop\JRT.exe

2014-01-14 15:08 - 2013-02-07 19:24 - 00000000 ____D C:\ProgramData\InstallMate

2014-01-14 15:04 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries

2014-01-14 13:06 - 2014-01-14 13:06 - 00001175 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk

2014-01-14 11:24 - 2012-11-23 13:47 - 00000000 ____D C:\Users\Joseph\AppData\Local\CrashDumps

2014-01-13 22:21 - 2013-07-16 19:32 - 00000000 ____D C:\Program Files\Google

2014-01-13 22:21 - 2013-06-30 20:53 - 00000000 ____D C:\Program Files (x86)\Google

2014-01-13 18:48 - 2012-04-20 17:12 - 00000000 ____D C:\Users\Joseph\AppData\Local\Google

2014-01-13 10:08 - 2013-11-02 13:01 - 00000000 ____D C:\ProgramData\BlueStacksSetup

2014-01-09 21:38 - 2013-02-09 13:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\SoftGrid Client

2014-01-07 11:31 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2014-01-05 10:09 - 2014-01-05 10:09 - 00062927 _____ C:\Users\Joseph\Downloads\Loot Settings.ini

2014-01-05 02:26 - 2013-12-30 15:00 - 00000000 ____D C:\ProgramData\SaveraExTensioun

2014-01-05 02:26 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2014-01-04 12:21 - 2014-01-04 12:21 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Oracle

2014-01-04 12:18 - 2014-01-04 12:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-01-04 12:18 - 2014-01-04 12:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-01-04 12:18 - 2014-01-04 12:18 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-01-04 12:18 - 2014-01-04 12:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-01-04 12:18 - 2014-01-04 12:18 - 00000000 ____D C:\Program Files (x86)\Java

2014-01-04 12:18 - 2013-10-22 14:41 - 00000000 ____D C:\ProgramData\Oracle

2014-01-04 12:16 - 2014-01-04 12:16 - 00915368 _____ (Oracle Corporation) C:\Users\Joseph\Downloads\chromeinstall-7u45 (3).exe

2014-01-04 12:15 - 2014-01-04 12:15 - 00915368 _____ (Oracle Corporation) C:\Users\Joseph\Downloads\chromeinstall-7u45 (2).exe

2014-01-04 12:12 - 2014-01-04 12:12 - 00000000 ____D C:\Program Files (x86)\SaveraExTensioun

2014-01-04 12:12 - 2013-12-30 15:00 - 00000000 ____D C:\ProgramData\97876a884d7d3416

2014-01-04 07:34 - 2013-02-05 23:45 - 00000000 ____D C:\Users\Joseph\Documents\Camtasia Studio

2014-01-04 07:32 - 2013-02-05 23:55 - 00000000 ____D C:\Test

2014-01-04 06:26 - 2014-01-04 06:26 - 00000015 _____ C:\Users\Joseph\Desktop\Graphics reset.txt

2014-01-04 04:43 - 2014-01-04 04:43 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2014-01-04 04:43 - 2014-01-04 04:43 - 00000000 ____D C:\Program Files (x86)\TechSmith

2014-01-04 04:43 - 2014-01-04 04:43 - 00000000 ____D C:\Program Files (x86)\QuickTime

2014-01-04 04:43 - 2013-04-12 19:35 - 00000000 ____D C:\ProgramData\TechSmith

2014-01-04 04:41 - 2014-01-04 04:41 - 255479656 _____ C:\Users\Joseph\Downloads\camtasia.exe

2014-01-04 03:49 - 2013-07-16 19:32 - 00000000 ____D C:\Users\Joseph\AppData\Local\Adobe

2014-01-04 03:48 - 2012-09-04 16:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-01-04 03:48 - 2012-09-04 16:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-04 03:48 - 2012-09-04 16:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-01-02 20:54 - 2014-01-02 20:54 - 00737017 _____ C:\Users\Joseph\AppData\Local\census.cache

2014-01-02 20:54 - 2014-01-02 20:54 - 00082115 _____ C:\Users\Joseph\AppData\Local\ars.cache

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\WUDFHost.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\winlogon.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\taskhost.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\spoolsv.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\smss.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\services.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\nvvsvc.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\lsm.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\lsass.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\igfxpers.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\hkcmd.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\dwm.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\csrss.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\conhost.exe

2014-01-02 20:35 - 2014-01-02 20:35 - 02049128 _____ (Trend Micro Inc.) C:\Users\Joseph\Downloads\HousecallLauncher.exe

2014-01-02 20:35 - 2014-01-02 20:35 - 00000036 _____ C:\Users\Joseph\AppData\Local\housecall.guid.cache

2014-01-01 04:56 - 2013-12-30 06:23 - 00000000 ____D C:\ProgramData\Content Accelerator

2013-12-31 01:26 - 2013-11-24 03:00 - 00000000 ____D C:\Users\Joseph\Desktop\MonteSticks

2013-12-30 15:00 - 2013-12-30 15:00 - 00000000 ____D C:\ProgramData\nhkdjgiongcgfhedhbglbbhjbajkkkoo

2013-12-29 08:40 - 2013-12-29 08:40 - 00297280 _____ C:\Windows\Minidump\122913-19546-01.dmp

2013-12-29 08:40 - 2012-05-29 17:06 - 719287023 _____ C:\Windows\MEMORY.DMP

2013-12-29 08:40 - 2012-05-29 17:06 - 00000000 ____D C:\Windows\Minidump

2013-12-25 21:40 - 2013-12-25 21:40 - 00000930 _____ C:\Users\Joseph\Desktop\EverQuest - Neenjapoke.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000922 _____ C:\Users\Joseph\Desktop\EverQuest - Bonkaroo.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000918 _____ C:\Users\Joseph\Desktop\EverQuest - Stubble.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000914 _____ C:\Users\Joseph\Desktop\EverQuest - Portly.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000910 _____ C:\Users\Joseph\Desktop\EverQuest - Pudgy.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000910 _____ C:\Users\Joseph\Desktop\EverQuest - Bonks.lnk

2013-12-25 21:39 - 2013-12-25 21:39 - 00000914 _____ C:\Users\Joseph\Desktop\EverQuest - Upshot.lnk

2013-12-21 10:16 - 2013-11-17 16:40 - 00000000 ____D C:\Users\Joseph\Desktop\Wut

2013-12-20 20:38 - 2012-10-15 18:34 - 00000000 ____D C:\Users\Joseph\AppData\Local\PMB Files

2013-12-20 20:38 - 2012-10-15 18:34 - 00000000 ____D C:\ProgramData\PMB Files

2013-12-20 16:48 - 2013-12-20 16:48 - 00001091 _____ C:\Users\Joseph\Downloads\PEQTGC-Stryd (1).ini

2013-12-20 16:48 - 2013-12-20 16:38 - 00000000 ____D C:\Users\Joseph\Desktop\EQINIS

2013-12-20 16:38 - 2013-12-20 16:38 - 00001821 _____ C:\Users\Joseph\Downloads\PEQTGC-Maddix.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00001513 _____ C:\Users\Joseph\Downloads\PEQTGC-Jazzem.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00001328 _____ C:\Users\Joseph\Downloads\PEQTGC-Khazad.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00000715 _____ C:\Users\Joseph\Downloads\PEQTGC-Rucus.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00000696 _____ C:\Users\Joseph\Downloads\PEQTGC-Striking.ini

2013-12-20 15:10 - 2013-12-20 13:52 - 00000000 ____D C:\Program Files (x86)\WinEQ2

2013-12-20 14:49 - 2014-01-15 15:16 - 00098304 _____ C:\Windows\Lavish.dll

2013-12-20 14:17 - 2013-03-24 21:13 - 00000000 ____D C:\ProgramData\HappyCloud

2013-12-20 13:53 - 2013-12-20 13:53 - 00000000 ____D C:\Users\Joseph\AppData\Local\cache

2013-12-20 13:53 - 2013-12-20 13:53 - 00000000 ____D C:\Users\Joseph\.android

2013-12-20 13:53 - 2013-12-20 13:53 - 00000000 _____ C:\Users\Joseph\daemonprocess.txt

2013-12-20 13:52 - 2013-12-20 13:52 - 00000990 _____ C:\Users\Joseph\Desktop\WinEQ 2.0.lnk

2013-12-20 13:51 - 2013-12-20 13:51 - 00923784 _____ (CNET Download.com) C:\Users\Joseph\Downloads\cbsidlm-cbsi145-WinEQ-SEO-10526904.exe

2013-12-20 13:06 - 2013-12-20 13:06 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Mozilla

2013-12-20 12:17 - 2013-12-20 11:58 - 2161365751 _____ C:\Users\Joseph\Downloads\UF.zip

2013-12-20 11:59 - 2013-12-20 11:59 - 78936289 _____ C:\Users\Joseph\Downloads\UF_missing_files.rar

2013-12-19 21:21 - 2012-04-24 19:35 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2013-12-19 21:20 - 2012-05-01 22:38 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Wondershare

2013-12-19 18:17 - 2012-05-03 17:16 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Skype

2013-12-19 16:48 - 2013-12-19 16:48 - 00153216 _____ (Amônétízé Ltd) C:\Users\Joseph\Downloads\everquest underfoot client__3515_i201775776_il11981137.exe

2013-12-19 16:47 - 2013-12-19 16:47 - 00327232 _____ C:\Users\Joseph\Downloads\EverQuest_Underfoot_Client.exe

2013-12-19 16:42 - 2013-12-19 16:42 - 00153216 _____ (Amônétízé Ltd) C:\Users\Joseph\Downloads\everquest underfoot client__3516_i201770421_il11980222.exe

2013-12-19 14:39 - 2013-12-19 14:39 - 00000663 _____ C:\Users\Joseph\Desktop\eqbcs - Shortcut.lnk

2013-12-19 14:37 - 2013-12-19 14:37 - 00001128 _____ C:\Users\Joseph\Desktop\MacroQuest2 - Shortcut.lnk

2013-12-19 14:29 - 2013-12-19 14:29 - 00154357 _____ C:\Users\Joseph\Downloads\e3 v5.1.4.zip

2013-12-19 14:29 - 2013-12-19 14:29 - 00010078 _____ C:\Users\Joseph\Downloads\Hot Fixes (r4).zip

2013-12-19 14:29 - 2013-12-19 14:28 - 10430528 _____ C:\Users\Joseph\Downloads\Killians' MacroQuest2.zip

2013-12-19 12:33 - 2014-01-15 02:18 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2013-12-19 12:33 - 2014-01-15 02:18 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys

2013-12-19 12:33 - 2013-05-06 16:35 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2013-12-19 12:33 - 2012-05-20 12:10 - 00023754 _____ C:\Windows\system32\nvinfo.pb

2013-12-19 12:33 - 2012-02-03 20:59 - 03071656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2013-12-19 12:33 - 2012-02-03 20:59 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 06671648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 01065248 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2013-12-19 10:53 - 2012-10-03 19:57 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2013-12-18 21:01 - 2012-10-03 19:57 - 03539040 _____ C:\Windows\system32\nvcoproc.bin

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\modules

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\js

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\images

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\html

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\css

2013-12-18 00:29 - 2013-02-08 10:59 - 00001083 _____ C:\Users\Joseph\Desktop\AIM.lnk

2013-12-17 22:13 - 2013-10-22 15:21 - 00000000 ____D C:\Users\Joseph\AppData\Local\NVIDIA

2013-12-17 22:12 - 2013-11-12 14:06 - 00000000 ____D C:\Users\Joseph\AppData\Local\NVIDIA Corporation

2013-12-17 22:12 - 2012-10-03 19:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2013-12-17 22:12 - 2012-04-17 11:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2013-12-17 22:12 - 2012-04-17 11:50 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

 

Some content of TEMP:

====================

C:\Users\Joseph\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Joseph\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-01-11 00:24

 

==================== End Of Log ============================

Link to post
Share on other sites

It appears to be gone: (only this one showing)

Chrome: 

=======

 

CHR Extension: (Google Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1 [2014-01-15]

Are you having any problems??

MrC

Link to post
Share on other sites

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :regfindlipgolpfajiadodbcbljdpmbmbdmfcil:filefindlipgolpfajiadodbcbljdpmbmbdmfcil
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 14:32 on 17/01/2014 by Joseph

Administrator - Elevation successful

 

========== regfind ==========

 

Searching for "lipgolpfajiadodbcbljdpmbmbdmfcil"

No data found.

 

========== filefind ==========

 

Searching for "lipgolpfajiadodbcbljdpmbmbdmfcil"

No files found.

 

-= EOF =-

Link to post
Share on other sites

OK..Got it.

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.79  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 45  

 Java version out of Date! 

 Adobe Flash Player 11.9.900.170  

 Google Chrome 31.0.1650.63  

 Google Chrome 32.0.1700.76  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 44% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 45 <---please update, should be Update 51

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.