Jump to content

Possible adware / malware infection


Eri
 Share

Recommended Posts

About an hour ago at this point I got a random tab pop-up in my firefox browser. the pop-up was to a site named lpmxp2020 . com saying that firefox was out of date, obviously I did not trust it and checked. Firefox was not out of date so I did some research and it looks to be a new malware or something of the sort.  I already ran Malwarebytes and it came up with nothing.  Ever since I closed out of the tab I have not gotten another one since.

Any ideas on how to get it out of my system?

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run Malwarebytes and post log, instructions follow. Use instructions relevant to the version you have installed:

 

Malwarebytes ver: 1.75 "Quick scan"

 

Run Malwarebytes,  Open: Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

 

Please Update and run a Quick scan

 

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

 

Open Malwarebytes 2.0, run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin...

Link to post
Share on other sites

  Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 7/15/2014
Scan Time: 12:54:34
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.15.09
Rootkit Database: v2014.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 278338
Time Elapsed: 13 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Conduit.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV=",), Replaced,[b025128db2c959dd1f3db819bd47f907]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
here is the AdwCleaner log




# AdwCleaner v3.215 - Report created 15/07/2014 at 12:48:14
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\DeviceVM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
Deleted [search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=naruto&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [942 octets] - [23/03/2014 20:33:41]
AdwCleaner[R1].txt - [1117 octets] - [15/07/2014 12:46:33]
AdwCleaner[s0].txt - [1008 octets] - [23/03/2014 20:35:58]
AdwCleaner[s1].txt - [1508 octets] - [15/07/2014 12:48:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1568 octets] ##########





Here is JRT




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by John on Tue 07/15/2014 at 13:12:10.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/15/2014 at 13:19:56.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





 

and finally Farbar




 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014
Ran by John (administrator) on JOHN-PC on 15-07-2014 13:21:10
Running from C:\Users\John\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Curse) C:\Users\John\AppData\Local\Apps\2.0\GYGCPO5Z.910\40AN6Q20.PJA\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Turbo Key\TurboKey.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2763776 2009-10-27] (VIA)
HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [2627728 2012-09-24] (Bradford Networks)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-15] (Microsoft Corporation)
HKU\S-1-5-21-2551759079-2592656266-3710109343-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2551759079-2592656266-3710109343-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-06-24] (Raptr, Inc)
HKU\S-1-5-21-2551759079-2592656266-3710109343-1000\...\Run: [MxDock] => C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe
HKU\S-1-5-21-2551759079-2592656266-3710109343-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-2551759079-2592656266-3710109343-1000\...\MountPoints2: {7c1a8b65-9455-11e3-a497-806e6f6e6963} - D:\Bin\assetup.exe
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnk
ShortcutTarget: Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x69E59CB44C28CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 24.247.15.53 66.189.0.100 24.217.0.5
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV=
CHR Extension: (BetterTTV) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-07-15]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-15]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-15]
CHR Extension: (CIRC) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebigdkelppomhhjaaianniiifjbgocn [2014-07-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-15]
CHR Extension: (4chan X) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cellaaeoekimmemgdheibaibbaoeefbl [2014-07-15]
CHR Extension: (Adblock Plus) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-15]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-15]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2014-07-15]
CHR Extension: (FrankerFaceZ) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2014-07-15]
CHR Extension: (Stylish) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-07-15]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2014-07-15]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-12]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2014-07-15]
CHR Extension: (Audio Converter) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipga [2014-07-15]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-15]
CHR Extension: (Luna Theme ) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmhihobegibbfdeogahppfhmbfmbjann [2014-07-15]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3082384 2012-09-24] (Bradford Networks)
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-10] (Windows ® Codename Longhorn DDK provider)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-15 13:21 - 2014-07-15 13:21 - 00014950 _____ () C:\Users\John\Desktop\FRST.txt
2014-07-15 13:21 - 2014-07-15 13:21 - 00000000 ____D () C:\FRST
2014-07-15 13:19 - 2014-07-15 13:19 - 00000628 _____ () C:\Users\John\Desktop\JRT.txt
2014-07-15 13:11 - 2014-07-15 13:11 - 00001648 _____ () C:\Users\John\Desktop\AdwCleaner[s1].txt
2014-07-15 13:10 - 2014-07-15 13:10 - 00001384 _____ () C:\Users\John\Desktop\MBAM.txt
2014-07-15 12:55 - 2014-07-15 12:55 - 02086912 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-07-15 12:55 - 2014-07-15 12:55 - 01016261 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe
2014-07-15 12:45 - 2014-07-15 12:45 - 01348263 _____ () C:\Users\John\Desktop\AdwCleaner.exe
2014-07-15 03:58 - 2014-07-15 03:58 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieUserList
2014-07-15 03:58 - 2014-07-15 03:58 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieSiteList
2014-07-15 03:48 - 2014-07-15 03:48 - 00890744 _____ (AMD) C:\Users\John\Downloads\amddriverdownloader.exe
2014-07-15 03:46 - 2014-07-15 03:47 - 104304693 _____ () C:\Users\John\Downloads\AMD_Chipset_V51010008_V13049_XP_Vista_Win7.zip
2014-07-15 01:15 - 2014-07-15 01:15 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-15 01:15 - 2014-07-15 01:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-15 01:15 - 2014-07-15 01:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-15 01:15 - 2014-07-15 01:15 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-15 01:15 - 2014-07-15 01:15 - 00000000 ____D () C:\Program Files\Java
2014-07-15 01:13 - 2014-07-15 01:14 - 30984104 _____ (Oracle Corporation) C:\Users\John\Downloads\jre-7u60-windows-x64.exe
2014-07-14 23:15 - 2014-07-14 23:15 - 00275624 _____ () C:\Windows\Minidump\071414-23790-01.dmp
2014-07-14 01:19 - 2014-07-14 01:19 - 00275624 _____ () C:\Windows\Minidump\071414-26863-01.dmp
2014-07-13 01:59 - 2014-07-13 02:00 - 00001098 _____ () C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2014-07-13 01:57 - 2014-07-13 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-07-13 01:57 - 2014-07-13 02:00 - 00000000 ____D () C:\Program Files (x86)\Warcraft III
2014-07-13 01:57 - 2014-07-13 01:57 - 00001053 _____ () C:\Users\Public\Desktop\Warcraft III.lnk
2014-07-13 01:41 - 2014-07-13 01:58 - 00000000 ____D () C:\Users\John\Warcraft III 1.21b TFT Installer enUS
2014-07-13 01:41 - 2014-07-13 01:41 - 02687056 _____ (Blizzard Entertainment) C:\Users\John\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe
2014-07-13 01:40 - 2014-07-13 01:55 - 00000000 ____D () C:\Users\John\Warcraft III 1.21b ROC Installer enUS
2014-07-13 01:40 - 2014-07-13 01:40 - 02693589 _____ (Blizzard Entertainment) C:\Users\John\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe
2014-07-10 01:55 - 2014-07-10 01:55 - 00000000 ____D () C:\Users\John\AppData\Roaming\Yacht Club Games
2014-07-09 17:03 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 17:03 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 17:03 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 17:03 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 17:03 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 17:03 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 17:03 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 17:03 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 17:03 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 17:03 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 17:03 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 17:03 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 17:03 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 17:03 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 17:03 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 17:03 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 17:03 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 17:03 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 17:03 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 17:03 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 17:03 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 17:03 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 17:03 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 17:03 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 17:03 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 17:03 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 17:03 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 17:03 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 17:03 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 17:03 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 17:03 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 17:03 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 17:03 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 17:03 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 17:03 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 17:02 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 17:02 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 17:02 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 17:02 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 17:02 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 17:02 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 17:02 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 17:02 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 17:02 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 17:02 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 17:02 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 17:02 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 17:02 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 17:02 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 17:02 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 17:02 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 17:02 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 17:02 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 17:02 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 17:02 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 17:02 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 17:02 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 17:02 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 17:02 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 17:02 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 17:02 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 17:02 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 17:02 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 17:02 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 17:02 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 16:54 - 2014-07-09 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-09 16:52 - 2014-07-09 16:54 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-09 16:52 - 2014-07-09 16:54 - 00000000 ____D () C:\Program Files\iTunes
2014-07-09 16:52 - 2014-07-09 16:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-09 16:52 - 2014-07-09 16:52 - 00000000 ____D () C:\Program Files\iPod
2014-07-08 00:34 - 2014-07-08 00:38 - 00000000 ____D () C:\Users\John\Downloads\zsnesw151
2014-07-08 00:34 - 2014-07-08 00:34 - 00867785 _____ () C:\Users\John\Downloads\zsnesw151.zip
2014-07-08 00:33 - 2014-07-08 00:33 - 00923454 _____ () C:\Users\John\Downloads\Megaman X.zip
2014-07-08 00:33 - 2014-07-08 00:33 - 00000000 ____D () C:\Users\John\Downloads\Megaman X
2014-07-06 11:56 - 2014-07-06 11:56 - 01455528 _____ () C:\Users\John\Downloads\SystemCheck_enUS.exe
2014-07-02 22:27 - 2014-07-02 22:27 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TweetDeck
2014-07-02 22:27 - 2014-07-02 22:27 - 00000000 ____D () C:\Users\John\AppData\Local\twitter
2014-07-02 22:27 - 2014-07-02 22:27 - 00000000 ____D () C:\Program Files (x86)\Twitter
2014-07-02 22:26 - 2014-07-02 22:26 - 29261824 _____ () C:\Users\John\Downloads\TweetDeck.msi
2014-06-26 20:40 - 2014-07-01 01:46 - 00000000 ____D () C:\Users\John\Desktop\Backup
2014-06-26 20:40 - 2014-06-26 20:40 - 00001864 _____ () C:\Users\John\Desktop\437 - Shortcut.lnk
2014-06-26 17:39 - 2014-07-04 14:42 - 00000000 ____D () C:\Users\John\Documents\Assassin's Creed IV Black Flag
2014-06-26 13:52 - 2014-06-26 13:52 - 00000222 _____ () C:\Users\John\Desktop\Assassin's Creed IV Black Flag.url
2014-06-25 20:56 - 2014-07-15 12:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 20:55 - 2014-06-25 20:55 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-25 20:55 - 2014-06-25 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-25 20:55 - 2014-06-25 20:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 20:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-25 20:55 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-23 19:03 - 2014-06-23 19:03 - 00850340 _____ () C:\Users\John\Downloads\OCD pack 1.7.2.zip
2014-06-23 11:48 - 2014-06-23 11:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\Maxthon3
2014-06-23 11:47 - 2014-06-23 11:47 - 01505096 _____ (Maxthon International ltd.) C:\Users\John\Downloads\mxsetup.exe
2014-06-21 19:32 - 2014-06-21 19:32 - 00000000 ____D () C:\Users\John\Documents\TecmoKoei
2014-06-21 02:54 - 2014-06-21 02:54 - 00000000 ____D () C:\Users\John\Desktop\Stuff
2014-06-21 02:50 - 2014-06-21 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit
2014-06-21 02:50 - 2014-06-21 02:50 - 00000000 ____D () C:\Program Files (x86)\VTFEdit
2014-06-21 02:49 - 2014-06-21 02:50 - 00852049 _____ (Neil Jedrzejewski & Ryan Gregg ) C:\Users\John\Downloads\vtfedit125-11.exe
2014-06-18 21:00 - 2014-06-18 21:00 - 00000000 ____D () C:\Users\John\Downloads\Tinted Glass 1.0
2014-06-18 20:58 - 2014-06-18 20:59 - 64343718 _____ () C:\Users\John\Downloads\Tinted Glass 1.0.zip
 
==================== One Month Modified Files and Folders =======
 
2014-07-15 13:21 - 2014-07-15 13:21 - 00014950 _____ () C:\Users\John\Desktop\FRST.txt
2014-07-15 13:21 - 2014-07-15 13:21 - 00000000 ____D () C:\FRST
2014-07-15 13:19 - 2014-07-15 13:19 - 00000628 _____ () C:\Users\John\Desktop\JRT.txt
2014-07-15 13:11 - 2014-07-15 13:11 - 00001648 _____ () C:\Users\John\Desktop\AdwCleaner[s1].txt
2014-07-15 13:11 - 2014-02-12 22:14 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype
2014-07-15 13:10 - 2014-07-15 13:10 - 00001384 _____ () C:\Users\John\Desktop\MBAM.txt
2014-07-15 13:09 - 2014-02-12 19:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 13:09 - 2009-07-14 00:51 - 00296596 _____ () C:\Windows\setupact.log
2014-07-15 12:59 - 2014-02-12 20:10 - 00000012 ____H () C:\dvmexp.idx
2014-07-15 12:59 - 2009-07-14 00:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 12:59 - 2009-07-14 00:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 12:56 - 2014-02-12 22:26 - 01416301 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 12:55 - 2014-07-15 12:55 - 02086912 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-07-15 12:55 - 2014-07-15 12:55 - 01016261 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe
2014-07-15 12:54 - 2014-06-25 20:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 12:53 - 2014-02-12 22:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\Raptr
2014-07-15 12:52 - 2014-02-12 19:47 - 00000000 ____D () C:\Users\John\AppData\Local\Deployment
2014-07-15 12:50 - 2014-02-12 20:20 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-15 12:50 - 2014-02-12 19:47 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-15 12:49 - 2014-02-12 21:45 - 00043044 _____ () C:\Windows\PFRO.log
2014-07-15 12:49 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 12:48 - 2014-03-23 20:33 - 00000000 ____D () C:\AdwCleaner
2014-07-15 12:47 - 2014-02-12 22:09 - 00000000 ____D () C:\Users\John\AppData\Local\Battle.net
2014-07-15 12:45 - 2014-07-15 12:45 - 01348263 _____ () C:\Users\John\Desktop\AdwCleaner.exe
2014-07-15 12:38 - 2014-04-12 12:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-15 03:58 - 2014-07-15 03:58 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieUserList
2014-07-15 03:58 - 2014-07-15 03:58 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieSiteList
2014-07-15 03:58 - 2014-02-12 23:08 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-07-15 03:48 - 2014-07-15 03:48 - 00890744 _____ (AMD) C:\Users\John\Downloads\amddriverdownloader.exe
2014-07-15 03:47 - 2014-07-15 03:46 - 104304693 _____ () C:\Users\John\Downloads\AMD_Chipset_V51010008_V13049_XP_Vista_Win7.zip
2014-07-15 03:16 - 2014-02-14 19:14 - 00000000 ____D () C:\Users\John\Documents\My Games
2014-07-15 03:15 - 2014-02-13 00:18 - 00321612 _____ () C:\Windows\DirectX.log
2014-07-15 01:18 - 2014-03-31 21:28 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-07-15 01:15 - 2014-07-15 01:15 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-15 01:15 - 2014-07-15 01:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-15 01:15 - 2014-07-15 01:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-15 01:15 - 2014-07-15 01:15 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-15 01:15 - 2014-07-15 01:15 - 00000000 ____D () C:\Program Files\Java
2014-07-15 01:14 - 2014-07-15 01:13 - 30984104 _____ (Oracle Corporation) C:\Users\John\Downloads\jre-7u60-windows-x64.exe
2014-07-15 01:09 - 2014-03-31 21:28 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-07-14 23:27 - 2014-02-12 22:31 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2014-07-14 23:27 - 2014-02-12 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-07-14 23:23 - 2014-05-26 09:05 - 00106748 _____ () C:\Windows\DPINST.LOG
2014-07-14 23:15 - 2014-07-14 23:15 - 00275624 _____ () C:\Windows\Minidump\071414-23790-01.dmp
2014-07-14 23:15 - 2014-02-13 09:07 - 665376046 _____ () C:\Windows\MEMORY.DMP
2014-07-14 23:15 - 2014-02-13 09:07 - 00000000 ____D () C:\Windows\Minidump
2014-07-14 01:19 - 2014-07-14 01:19 - 00275624 _____ () C:\Windows\Minidump\071414-26863-01.dmp
2014-07-13 02:00 - 2014-07-13 01:59 - 00001098 _____ () C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2014-07-13 02:00 - 2014-07-13 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-07-13 02:00 - 2014-07-13 01:57 - 00000000 ____D () C:\Program Files (x86)\Warcraft III
2014-07-13 01:58 - 2014-07-13 01:41 - 00000000 ____D () C:\Users\John\Warcraft III 1.21b TFT Installer enUS
2014-07-13 01:57 - 2014-07-13 01:57 - 00001053 _____ () C:\Users\Public\Desktop\Warcraft III.lnk
2014-07-13 01:55 - 2014-07-13 01:40 - 00000000 ____D () C:\Users\John\Warcraft III 1.21b ROC Installer enUS
2014-07-13 01:41 - 2014-07-13 01:41 - 02687056 _____ (Blizzard Entertainment) C:\Users\John\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe
2014-07-13 01:41 - 2014-02-12 22:26 - 00000000 ____D () C:\Users\John
2014-07-13 01:40 - 2014-07-13 01:40 - 02693589 _____ (Blizzard Entertainment) C:\Users\John\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe
2014-07-12 19:56 - 2014-02-12 22:26 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-07-12 12:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 10:01 - 2009-07-14 00:45 - 00301016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 09:59 - 2009-07-14 03:46 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 02:27 - 2014-02-12 21:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 02:25 - 2014-02-12 21:37 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 01:55 - 2014-07-10 01:55 - 00000000 ____D () C:\Users\John\AppData\Roaming\Yacht Club Games
2014-07-09 16:54 - 2014-07-09 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-09 16:54 - 2014-07-09 16:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-09 16:54 - 2014-07-09 16:52 - 00000000 ____D () C:\Program Files\iTunes
2014-07-09 16:54 - 2014-07-09 16:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-09 16:52 - 2014-07-09 16:52 - 00000000 ____D () C:\Program Files\iPod
2014-07-09 16:43 - 2014-02-12 22:09 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-08 16:38 - 2014-04-12 12:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 16:38 - 2014-03-27 00:42 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 16:38 - 2014-03-27 00:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 00:38 - 2014-07-08 00:34 - 00000000 ____D () C:\Users\John\Downloads\zsnesw151
2014-07-08 00:34 - 2014-07-08 00:34 - 00867785 _____ () C:\Users\John\Downloads\zsnesw151.zip
2014-07-08 00:33 - 2014-07-08 00:33 - 00923454 _____ () C:\Users\John\Downloads\Megaman X.zip
2014-07-08 00:33 - 2014-07-08 00:33 - 00000000 ____D () C:\Users\John\Downloads\Megaman X
2014-07-06 11:56 - 2014-07-06 11:56 - 01455528 _____ () C:\Users\John\Downloads\SystemCheck_enUS.exe
2014-07-04 14:42 - 2014-06-26 17:39 - 00000000 ____D () C:\Users\John\Documents\Assassin's Creed IV Black Flag
2014-07-02 22:27 - 2014-07-02 22:27 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TweetDeck
2014-07-02 22:27 - 2014-07-02 22:27 - 00000000 ____D () C:\Users\John\AppData\Local\twitter
2014-07-02 22:27 - 2014-07-02 22:27 - 00000000 ____D () C:\Program Files (x86)\Twitter
2014-07-02 22:26 - 2014-07-02 22:26 - 29261824 _____ () C:\Users\John\Downloads\TweetDeck.msi
2014-07-01 13:10 - 2014-03-15 23:44 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-01 01:46 - 2014-06-26 20:40 - 00000000 ____D () C:\Users\John\Desktop\Backup
2014-06-26 20:40 - 2014-06-26 20:40 - 00001864 _____ () C:\Users\John\Desktop\437 - Shortcut.lnk
2014-06-26 20:11 - 2014-05-06 19:51 - 00000000 ____D () C:\Users\John\AppData\Local\Ubisoft Game Launcher
2014-06-26 13:52 - 2014-06-26 13:52 - 00000222 _____ () C:\Users\John\Desktop\Assassin's Creed IV Black Flag.url
2014-06-26 10:55 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Performance
2014-06-25 20:55 - 2014-06-25 20:55 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-25 20:55 - 2014-06-25 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-25 20:55 - 2014-06-25 20:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 20:55 - 2014-03-23 20:19 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes
2014-06-25 20:55 - 2014-03-23 20:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 20:55 - 2014-03-23 20:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-25 13:06 - 2014-02-12 22:57 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-06-23 19:03 - 2014-06-23 19:03 - 00850340 _____ () C:\Users\John\Downloads\OCD pack 1.7.2.zip
2014-06-23 11:48 - 2014-06-23 11:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\Maxthon3
2014-06-23 11:47 - 2014-06-23 11:47 - 01505096 _____ (Maxthon International ltd.) C:\Users\John\Downloads\mxsetup.exe
2014-06-22 16:26 - 2014-03-30 10:16 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-06-21 20:01 - 2014-04-20 22:43 - 00000000 ____D () C:\Users\John\Downloads\Xpadder
2014-06-21 19:32 - 2014-06-21 19:32 - 00000000 ____D () C:\Users\John\Documents\TecmoKoei
2014-06-21 02:54 - 2014-06-21 02:54 - 00000000 ____D () C:\Users\John\Desktop\Stuff
2014-06-21 02:51 - 2014-02-12 22:26 - 00000000 ____D () C:\Users\John\AppData\Local\VirtualStore
2014-06-21 02:50 - 2014-06-21 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit
2014-06-21 02:50 - 2014-06-21 02:50 - 00000000 ____D () C:\Program Files (x86)\VTFEdit
2014-06-21 02:50 - 2014-06-21 02:49 - 00852049 _____ (Neil Jedrzejewski & Ryan Gregg ) C:\Users\John\Downloads\vtfedit125-11.exe
2014-06-21 02:04 - 2014-02-12 19:47 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 02:04 - 2014-02-12 19:47 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 16:14 - 2014-07-09 17:03 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-09 17:03 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-18 21:39 - 2014-07-09 17:02 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-09 17:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-09 17:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 21:00 - 2014-06-18 21:00 - 00000000 ____D () C:\Users\John\Downloads\Tinted Glass 1.0
2014-06-18 20:59 - 2014-06-18 20:58 - 64343718 _____ () C:\Users\John\Downloads\Tinted Glass 1.0.zip
2014-06-18 20:48 - 2014-07-09 17:02 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-09 17:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-09 17:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-09 17:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 20:41 - 2014-07-09 17:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 20:32 - 2014-07-09 17:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-09 17:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-09 17:02 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-09 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 20:24 - 2014-07-09 17:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 20:23 - 2014-07-09 17:02 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-09 17:03 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-09 17:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-09 17:03 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-09 17:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-09 17:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-09 17:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-09 17:02 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-09 17:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-09 17:02 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-09 17:03 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-09 17:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-09 17:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-09 17:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-09 17:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-09 17:03 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-09 17:03 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-09 17:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-09 17:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-09 17:02 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-09 17:02 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-09 17:03 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-09 17:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-09 17:03 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-09 17:03 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-09 17:03 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-09 17:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-09 17:03 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 17:03 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 18:58 - 2014-07-09 17:02 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 18:52 - 2014-07-09 17:02 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-09 17:02 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-09 17:03 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-09 17:02 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-09 17:03 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 17:03 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-09 17:03 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-09 17:02 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-09 17:02 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-09 17:03 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-09 17:02 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 22:18 - 2014-07-09 17:03 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-09 17:03 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-09 17:03 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
Files to move or delete:
====================
C:\Users\John\jagex_cl_oldschool_LIVE.dat
C:\Users\John\random.dat
 
 
Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\John\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-08 12:36
 
==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run AdwCleaner again as follows...

 

 

  •  

     

  • Double click on Adwcleaner.exe to run the tool.

     

     

  • Click on Scan

     

     

  • Once the scan is done, click on the Clean button.

     

     

  • You will get a prompt asking to close all programs. Click OK.

     

     

  • Click OK again to reboot your computer.

     

     

  • A text file will open after the restart. Please post the content of that logfile in your reply.

     

     

  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

     

     

 

 

Let me see those logs... Also let me know if there are any remaining issues or concerns...

 

Kevin

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014
Ran by John at 2014-07-15 16:40:50 Run:1
Running from C:\Users\John\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKU\S-1-5-21-2551759079-2592656266-3710109343-1000\...\MountPoints2: {7c1a8b65-9455-11e3-a497-806e6f6e6963} - D:\Bin\assetup.exe
Hosts: Hosts file not detected in the default directory
C:\Users\John\jagex_cl_oldschool_LIVE.dat
C:\Users\John\random.dat
C:\Users\John\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\John\AppData\Local\Temp\Quarantine.exe
End
*****************
 
'HKU\S-1-5-21-2551759079-2592656266-3710109343-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c1a8b65-9455-11e3-a497-806e6f6e6963}' => Key deleted successfully.
'HKCR\CLSID\{7c1a8b65-9455-11e3-a497-806e6f6e6963}'=> Key not found.
Hosts was reset successfully.
C:\Users\John\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\John\random.dat => Moved successfully.
C:\Users\John\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\Quarantine.exe => Moved successfully.
 
==== End of Fixlog ====




and AdwCleaner




# AdwCleaner v3.215 - Report created 15/07/2014 at 16:43:06
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\DeviceVM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
Deleted [search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=naruto&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [942 octets] - [23/03/2014 20:33:41]
AdwCleaner[R1].txt - [1117 octets] - [15/07/2014 12:46:33]
AdwCleaner[R2].txt - [1235 octets] - [15/07/2014 16:42:10]
AdwCleaner[s0].txt - [1008 octets] - [23/03/2014 20:35:58]
AdwCleaner[s1].txt - [1648 octets] - [15/07/2014 12:48:14]
AdwCleaner[s2].txt - [1626 octets] - [15/07/2014 16:43:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1686 octets] ##########
 


I think Adwcleaner deleted the conduit search homepage before, I also know conduit is a browser hijacker; is that the source of the problem most likely? 

Link to post
Share on other sites

I ask you to re-run AdwCleaner for that very reason, I saw it was removed from Chrome but had returned according to FRST log. Only problem is FRST does not fix Chrome, hence I ask for another ADWcleaner run.

 

Can you open Chrome, does the homepage still default to Conduit?

Link to post
Share on other sites

I ran Adwcleaner again and it removed the same Registry key and chrome settings as before
 

# AdwCleaner v3.215 - Report created 15/07/2014 at 17:14:16
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\DeviceVM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
Deleted [search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=naruto&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [942 octets] - [23/03/2014 20:33:41]
AdwCleaner[R1].txt - [1117 octets] - [15/07/2014 12:46:33]
AdwCleaner[R2].txt - [1235 octets] - [15/07/2014 16:42:10]
AdwCleaner[R3].txt - [1356 octets] - [15/07/2014 17:13:33]
AdwCleaner[s0].txt - [1008 octets] - [23/03/2014 20:35:58]
AdwCleaner[s1].txt - [1648 octets] - [15/07/2014 12:48:14]
AdwCleaner[s2].txt - [1766 octets] - [15/07/2014 16:43:06]
AdwCleaner[s3].txt - [1746 octets] - [15/07/2014 17:14:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1806 octets] ##########
Link to post
Share on other sites

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
 
:regfindconduit*conduit*
 
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Okay, here is the log
 

SystemLook 30.07.11 by jpshortstuff
Log created at 17:54 on 15/07/2014 by John
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"2D6317878F0F5264AAF3277D97A58C24"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
 
Searching for "*conduit*"
No data found.
 
-= EOF =-
Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg

    :Reg[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]"2D6317878F0F5264AAF3277D97A58C24"=-:FilesC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dllipconfig /flushdns /c:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Let me see those logs, also let me know if any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

A weird thing I noticed after I ran Malwarebytes is that every time It has found the PUP.conduit the default action is for it to be ignored once. is that normal?

 

 

All processes killed

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 not found.

========== FILES ==========

LoadLibrary failed for C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\John\Desktop\cmd.bat deleted successfully.

C:\Users\John\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 57311 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: John

->Temp folder emptied: 3019376 bytes

->Temporary Internet Files folder emptied: 310839788 bytes

->Java cache emptied: 3736720 bytes

->Google Chrome cache emptied: 361043444 bytes

->Flash cache emptied: 84364 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 53440979 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43282603 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 740.00 mb

 

 

OTM by OldTimer - Version 3.1.21.0 log created on 07152014_181753

 

Files moved on Reboot...

C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File C:\Windows\temp\hsperfdata_JOHN-PC$\1968 not found!

 

Registry entries deleted on Reboot...

 

 

 

 

 

 

 

 

 

 

 


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/15/2014

Scan Time: 18:24:15

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.15.14

Rootkit Database: v2014.07.14.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: John

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 278369

Time Elapsed: 12 min, 6 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.Conduit.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV=",), No Action By User,[22b8a2fdc6b536009f61ca08956f9070]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

You will have to take action against that entry, the reason the default is ignore is due to the settings, they will have to be changed:

 

Open up Malwarebytes > Settings > Detection and Protection >  Under Non Malware Protection set both PUP and PUM to Treat detections as malware

 

Run MALWAREBYTES threat scan again and take action against any found entries, post the new log

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/15/2014

Scan Time: 18:59:12

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.15.15

Rootkit Database: v2014.07.14.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: John

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 278499

Time Elapsed: 13 min, 50 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.Conduit.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV=",), Replaced,[fbe0b9e67902c5715bcab61c1ce829d7]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

It says it is still there :/
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/15/2014
Scan Time: 19:17:40
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.15.15
Rootkit Database: v2014.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 278602
Time Elapsed: 15 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Conduit.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=MCD47B2B6-D23B-44E8-93C9-BA8470BBB53C&SearchSource=55&CUI=&UM=5&UP=SP24BDF7A1-F188-4BA8-9396-60D470C31209&SSPV=",), Replaced,[15c6a4fb651692a4b17418ba4fb56b95]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save the zip file to your Desktop.

Double click zip file and extract to your  Desktop:

 

 

Zoekd.jpg

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

Capture.png

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

Zoekb.jpg

 

 

Copy and paste the following script from the code box and paste into the field.

 

 

standardsearch;autoclean;FFdefaults;CHRdefaults;emptyalltemp;emptyfolderscheck;delete

 

 

Select the "Run Script" tab. The following window will open:

 

 

 

Zoekc.jpg

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

Zoekf.jpg

 

Post the produced log in your next reply…..

 

Next,

 

When Zoek completes ensure to re-boot, then run MB once again and post that log too....

Link to post
Share on other sites

According to MB it isn't there now.

 
Zoek.exe v5.0.0.0 Updated 15-07-2014
Tool run by John on Tue 07/15/2014 at 19:49:11.56.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\John\Desktop\zoek.com [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
7/15/2014 19:49:58 Zoek.exe System Restore Point Created Succesfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~3\ASUS OC Profiles deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\John\AppData\Roaming\Malwarebytes deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Running Processes ======================
 
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\Package Cache deleted
C:\Users\John\Searches deleted
 
==== System Specs ======================
 
Windows: Windows XP Professional Service Pack 2 (Build 2600)
Memory (RAM): 6144 MB
CPU Info: AMD Phenom 9850 Quad-Core Processor
CPU Speed: 2508.4 MHz
Sound Card: Speakers (VIA High Definition A | 
SPDIF Interface (TX1) (VIA High | 
SPDIF Interface (TX0) (VIA High | 
Digital Audio (S/PDIF) (2- High | 
Display Adapters: AMD Radeon HD 6700 Series | AMD Radeon HD 6700 Series | AMD Radeon HD 6700 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor | 
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: No optical drives found.
Ports: COM1 LPT1
Mouse: 7 Button Wheel Mouse Present
Hard Disks: C:  1397.2GB
Hard Disks - Free: C:  752.0GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 04/14/10 | ACRSYS - 20100414
Time Zone: Eastern Standard Time
Motherboard *: ASUSTeK Computer INC. M4A785-M
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Google Chrome 35.0.1916.153
Internet Explorer Version: 11.0.9600.17207 
Google Chrome version: 35.0.1916.153
Adobe Reader version: 9.1.0.2009022700
Sun Java version: 1.7.0_60 (64-bit) 
Flash Player version: 14.0.0.145
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\John\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-07-09 21:03:17 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe
2014-07-09 21:03:11 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll
2014-07-09 21:03:06 E3065F51EE0BB099EAAE48C3FC3A25B6 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 21:03:06 67EA1BB7F6428A10C64D5A732976F871 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 21:03:06 448854C4FE94C0FA329CC38FF103DC74 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 21:03:05 BE0EA764820239F7785410CBE3880086 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 21:03:05 9385D7C5DF2566D01B1FB150F381D50B 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 21:03:05 91CF46BBB827E461C498A1D7D1A71AD6 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-07-09 21:03:05 7C44C697BA6D0B698B91AC6516A731C3 1139200 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-07-09 21:03:04 E739AEDCA67F214F96C2520BA293B12B 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 21:03:04 DFA59840BB1220AFD261FDAE83543959 17276416 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-07-09 21:03:03 CE94480E78CC3A1A17B53F2BB65639BD 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-07-09 21:03:03 4B774E842F268D51DB942EF9637828B9 1964544 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 21:03:03 42BF66A4DC35DAD3564065173372CCE9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 21:03:02 A9F8343A3234FC7A42DDA4569827B411 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 21:03:02 084FB28A790685F32A6D7D003777696D 2179072 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-07-09 21:03:01 F2A99A4293CAF7956FF7801D36D5A3B2 442368 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-07-09 21:03:01 A98E303FCB7058C6E78FD1FBBCBB5EEF 240824 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 21:03:01 573E522A27210701EB8A6C476D36FFF6 239616 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 21:03:00 FC733FD7721200D5136F6F8112E97B00 11742208 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-07-09 21:02:58 FDA05E78813F543A6E9AC6B23EC696F2 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 21:02:58 98C7B1AFA0A99EE3BE99EAABEFB72CA0 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-07-09 21:02:58 09CBE4B1AEF497FC05493B09EA2C1757 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 21:02:57 CCC198257901BEEA2FBF8EB1E7678356 1791488 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-07-09 21:02:57 8046CF629D8AE766C22145F4A6AFFBE1 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-07-09 21:02:57 557D60DF85D61C290A1D09E7115B294B 62464 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 21:02:57 175A663547805367C10746FC416D4605 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 21:02:57 045A91095A605BB20FF2B37546FE62B0 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-07-09 21:02:33 A0E053D8D97ED0F913D56E6AF21DD26F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2014-07-09 21:02:33 230AAF45031E87638CA4053C0399C1E6 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-07-15 05:15:57 80DD24235A7E13AFC9E9EBC55ACE1ACF 313256 ----a-w- C:\Windows\Sysnative\javaws.exe
2014-07-15 05:15:54 B139EECAC4B3B43949FA0E2EDB66B905 111016 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll
2014-07-15 05:15:54 75F20BEDF6B95AA316C08D9D3F247692 189352 ----a-w- C:\Windows\Sysnative\java.exe
2014-07-15 05:15:54 22AEEB5D70AFF7C6CB43D16E6F5E2FFF 189352 ----a-w- C:\Windows\Sysnative\javaw.exe
2014-07-09 21:03:18 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-07-09 21:03:16 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\Sysnative\osk.exe
2014-07-09 21:03:12 D6AFBAA93169E6772565A1BC896D666B 624128 ----a-w- C:\Windows\Sysnative\qedit.dll
2014-07-09 21:03:06 FC50DF22550C565DD096ACFAF18A37ED 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-07-09 21:03:06 DA5BAC4C5BDB22BBC6771534EA95AD33 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-07-09 21:03:05 C2F62DF01E3552DB0571FEF4D514675B 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-07-09 21:03:05 C0F9F52C36E584C0339406ABF6DA1FBA 266424 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-07-09 21:03:05 5E646AD50848A409291418B5759595B9 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-07-09 21:03:03 73C7D1FCF6F58F3BF077FB42B0214BC0 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-07-09 21:03:02 391D68668CFC061F26BE593A61F745E0 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-07-09 21:03:01 D8E6706AECD7AA50764E126CE3F36555 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-07-09 21:03:01 7176CB0FFAAC3E54ABB2014E821120F9 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-07-09 21:03:01 2E40D5E11BCC597352EE0314AF629A0F 452608 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-07-09 21:03:00 CA67F68CEC788C0C69AD47C5125DDD8E 608768 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-07-09 21:02:59 A21C6231459F4CAC212676A9367A1A68 2768384 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-07-09 21:02:59 7469D4E046BD7D155CAC2697BD28B58B 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-07-09 21:02:59 1685AA234852657C4A6D253CCBBE84E0 2040832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-07-09 21:02:57 8B2ADE09864BF3F7AA6D395DAFEC41B5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-07-09 21:02:56 854C5F171F5CEE272232AC0286F3B3B9 598016 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-07-09 21:02:56 797E36BAD01FD7C8F0FB92E86A9E01D7 13527040 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-07-09 21:02:56 415DF2B045167D6D85223CFFF00FCFC7 292864 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-07-09 21:02:55 CD76B3D60D28634A67B0AD7CB2E45929 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-07-09 21:02:55 945FA19B388FCF0FEA6124B5FD71C72F 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-07-09 21:02:55 50FF2DD806CC6CF3B3F98F9A1A711603 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-07-09 21:02:55 1FD6C2F6AC489C271565730F6E9E1A05 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-07-09 21:02:54 BDD4A74421B023C81DA63168BD10C01B 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-07-09 21:02:54 4EC7738394D2BC7BCB5F7A3657F57252 5721088 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-07-09 21:02:54 2EE102DF0EDD8A1EDD3D1E9B99A91BEC 2266112 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-07-09 21:02:54 00401347C3BC466E5F2516387EBBCA7D 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-07-09 21:02:53 F876957CA193B20A21D52F91418657D7 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-07-09 21:02:53 89A53CDE0DA5680AF48A181D82C752CA 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-07-09 21:02:52 FEC19C351EF1B2C998A85D1BFD765675 23464448 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-07-09 21:02:52 52012C83F7E9AF65D13F04415F0508F5 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-07-09 21:02:35 D4CCE15190269486A5E6D4D4E597F798 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll
====== C:\Windows\Sysnative\drivers =====
2014-07-15 22:23:42 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\48230029.sys
2014-07-09 21:03:10 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2014-06-26 00:56:05 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-06-26 00:55:43 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-06-26 00:55:43 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
====== C:\Windows\Tasks ======
2014-07-15 23:48:58 E3C8B1C8494F59562D76092776A87302 3100 ----a-w- C:\Windows\Sysnative\Tasks\{04049363-B53F-4733-8DB7-044094010B7F}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-07-15 05:15:31 -------- d-----w- C:\Program Files\Java
2014-07-09 20:52:56 -------- d-----w- C:\Program Files\iPod
2014-07-09 20:52:55 -------- d-----w- C:\Program Files\iTunes
======= C:\PROGRA~2 =====
2014-07-13 05:57:11 -------- d-----w- C:\PROGRA~2\Warcraft III
2014-07-09 20:52:55 -------- d-----w- C:\PROGRA~2\iTunes
2014-07-03 02:27:30 -------- d-----w- C:\PROGRA~2\Twitter
2014-06-21 06:50:20 -------- d-----w- C:\PROGRA~2\VTFEdit
======= C: =====
====== C:\Users\John\AppData\Roaming ======
2014-07-15 07:58:29 -------- d-sh--w- C:\Users\John\AppData\Local\EmieUserList
2014-07-15 07:58:29 -------- d-sh--w- C:\Users\John\AppData\Local\EmieSiteList
2014-07-10 05:55:00 -------- d-----w- C:\Users\John\AppData\Roaming\Yacht Club Games
2014-07-03 02:27:45 -------- d-----w- C:\Users\John\AppData\Local\twitter
2014-07-03 02:27:33 -------- d-----w- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TweetDeck
2014-06-23 15:48:39 -------- d-----w- C:\Users\John\AppData\Roaming\Maxthon3
====== C:\Users\John ======
2014-07-15 22:16:23 ABE171BFF8277921FD92BF5DEC76F363 522240 ----a-w- C:\Users\John\Desktop\OTM.exe
2014-07-15 21:53:38 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\John\Desktop\SystemLook_x64.exe
2014-07-15 16:55:45 32EC56D740D3817B253B3B5C104C6ED8 2086912 ----a-w- C:\Users\John\Desktop\FRST64.exe
2014-07-15 16:55:10 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\John\Desktop\JRT.exe
2014-07-15 16:45:49 DB95B03031E66AC45495EDF1D16B8887 1348263 ----a-w- C:\Users\John\Desktop\AdwCleaner.exe
2014-07-15 07:48:30 E1263309FB4AA7F83E7E67FBEA6A59F4 890744 ----a-w- C:\Users\John\Downloads\amddriverdownloader.exe
2014-07-15 05:13:59 8970C0476E96E4B9ABF074C93307E924 30984104 ----a-w- C:\Users\John\Downloads\jre-7u60-windows-x64.exe
2014-07-13 05:57:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-07-13 05:41:57 1D74B60E80A1939911BABABF27B49349 1172376 ----a-w- C:\Users\John\Warcraft III 1.21b TFT Installer enUS\Installer.exe
2014-07-13 05:41:57 -------- d-----w- C:\Users\John\Warcraft III 1.21b TFT Installer enUS
2014-07-13 05:41:37 33D0CB7A9E784AA523E2A3CC418E945E 2687056 ----a-w- C:\Users\John\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe
2014-07-13 05:40:54 7A74B8D767E43FB0742DD0C145A90101 1172376 ----a-w- C:\Users\John\Warcraft III 1.21b ROC Installer enUS\Installer.exe
2014-07-13 05:40:54 -------- d-----w- C:\Users\John\Warcraft III 1.21b ROC Installer enUS
2014-07-13 05:40:26 9736C50D06A950ABE29BABFF17E8FA87 2693589 ----a-w- C:\Users\John\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe
2014-07-09 20:54:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-09 20:52:55 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-06 15:56:40 6F8ED99945D5B5406B717BDE754DAE0C 1455528 ----a-w- C:\Users\John\Downloads\SystemCheck_enUS.exe
2014-06-21 06:50:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit
 
====== C: exe-files ==
2014-07-15 05:15:41 B5C895A0CE2252C2BE13E4DB60059A67 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe
2014-07-15 05:15:41 50D36E49C4FCF2F0936E55FC64F2C20A 180648 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe
2014-07-15 05:15:40 C8846A5A7613B2B9BFF678182A9B3676 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe
2014-07-15 05:15:40 66567DB2EDB5396F7839687F48CD9D6A 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe
2014-07-15 05:15:40 4E41FB38C3CE8A907F574217061B43DB 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe
2014-07-15 05:15:40 4E40EEF592340030DE0FB62532238FD4 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe
2014-07-15 05:15:40 354A7C881CC32CD63314B0BA7AA8DA24 16808 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe
2014-07-15 05:15:40 0A7264A972A49FDBE00B4431DC2B101E 64424 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe
2014-07-15 05:15:40 0648CE22986703A3618C2F60D2B34EAC 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe
2014-07-15 05:15:39 FEAEFB0DFC2A55F5E3670CFFD97B12E3 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe
2014-07-15 05:15:39 DEB108631ED814878B4D0F8F66BA7D54 67496 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe
2014-07-15 05:15:39 80DD24235A7E13AFC9E9EBC55ACE1ACF 313256 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe
2014-07-15 05:15:39 6FC165F778DC7E3A0C573A555CAD5EE4 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe
2014-07-15 05:15:39 63943EF8CDC05D71AA3EDEFF14A8BA43 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe
2014-07-15 05:15:39 22AEEB5D70AFF7C6CB43D16E6F5E2FFF 189352 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe
2014-07-15 05:15:39 1EE4BEAA034A42AA91DD4ACB71800E97 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe
2014-07-15 05:15:38 B6FE60CC39FC7CB597FBA0EB0A91AA97 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe
2014-07-15 05:15:38 AF463A23D7F45C297BC7F0CF9AAE5C2F 76200 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe
2014-07-15 05:15:38 75F20BEDF6B95AA316C08D9D3F247692 189352 ----a-w- C:\Program Files\Java\jre7\bin\java.exe
2014-07-15 05:15:38 5AD390906C2F6B84B93877E8DC30707E 55720 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe
2014-07-13 05:57:11 D3C14AB1D76CC88E131BA31667326A68 397312 ----a-w- C:\Program Files (x86)\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe
2014-07-09 23:51:45 DFAA288E67F98A2FDB9BD3C2F10C1CEA 2478592 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\ShovelKnight.exe
2014-07-09 23:51:45 C9D9EEBCCEF20D637F193490CEC05E79 10274136 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\_CommonRedist\vcredist\2010\vcredist_x64.exe
2014-07-09 23:51:45 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\_CommonRedist\DirectX\Jun2010\DXSETUP.exe
2014-07-09 23:51:45 1801436936E64598BAB5B87B37DC7F87 8990552 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\_CommonRedist\vcredist\2010\vcredist_x86.exe
2014-07-09 21:03:17 20235ED4653CFDDCDEF721F5126A1C47 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-09 21:03:14 89D2706FCD45E33CECFBD46BCBAD7E16 10240 ----a-w- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
2014-07-09 21:03:05 61FF1A9683EDD471797FE0F56057FD09 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-07-09 21:03:05 24868C9D422EDB5B249C0C81B01A0C19 810160 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-07-09 21:03:03 CD900EFB4F8946A2BB1950D9F45915C2 812216 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-07-09 21:03:03 65D0ECD485C8605B07C8338708224818 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-07-09 21:03:03 2168067C03FADB690B77633104A2E64B 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-07-09 21:02:59 8395829B1CE9E11C6441753257DC7591 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-07-09 20:42:49 B3F5836DDD18A9665C188F1C63BF4B35 9786416 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.4826\Battle.net.exe
=== C: other files ==
2014-07-15 23:48:16 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Users\John\AppData\Local\Temp\scripttest.vbs
2014-07-15 22:23:42 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys
2014-07-15 22:22:46 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server3.raptr.com
2014-07-15 21:18:44 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server5.raptr.com
2014-07-15 17:03:11 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server2.raptr.com
2014-07-15 15:27:35 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server6.raptr.com
2014-07-15 07:46:55 E73DEFA22FB39F931679296041C16B5C 104304693 ----a-w- C:\Users\John\Downloads\AMD_Chipset_V51010008_V13049_XP_Vista_Win7.zip
2014-07-15 05:23:53 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server8.raptr.com
2014-07-15 05:15:41 8C3C73B2287D15AD508BA3B78185EAC3 18619 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip
2014-07-15 03:31:27 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server7.raptr.com
2014-07-14 23:38:05 DEA4703BF33F6F49E78D54B118E8BBCF 14416 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\XEW\Binaries\Win32\XComGame.com
2014-07-14 21:27:58 DEA4703BF33F6F49E78D54B118E8BBCF 14416 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.com
2014-07-14 16:19:49 0E038984F0CC7AD51415E527D569A07B 2189 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Bloody Trapland\MapEditor\Content\GameObjects\UserCreated\as.xml.zip
2014-07-14 16:19:48 2CEAEB04EEAB5E35294CE20DA0F44120 946 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Bloody Trapland\MapEditor\Content\GameObjects\UserCreated\sssss.xml.zip
2014-07-12 16:00:40 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server4.raptr.com
2014-07-09 21:03:18 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-07-09 21:03:10 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-2551759079-2592656266-3710109343-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup"
"MxDock"="C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe"
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Turbo Key"="C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"bncsaui.exe"="%ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup"
"MxDock"="C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe"
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
 
==== Startup Folders ======================
 
2014-02-13 03:27:20 0 ----a-w- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
2014-02-14 19:17:00 967 ----a-w- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/08/2014 16:38]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/12/2014 19:47]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/12/2014 19:47]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS RegRun Loader" [C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS SIX Engine" [C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS Update Checker" [C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe]
 
==== Chrome Look ======================
 
BTTV - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped
Google Drive - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
imgur Extension by Metronomik - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao
FrankerFaceZ - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb
Stylish - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe
Google Wallet - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Checker Plus for Gmail™ - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj
Audio Converter - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipga
Gmail - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Luna Theme - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmhihobegibbfdeogahppfhmbfmbjann
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
 
==== Reset Google Chrome ======================
 
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [MxDock] C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Steam.lnk = C:\Program Files (x86)\Steam\Steam.exe
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=34 folders=37 35489965 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\John\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\John\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
Zoek.exe v5.0.0.0 Updated 15-07-2014
Tool run by John on Tue 07/15/2014 at 19:49:11.56.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\John\Desktop\zoek.com [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
7/15/2014 19:49:58 Zoek.exe System Restore Point Created Succesfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~3\ASUS OC Profiles deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\John\AppData\Roaming\Malwarebytes deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Running Processes ======================
 
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\Package Cache deleted
C:\Users\John\Searches deleted
 
==== System Specs ======================
 
Windows: Windows XP Professional Service Pack 2 (Build 2600)
Memory (RAM): 6144 MB
CPU Info: AMD Phenom 9850 Quad-Core Processor
CPU Speed: 2508.4 MHz
Sound Card: Speakers (VIA High Definition A | 
SPDIF Interface (TX1) (VIA High | 
SPDIF Interface (TX0) (VIA High | 
Digital Audio (S/PDIF) (2- High | 
Display Adapters: AMD Radeon HD 6700 Series | AMD Radeon HD 6700 Series | AMD Radeon HD 6700 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor | 
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: No optical drives found.
Ports: COM1 LPT1
Mouse: 7 Button Wheel Mouse Present
Hard Disks: C:  1397.2GB
Hard Disks - Free: C:  752.0GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 04/14/10 | ACRSYS - 20100414
Time Zone: Eastern Standard Time
Motherboard *: ASUSTeK Computer INC. M4A785-M
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Google Chrome 35.0.1916.153
Internet Explorer Version: 11.0.9600.17207 
Google Chrome version: 35.0.1916.153
Adobe Reader version: 9.1.0.2009022700
Sun Java version: 1.7.0_60 (64-bit) 
Flash Player version: 14.0.0.145
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\John\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-07-09 21:03:17 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe
2014-07-09 21:03:11 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll
2014-07-09 21:03:06 E3065F51EE0BB099EAAE48C3FC3A25B6 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 21:03:06 67EA1BB7F6428A10C64D5A732976F871 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 21:03:06 448854C4FE94C0FA329CC38FF103DC74 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 21:03:05 BE0EA764820239F7785410CBE3880086 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 21:03:05 9385D7C5DF2566D01B1FB150F381D50B 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 21:03:05 91CF46BBB827E461C498A1D7D1A71AD6 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-07-09 21:03:05 7C44C697BA6D0B698B91AC6516A731C3 1139200 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-07-09 21:03:04 E739AEDCA67F214F96C2520BA293B12B 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 21:03:04 DFA59840BB1220AFD261FDAE83543959 17276416 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-07-09 21:03:03 CE94480E78CC3A1A17B53F2BB65639BD 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-07-09 21:03:03 4B774E842F268D51DB942EF9637828B9 1964544 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 21:03:03 42BF66A4DC35DAD3564065173372CCE9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 21:03:02 A9F8343A3234FC7A42DDA4569827B411 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 21:03:02 084FB28A790685F32A6D7D003777696D 2179072 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-07-09 21:03:01 F2A99A4293CAF7956FF7801D36D5A3B2 442368 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-07-09 21:03:01 A98E303FCB7058C6E78FD1FBBCBB5EEF 240824 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 21:03:01 573E522A27210701EB8A6C476D36FFF6 239616 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 21:03:00 FC733FD7721200D5136F6F8112E97B00 11742208 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-07-09 21:02:58 FDA05E78813F543A6E9AC6B23EC696F2 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 21:02:58 98C7B1AFA0A99EE3BE99EAABEFB72CA0 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-07-09 21:02:58 09CBE4B1AEF497FC05493B09EA2C1757 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 21:02:57 CCC198257901BEEA2FBF8EB1E7678356 1791488 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-07-09 21:02:57 8046CF629D8AE766C22145F4A6AFFBE1 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-07-09 21:02:57 557D60DF85D61C290A1D09E7115B294B 62464 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 21:02:57 175A663547805367C10746FC416D4605 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 21:02:57 045A91095A605BB20FF2B37546FE62B0 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-07-09 21:02:33 A0E053D8D97ED0F913D56E6AF21DD26F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2014-07-09 21:02:33 230AAF45031E87638CA4053C0399C1E6 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-07-15 05:15:57 80DD24235A7E13AFC9E9EBC55ACE1ACF 313256 ----a-w- C:\Windows\Sysnative\javaws.exe
2014-07-15 05:15:54 B139EECAC4B3B43949FA0E2EDB66B905 111016 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll
2014-07-15 05:15:54 75F20BEDF6B95AA316C08D9D3F247692 189352 ----a-w- C:\Windows\Sysnative\java.exe
2014-07-15 05:15:54 22AEEB5D70AFF7C6CB43D16E6F5E2FFF 189352 ----a-w- C:\Windows\Sysnative\javaw.exe
2014-07-09 21:03:18 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-07-09 21:03:16 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\Sysnative\osk.exe
2014-07-09 21:03:12 D6AFBAA93169E6772565A1BC896D666B 624128 ----a-w- C:\Windows\Sysnative\qedit.dll
2014-07-09 21:03:06 FC50DF22550C565DD096ACFAF18A37ED 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-07-09 21:03:06 DA5BAC4C5BDB22BBC6771534EA95AD33 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-07-09 21:03:05 C2F62DF01E3552DB0571FEF4D514675B 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-07-09 21:03:05 C0F9F52C36E584C0339406ABF6DA1FBA 266424 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-07-09 21:03:05 5E646AD50848A409291418B5759595B9 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-07-09 21:03:03 73C7D1FCF6F58F3BF077FB42B0214BC0 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-07-09 21:03:02 391D68668CFC061F26BE593A61F745E0 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-07-09 21:03:01 D8E6706AECD7AA50764E126CE3F36555 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-07-09 21:03:01 7176CB0FFAAC3E54ABB2014E821120F9 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-07-09 21:03:01 2E40D5E11BCC597352EE0314AF629A0F 452608 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-07-09 21:03:00 CA67F68CEC788C0C69AD47C5125DDD8E 608768 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-07-09 21:02:59 A21C6231459F4CAC212676A9367A1A68 2768384 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-07-09 21:02:59 7469D4E046BD7D155CAC2697BD28B58B 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-07-09 21:02:59 1685AA234852657C4A6D253CCBBE84E0 2040832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-07-09 21:02:57 8B2ADE09864BF3F7AA6D395DAFEC41B5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-07-09 21:02:56 854C5F171F5CEE272232AC0286F3B3B9 598016 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-07-09 21:02:56 797E36BAD01FD7C8F0FB92E86A9E01D7 13527040 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-07-09 21:02:56 415DF2B045167D6D85223CFFF00FCFC7 292864 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-07-09 21:02:55 CD76B3D60D28634A67B0AD7CB2E45929 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-07-09 21:02:55 945FA19B388FCF0FEA6124B5FD71C72F 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-07-09 21:02:55 50FF2DD806CC6CF3B3F98F9A1A711603 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-07-09 21:02:55 1FD6C2F6AC489C271565730F6E9E1A05 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-07-09 21:02:54 BDD4A74421B023C81DA63168BD10C01B 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-07-09 21:02:54 4EC7738394D2BC7BCB5F7A3657F57252 5721088 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-07-09 21:02:54 2EE102DF0EDD8A1EDD3D1E9B99A91BEC 2266112 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-07-09 21:02:54 00401347C3BC466E5F2516387EBBCA7D 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-07-09 21:02:53 F876957CA193B20A21D52F91418657D7 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-07-09 21:02:53 89A53CDE0DA5680AF48A181D82C752CA 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-07-09 21:02:52 FEC19C351EF1B2C998A85D1BFD765675 23464448 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-07-09 21:02:52 52012C83F7E9AF65D13F04415F0508F5 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-07-09 21:02:35 D4CCE15190269486A5E6D4D4E597F798 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll
====== C:\Windows\Sysnative\drivers =====
2014-07-15 22:23:42 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\48230029.sys
2014-07-09 21:03:10 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2014-06-26 00:56:05 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-06-26 00:55:43 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-06-26 00:55:43 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
====== C:\Windows\Tasks ======
2014-07-15 23:48:58 E3C8B1C8494F59562D76092776A87302 3100 ----a-w- C:\Windows\Sysnative\Tasks\{04049363-B53F-4733-8DB7-044094010B7F}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-07-15 05:15:31 -------- d-----w- C:\Program Files\Java
2014-07-09 20:52:56 -------- d-----w- C:\Program Files\iPod
2014-07-09 20:52:55 -------- d-----w- C:\Program Files\iTunes
======= C:\PROGRA~2 =====
2014-07-13 05:57:11 -------- d-----w- C:\PROGRA~2\Warcraft III
2014-07-09 20:52:55 -------- d-----w- C:\PROGRA~2\iTunes
2014-07-03 02:27:30 -------- d-----w- C:\PROGRA~2\Twitter
2014-06-21 06:50:20 -------- d-----w- C:\PROGRA~2\VTFEdit
======= C: =====
====== C:\Users\John\AppData\Roaming ======
2014-07-15 07:58:29 -------- d-sh--w- C:\Users\John\AppData\Local\EmieUserList
2014-07-15 07:58:29 -------- d-sh--w- C:\Users\John\AppData\Local\EmieSiteList
2014-07-10 05:55:00 -------- d-----w- C:\Users\John\AppData\Roaming\Yacht Club Games
2014-07-03 02:27:45 -------- d-----w- C:\Users\John\AppData\Local\twitter
2014-07-03 02:27:33 -------- d-----w- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TweetDeck
2014-06-23 15:48:39 -------- d-----w- C:\Users\John\AppData\Roaming\Maxthon3
====== C:\Users\John ======
2014-07-15 22:16:23 ABE171BFF8277921FD92BF5DEC76F363 522240 ----a-w- C:\Users\John\Desktop\OTM.exe
2014-07-15 21:53:38 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\John\Desktop\SystemLook_x64.exe
2014-07-15 16:55:45 32EC56D740D3817B253B3B5C104C6ED8 2086912 ----a-w- C:\Users\John\Desktop\FRST64.exe
2014-07-15 16:55:10 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\John\Desktop\JRT.exe
2014-07-15 16:45:49 DB95B03031E66AC45495EDF1D16B8887 1348263 ----a-w- C:\Users\John\Desktop\AdwCleaner.exe
2014-07-15 07:48:30 E1263309FB4AA7F83E7E67FBEA6A59F4 890744 ----a-w- C:\Users\John\Downloads\amddriverdownloader.exe
2014-07-15 05:13:59 8970C0476E96E4B9ABF074C93307E924 30984104 ----a-w- C:\Users\John\Downloads\jre-7u60-windows-x64.exe
2014-07-13 05:57:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-07-13 05:41:57 1D74B60E80A1939911BABABF27B49349 1172376 ----a-w- C:\Users\John\Warcraft III 1.21b TFT Installer enUS\Installer.exe
2014-07-13 05:41:57 -------- d-----w- C:\Users\John\Warcraft III 1.21b TFT Installer enUS
2014-07-13 05:41:37 33D0CB7A9E784AA523E2A3CC418E945E 2687056 ----a-w- C:\Users\John\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe
2014-07-13 05:40:54 7A74B8D767E43FB0742DD0C145A90101 1172376 ----a-w- C:\Users\John\Warcraft III 1.21b ROC Installer enUS\Installer.exe
2014-07-13 05:40:54 -------- d-----w- C:\Users\John\Warcraft III 1.21b ROC Installer enUS
2014-07-13 05:40:26 9736C50D06A950ABE29BABFF17E8FA87 2693589 ----a-w- C:\Users\John\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe
2014-07-09 20:54:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-09 20:52:55 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-06 15:56:40 6F8ED99945D5B5406B717BDE754DAE0C 1455528 ----a-w- C:\Users\John\Downloads\SystemCheck_enUS.exe
2014-06-21 06:50:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit
 
====== C: exe-files ==
2014-07-15 05:15:41 B5C895A0CE2252C2BE13E4DB60059A67 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe
2014-07-15 05:15:41 50D36E49C4FCF2F0936E55FC64F2C20A 180648 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe
2014-07-15 05:15:40 C8846A5A7613B2B9BFF678182A9B3676 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe
2014-07-15 05:15:40 66567DB2EDB5396F7839687F48CD9D6A 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe
2014-07-15 05:15:40 4E41FB38C3CE8A907F574217061B43DB 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe
2014-07-15 05:15:40 4E40EEF592340030DE0FB62532238FD4 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe
2014-07-15 05:15:40 354A7C881CC32CD63314B0BA7AA8DA24 16808 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe
2014-07-15 05:15:40 0A7264A972A49FDBE00B4431DC2B101E 64424 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe
2014-07-15 05:15:40 0648CE22986703A3618C2F60D2B34EAC 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe
2014-07-15 05:15:39 FEAEFB0DFC2A55F5E3670CFFD97B12E3 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe
2014-07-15 05:15:39 DEB108631ED814878B4D0F8F66BA7D54 67496 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe
2014-07-15 05:15:39 80DD24235A7E13AFC9E9EBC55ACE1ACF 313256 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe
2014-07-15 05:15:39 6FC165F778DC7E3A0C573A555CAD5EE4 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe
2014-07-15 05:15:39 63943EF8CDC05D71AA3EDEFF14A8BA43 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe
2014-07-15 05:15:39 22AEEB5D70AFF7C6CB43D16E6F5E2FFF 189352 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe
2014-07-15 05:15:39 1EE4BEAA034A42AA91DD4ACB71800E97 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe
2014-07-15 05:15:38 B6FE60CC39FC7CB597FBA0EB0A91AA97 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe
2014-07-15 05:15:38 AF463A23D7F45C297BC7F0CF9AAE5C2F 76200 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe
2014-07-15 05:15:38 75F20BEDF6B95AA316C08D9D3F247692 189352 ----a-w- C:\Program Files\Java\jre7\bin\java.exe
2014-07-15 05:15:38 5AD390906C2F6B84B93877E8DC30707E 55720 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe
2014-07-13 05:57:11 D3C14AB1D76CC88E131BA31667326A68 397312 ----a-w- C:\Program Files (x86)\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe
2014-07-09 23:51:45 DFAA288E67F98A2FDB9BD3C2F10C1CEA 2478592 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\ShovelKnight.exe
2014-07-09 23:51:45 C9D9EEBCCEF20D637F193490CEC05E79 10274136 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\_CommonRedist\vcredist\2010\vcredist_x64.exe
2014-07-09 23:51:45 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\_CommonRedist\DirectX\Jun2010\DXSETUP.exe
2014-07-09 23:51:45 1801436936E64598BAB5B87B37DC7F87 8990552 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\_CommonRedist\vcredist\2010\vcredist_x86.exe
2014-07-09 21:03:17 20235ED4653CFDDCDEF721F5126A1C47 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-09 21:03:14 89D2706FCD45E33CECFBD46BCBAD7E16 10240 ----a-w- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
2014-07-09 21:03:05 61FF1A9683EDD471797FE0F56057FD09 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-07-09 21:03:05 24868C9D422EDB5B249C0C81B01A0C19 810160 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-07-09 21:03:03 CD900EFB4F8946A2BB1950D9F45915C2 812216 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-07-09 21:03:03 65D0ECD485C8605B07C8338708224818 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-07-09 21:03:03 2168067C03FADB690B77633104A2E64B 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-07-09 21:02:59 8395829B1CE9E11C6441753257DC7591 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-07-09 20:42:49 B3F5836DDD18A9665C188F1C63BF4B35 9786416 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.4826\Battle.net.exe
=== C: other files ==
2014-07-15 23:48:16 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Users\John\AppData\Local\Temp\scripttest.vbs
2014-07-15 22:23:42 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys
2014-07-15 22:22:46 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server3.raptr.com
2014-07-15 21:18:44 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server5.raptr.com
2014-07-15 17:03:11 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server2.raptr.com
2014-07-15 15:27:35 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server6.raptr.com
2014-07-15 07:46:55 E73DEFA22FB39F931679296041C16B5C 104304693 ----a-w- C:\Users\John\Downloads\AMD_Chipset_V51010008_V13049_XP_Vista_Win7.zip
2014-07-15 05:23:53 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server8.raptr.com
2014-07-15 05:15:41 8C3C73B2287D15AD508BA3B78185EAC3 18619 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip
2014-07-15 03:31:27 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server7.raptr.com
2014-07-14 23:38:05 DEA4703BF33F6F49E78D54B118E8BBCF 14416 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\XEW\Binaries\Win32\XComGame.com
2014-07-14 21:27:58 DEA4703BF33F6F49E78D54B118E8BBCF 14416 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.com
2014-07-14 16:19:49 0E038984F0CC7AD51415E527D569A07B 2189 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Bloody Trapland\MapEditor\Content\GameObjects\UserCreated\as.xml.zip
2014-07-14 16:19:48 2CEAEB04EEAB5E35294CE20DA0F44120 946 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Bloody Trapland\MapEditor\Content\GameObjects\UserCreated\sssss.xml.zip
2014-07-12 16:00:40 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\John\AppData\Roaming\Raptr\data\erisez\config\certificates\x509\tls_peers\xmpp-server4.raptr.com
2014-07-09 21:03:18 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-07-09 21:03:10 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-2551759079-2592656266-3710109343-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup"
"MxDock"="C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe"
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Turbo Key"="C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"bncsaui.exe"="%ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup"
"MxDock"="C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe"
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
 
==== Startup Folders ======================
 
2014-02-13 03:27:20 0 ----a-w- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
2014-02-14 19:17:00 967 ----a-w- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/08/2014 16:38]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/12/2014 19:47]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/12/2014 19:47]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS RegRun Loader" [C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS SIX Engine" [C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS Update Checker" [C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe]
 
==== Chrome Look ======================
 
BTTV - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped
Google Drive - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
imgur Extension by Metronomik - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao
FrankerFaceZ - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb
Stylish - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe
Google Wallet - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Checker Plus for Gmail™ - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj
Audio Converter - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipga
Gmail - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Luna Theme - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmhihobegibbfdeogahppfhmbfmbjann
Link to post
Share on other sites

 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
 
==== Reset Google Chrome ======================
 
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [MxDock] C:\Program Files (x86)\Maxthon\Modules\MxDock\MxDock.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Steam.lnk = C:\Program Files (x86)\Steam\Steam.exe
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=34 folders=37 35489965 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\John\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\John\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Tue 07/15/2014 at 20:26:18.48 ======================







Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/15/2014
Scan Time: 20:28:37
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.15.15
Rootkit Database: v2014.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 277938
Time Elapsed: 11 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
==== EOF on Tue 07/15/2014 at 20:26:18.48 ======================
 
Link to post
Share on other sites

What is the current status of your system, are there any remaining issues or concerns?

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Thank you,

 

Kevin

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.