Jump to content

Ran Malwarebytes scan than 12 hours later after the scan completed windows wont start


Guest Taykum
 Share

Recommended Posts

Guest Taykum

Topic says it all. Can't get into the Windows side of my computer and running windows repair says it cant repair anything. Computer restarts after sitting on the windows start up screen. I run windows through a partitioned section of my hardrive on my mac and can access files from the windows side but it cant write to the mac side. Currently attempting to run Clamxav to scan the windows partition. Any thing anyone can suggest that might help? (might be able to access logs from last scan if i find it in the malwarebytes folder.)

Link to post
Share on other sites

  • Staff
Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

 

  • Plug the flashdrive into the infected PC.
  • Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer   
  • Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • When notepad opens, click File and select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter.
Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run. When the tool opens click Yes to disclaimer.
  • Press Scan button.
 
 
It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.
Link to post
Share on other sites

Guest Taykum

Alright ill get to that as soon as I get somewhere I can. I did run a scan with ClamXav and it pulled two aecache.dll Activemail4308.exe iCR_mozilla and a WindowsServer200and that's all I saw but like I said I'll run that as soon as I can thanks for the help.

Link to post
Share on other sites

Guest Taykum

Sorry ill get you the scripts tonight just had 48 hours of airport fun and freaking out that my windows side died >_< Thanks again for the help ill be right back (hopefully) with those logs.

Link to post
Share on other sites

Guest Taykum
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-07-2014

Ran by SYSTEM on MININT-LTAU5M7 on 26-07-2014 03:14:29

Running from e:\

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [741760 2012-03-27] (Apple Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2012-01-04] (Intel Corporation)

HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442712 2013-11-17] (Razer Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)

HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [3487888 2014-01-21] (Bradford Networks)

HKU\Default\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

HKU\Jacob\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-07-14] ()

HKU\Jacob\...\Run: [uTorrent] => C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-14] (BitTorrent Inc.)

HKU\Jacob\...\Run: [AdobeBridge] => [X]

HKU\Jacob\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk

ShortcutTarget: Curse.lnk ->  (No File)

Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk ->  (No File)

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2012-03-27] ()

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-10] (AVAST Software)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-26] ()

S2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [4130960 2014-01-21] (Bradford Networks)

S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)

S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)

S2 HPSLPSVC; C:\Users\Jacob\AppData\Local\Temp\7zS7447\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4145600 2012-06-20] (INCA Internet Co., Ltd.)

S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-11] ()

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-02-07] (Apple Inc.)

S3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-02-07] (Apple Inc.)

S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-10] (AVAST Software)

S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-10] (AVAST Software)

S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-10] ()

S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-10] (AVAST Software)

S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-10] (AVAST Software)

S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-10] (AVAST Software)

S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)

S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-10] ()

S3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [33240 2012-08-21] ()

S3 dump_wmimmc; \??\C:\Program Files (x86)\SEGA\PHANTASYSTARONLINE2\pso2_bin\GameGuard\dump_wmimmc.sys [X]

S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-26 03:14 - 2014-07-26 03:14 - 00000000 ____D () C:\FRST

2014-07-23 22:37 - 2014-07-23 22:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-07-23 22:37 - 2014-07-23 22:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-23 22:37 - 2014-05-12 05:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2014-07-23 22:37 - 2014-05-12 05:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

2014-07-23 22:12 - 2014-07-23 22:12 - 00002526 _____ () C:\Users\Jacob\Desktop\Windows 7 USB DVD Download Tool.lnk

2014-07-23 22:12 - 2014-07-23 22:12 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Apps\Windows 7 USB DVD Download Tool

2014-07-23 21:36 - 2014-07-23 21:36 - 02721168 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Windows7-USB-DVD-tool.exe

2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\ProgramData\Riot Games

2014-07-11 00:56 - 2014-07-11 00:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Unity

2014-07-11 00:54 - 2014-07-11 00:54 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Unity

2014-07-08 23:29 - 2014-07-08 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-07 20:20 - 2014-07-07 20:20 - 00000000 ____D () C:\Users\Jacob\dwhelper

2014-07-02 18:56 - 2014-07-02 18:59 - 00000000 ____D () C:\Program Files (x86)\RaidCall

2014-07-02 18:56 - 2014-07-02 18:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\raidcall

2014-07-01 17:00 - 2014-07-01 17:00 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\SpaceEngineers

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-26 03:14 - 2014-07-26 03:14 - 00000000 ____D () C:\FRST

2014-07-24 18:56 - 2012-11-29 08:46 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-24 18:49 - 2012-07-22 21:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Skype

2014-07-24 17:20 - 2012-07-23 04:30 - 01903336 _____ () C:\Windows\WindowsUpdate.log

2014-07-24 17:11 - 2009-07-13 20:51 - 00183186 _____ () C:\Windows\setupact.log

2014-07-24 11:53 - 2013-10-17 15:44 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-07-24 11:53 - 2013-10-15 17:54 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Battle.net

2014-07-24 11:46 - 2009-07-13 20:45 - 00021472 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-24 11:46 - 2009-07-13 20:45 - 00021472 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-24 09:20 - 2012-08-02 19:37 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\uTorrent

2014-07-24 09:19 - 2012-11-29 08:46 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-24 09:17 - 2014-01-07 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-07-24 09:17 - 2010-11-20 19:47 - 00393362 _____ () C:\Windows\PFRO.log

2014-07-24 09:17 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-23 22:38 - 2014-07-23 22:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-07-23 22:37 - 2014-07-23 22:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-23 22:37 - 2013-09-14 22:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-23 22:12 - 2014-07-23 22:12 - 00002526 _____ () C:\Users\Jacob\Desktop\Windows 7 USB DVD Download Tool.lnk

2014-07-23 22:12 - 2014-07-23 22:12 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Apps\Windows 7 USB DVD Download Tool

2014-07-23 21:36 - 2014-07-23 21:36 - 02721168 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Windows7-USB-DVD-tool.exe

2014-07-23 21:34 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-07-23 21:14 - 2012-07-22 22:00 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-07-23 20:49 - 2014-05-18 09:41 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios

2014-07-23 20:49 - 2012-07-23 20:32 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios

2014-07-23 20:49 - 2012-07-22 21:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-07-23 20:47 - 2013-10-01 17:21 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft

2014-07-22 23:41 - 2014-05-22 15:37 - 00000000 ____D () C:\Program Files (x86)\Hearthstone

2014-07-20 10:37 - 2012-07-22 22:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\ProgramData\Riot Games

2014-07-14 14:42 - 2014-02-12 03:10 - 00000000 ___RD () C:\Users\Jacob\Dropbox

2014-07-14 14:42 - 2014-02-12 03:03 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\DropboxMaster

2014-07-14 14:42 - 2014-02-12 03:00 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Dropbox

2014-07-11 00:56 - 2014-07-11 00:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Unity

2014-07-11 00:54 - 2014-07-11 00:54 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Unity

2014-07-10 20:39 - 2012-07-22 21:52 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Deployment

2014-07-08 23:29 - 2014-07-08 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-07 20:20 - 2014-07-07 20:20 - 00000000 ____D () C:\Users\Jacob\dwhelper

2014-07-07 20:20 - 2012-07-22 21:35 - 00000000 ____D () C:\users\Jacob

2014-07-06 11:03 - 2013-02-25 03:26 - 00000000 ___RD () C:\Users\Jacob\Desktop\Desktop Stuff

2014-07-02 18:59 - 2014-07-02 18:56 - 00000000 ____D () C:\Program Files (x86)\RaidCall

2014-07-02 18:56 - 2014-07-02 18:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\raidcall

2014-07-01 17:00 - 2014-07-01 17:00 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\SpaceEngineers

2014-06-29 02:30 - 2012-08-02 21:43 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\vlc

 

 

 

This is all that was in the text file

Link to post
Share on other sites

Guest Taykum
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-07-2014

Ran by SYSTEM on MININT-FU55NMG on 26-07-2014 14:16:36

Running from e:\

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [741760 2012-03-27] (Apple Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2012-01-04] (Intel Corporation)

HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442712 2013-11-17] (Razer Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)

HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [3487888 2014-01-21] (Bradford Networks)

HKU\Default\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

HKU\Jacob\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-07-14] ()

HKU\Jacob\...\Run: [uTorrent] => C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-14] (BitTorrent Inc.)

HKU\Jacob\...\Run: [AdobeBridge] => [X]

HKU\Jacob\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk

ShortcutTarget: Curse.lnk ->  (No File)

Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk ->  (No File)

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2012-03-27] ()

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-10] (AVAST Software)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-26] ()

S2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [4130960 2014-01-21] (Bradford Networks)

S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)

S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)

S2 HPSLPSVC; C:\Users\Jacob\AppData\Local\Temp\7zS7447\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4145600 2012-06-20] (INCA Internet Co., Ltd.)

S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-11] ()

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-02-07] (Apple Inc.)

S3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-02-07] (Apple Inc.)

S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-10] (AVAST Software)

S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-10] (AVAST Software)

S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-10] ()

S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-10] (AVAST Software)

S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-10] (AVAST Software)

S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-10] (AVAST Software)

S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)

S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-10] ()

S3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [33240 2012-08-21] ()

S3 dump_wmimmc; \??\C:\Program Files (x86)\SEGA\PHANTASYSTARONLINE2\pso2_bin\GameGuard\dump_wmimmc.sys [X]

S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-26 03:14 - 2014-07-26 03:14 - 00000000 ____D () C:\FRST

2014-07-23 22:37 - 2014-07-23 22:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-07-23 22:37 - 2014-07-23 22:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-23 22:37 - 2014-05-12 05:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2014-07-23 22:37 - 2014-05-12 05:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

2014-07-23 22:12 - 2014-07-23 22:12 - 00002526 _____ () C:\Users\Jacob\Desktop\Windows 7 USB DVD Download Tool.lnk

2014-07-23 22:12 - 2014-07-23 22:12 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Apps\Windows 7 USB DVD Download Tool

2014-07-23 21:36 - 2014-07-23 21:36 - 02721168 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Windows7-USB-DVD-tool.exe

2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\ProgramData\Riot Games

2014-07-11 00:56 - 2014-07-11 00:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Unity

2014-07-11 00:54 - 2014-07-11 00:54 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Unity

2014-07-08 23:29 - 2014-07-08 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-07 20:20 - 2014-07-07 20:20 - 00000000 ____D () C:\Users\Jacob\dwhelper

2014-07-02 18:56 - 2014-07-02 18:59 - 00000000 ____D () C:\Program Files (x86)\RaidCall

2014-07-02 18:56 - 2014-07-02 18:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\raidcall

2014-07-01 17:00 - 2014-07-01 17:00 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\SpaceEngineers

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-26 03:14 - 2014-07-26 03:14 - 00000000 ____D () C:\FRST

2014-07-24 18:56 - 2012-11-29 08:46 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-24 18:49 - 2012-07-23 04:30 - 01903336 _____ () C:\Windows\WindowsUpdate.log

2014-07-24 18:49 - 2012-07-22 21:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Skype

2014-07-24 17:11 - 2009-07-13 20:51 - 00183186 _____ () C:\Windows\setupact.log

2014-07-24 11:53 - 2013-10-17 15:44 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-07-24 11:53 - 2013-10-15 17:54 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Battle.net

2014-07-24 11:46 - 2009-07-13 20:45 - 00021472 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-24 11:46 - 2009-07-13 20:45 - 00021472 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-24 09:20 - 2012-08-02 19:37 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\uTorrent

2014-07-24 09:19 - 2012-11-29 08:46 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-24 09:17 - 2014-01-07 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-07-24 09:17 - 2010-11-20 19:47 - 00393362 _____ () C:\Windows\PFRO.log

2014-07-24 09:17 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-23 22:38 - 2014-07-23 22:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-07-23 22:37 - 2014-07-23 22:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-23 22:37 - 2013-09-14 22:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-23 22:12 - 2014-07-23 22:12 - 00002526 _____ () C:\Users\Jacob\Desktop\Windows 7 USB DVD Download Tool.lnk

2014-07-23 22:12 - 2014-07-23 22:12 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Apps\Windows 7 USB DVD Download Tool

2014-07-23 21:36 - 2014-07-23 21:36 - 02721168 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Windows7-USB-DVD-tool.exe

2014-07-23 21:34 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-07-23 21:14 - 2012-07-22 22:00 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-07-23 20:49 - 2014-05-18 09:41 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios

2014-07-23 20:49 - 2012-07-23 20:32 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios

2014-07-23 20:49 - 2012-07-22 21:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-07-23 20:47 - 2013-10-01 17:21 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft

2014-07-22 23:41 - 2014-05-22 15:37 - 00000000 ____D () C:\Program Files (x86)\Hearthstone

2014-07-20 10:37 - 2012-07-22 22:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\ProgramData\Riot Games

2014-07-14 14:42 - 2014-02-12 03:10 - 00000000 ___RD () C:\Users\Jacob\Dropbox

2014-07-14 14:42 - 2014-02-12 03:03 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\DropboxMaster

2014-07-14 14:42 - 2014-02-12 03:00 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Dropbox

2014-07-11 00:56 - 2014-07-11 00:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Unity

2014-07-11 00:54 - 2014-07-11 00:54 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Unity

2014-07-10 20:39 - 2012-07-22 21:52 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Deployment

2014-07-08 23:29 - 2014-07-08 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-07 20:20 - 2014-07-07 20:20 - 00000000 ____D () C:\Users\Jacob\dwhelper

2014-07-07 20:20 - 2012-07-22 21:35 - 00000000 ____D () C:\users\Jacob

2014-07-06 11:03 - 2013-02-25 03:26 - 00000000 ___RD () C:\Users\Jacob\Desktop\Desktop Stuff

2014-07-02 18:59 - 2014-07-02 18:56 - 00000000 ____D () C:\Program Files (x86)\RaidCall

2014-07-02 18:56 - 2014-07-02 18:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\raidcall

2014-07-01 17:00 - 2014-07-01 17:00 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\SpaceEngineers

2014-06-29 02:30 - 2012-08-02 21:43 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\vlc

 

Files to move or delete:

====================

C:\ProgramData\hash.dat

C:\ProgramData\uninstaller.exe

 

 

Some content of TEMP:

====================

C:\Users\Jacob\AppData\Local\Temp\AcDeltree.exe

C:\Users\Jacob\AppData\Local\Temp\Activemail21461.exe

C:\Users\Jacob\AppData\Local\Temp\Activemail28901.exe

C:\Users\Jacob\AppData\Local\Temp\Activemail4308.exe

C:\Users\Jacob\AppData\Local\Temp\ActiveMailComServer.exe

C:\Users\Jacob\AppData\Local\Temp\BRSVC_750006521_hlp.exe

C:\Users\Jacob\AppData\Local\Temp\certutil.exe

C:\Users\Jacob\AppData\Local\Temp\crt4B16.tmp.exe

C:\Users\Jacob\AppData\Local\Temp\drm_dyndata_7400005.dll

C:\Users\Jacob\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppdpoft.dll

C:\Users\Jacob\AppData\Local\Temp\FNP_ACT_InstallerCA.dll

C:\Users\Jacob\AppData\Local\Temp\gtalkwmp1.dll

C:\Users\Jacob\AppData\Local\Temp\Gw2.exe

C:\Users\Jacob\AppData\Local\Temp\hcuninstaller_20130324_235158_14468.exe

C:\Users\Jacob\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe

C:\Users\Jacob\AppData\Local\Temp\HiRezLauncherControls.dll

C:\Users\Jacob\AppData\Local\Temp\HPInstaller.exe

C:\Users\Jacob\AppData\Local\Temp\ICReinstall_mozilla-firefox-toDownload.exe

C:\Users\Jacob\AppData\Local\Temp\ICReinstall_WECPSetup.exe

C:\Users\Jacob\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

C:\Users\Jacob\AppData\Local\Temp\msvcr71.dll

C:\Users\Jacob\AppData\Local\Temp\nspr4.dll

C:\Users\Jacob\AppData\Local\Temp\nss3.dll

C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Jacob\AppData\Local\Temp\nvStereoApiI64.dll

C:\Users\Jacob\AppData\Local\Temp\nvStInst.exe

C:\Users\Jacob\AppData\Local\Temp\plc4.dll

C:\Users\Jacob\AppData\Local\Temp\plds4.dll

C:\Users\Jacob\AppData\Local\Temp\riftuninstall.exe

C:\Users\Jacob\AppData\Local\Temp\Setup64.exe

C:\Users\Jacob\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Jacob\AppData\Local\Temp\smime3.dll

C:\Users\Jacob\AppData\Local\Temp\softokn3.dll

C:\Users\Jacob\AppData\Local\Temp\SRLDetectionLibrary8222817698689782986.dll

C:\Users\Jacob\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Jacob\AppData\Local\Temp\swt-win32-3740.dll

C:\Users\Jacob\AppData\Local\Temp\tbuTo0.dll

C:\Users\Jacob\AppData\Local\Temp\tmp511.exe

C:\Users\Jacob\AppData\Local\Temp\tmpAAD.exe

C:\Users\Jacob\AppData\Local\Temp\tmpDC99.exe

C:\Users\Jacob\AppData\Local\Temp\tmpF190.exe

C:\Users\Jacob\AppData\Local\Temp\Uninstall.exe

C:\Users\Jacob\AppData\Local\Temp\Uninstaller-3244.exe

C:\Users\Jacob\AppData\Local\Temp\Uninstaller-3544.exe

C:\Users\Jacob\AppData\Local\Temp\Uninstaller-5480.exe

C:\Users\Jacob\AppData\Local\Temp\utt129A.tmp.exe

C:\Users\Jacob\AppData\Local\Temp\utt3C63.tmp.exe

C:\Users\Jacob\AppData\Local\Temp\utt5BE8.tmp.exe

C:\Users\Jacob\AppData\Local\Temp\vlc-2.0.6-win32.exe

C:\Users\Jacob\AppData\Local\Temp\vlc-2.0.7-win32.exe

C:\Users\Jacob\AppData\Local\Temp\vlc-2.0.8-win32.exe

C:\Users\Jacob\AppData\Local\Temp\vrayuninst.dll

C:\Users\Jacob\AppData\Local\Temp\xmlUpdater.exe

 

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== Restore Points  =========================

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 9%

Total physical RAM: 8130.7 MB

Available physical RAM: 7359.91 MB

Total Pagefile: 8128.89 MB

Available Pagefile: 7364.86 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

 

==================== Drives ================================

 

Drive c: (BOOTCAMP) (Fixed) (Total:269.43 GB) (Free:25.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (LUPIN1_EDITED) (CDROM) (Total:3.63 GB) (Free:0 GB) UDF

Drive e: () (Removable) (Total:1.88 GB) (Free:1.87 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 08CF2A61)

 

Partition: GPT Partition Type.

Partition 2: (Not Active) - (Size=428 GB) - (Type=AF)

Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)

Partition 4: (Active) - (Size=269 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 2 GB) (Disk ID: 04DD5721)

Partition 1: (Active) - (Size=2 GB) - (Type=06)

 

 

LastRegBack: 2014-07-17 22:01

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your USB flashdrive.
>> Exit out of Recovery Environment and post me the log please.

Try to boot Windows normally...

fixlist.txt

Link to post
Share on other sites

Guest Taykum
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-07-2014

Ran by SYSTEM at 2014-07-27 05:51:36 Run:1

Running from e:\

Boot Mode: Recovery

==============================================

 

Content of fixlist:

*****************

Task: {5446DFDF-5672-4792-8C62-90BBDF61240D} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION

Task: {573321D3-5F35-46BD-9E83-6FC8D328B90D} - System32\Tasks\ASP => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION

Task: {96DCEF92-E4E8-4D38-86AB-C655B2B50CFF} - System32\Tasks\Digital Sites => C:\Users\Drewskii\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {C860FA74-E2A3-4C62-9904-3BDC7FF09474} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION

AlternateDataStreams: C:\Users\Drewskii\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Drewskii\Downloads\331.82-desktop-win8-win7-winvista-64bit-english-whql.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\334.89-desktop-win8-win7-winvista-64bit-english-whql.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\337.88-desktop-win8-win7-winvista-64bit-english-whql (1).exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\337.88-desktop-win8-win7-winvista-64bit-english-whql.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\60Second_en_us.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\battlelog-web-plugins_2.3.2_129.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\battlelog-web-plugins_2.3.2_130.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\battlelog-web-plugins_2.4.0_141.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\bitdefender_w8security.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\BOSS v2.1.1 Installer.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\Castlevania_Lords_of_Shadow_Ultimate_Edition_Online_Game_Code_Downloader.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\chromeinstall-7u45.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\chromeinstall-7u51.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\Diablo-III-Setup-enUS (1).exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\Diablo-III-Setup-enUS.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\ffxivsetup.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\FRST64.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\GeForce_Experience_v1.8.0.0 (1).exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\GeForce_Experience_v1.8.0.0 (2).exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\GeForce_Experience_v1.8.0.0.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\gfwlivesetup.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\Hearthstone-Setup-enUS.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\ImageEditorSetup.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\iTunes64Setup.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\IZArcInstall.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\jre-7u65-windows-i586.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\jre-7u65-windows-x64.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\mbam-setup-2.0.2.1012.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\Nexus Mod Manager-0.46.0.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\Nexus Mod Manager-0.49.3.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\OriginThinSetup.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\setup.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\Setup.X86.en-US_O365HomePremRetail_f10263c9-8cf6-44b4-80a3-0fcc6ed8c102_TX_PR_.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\Silverlight (1).exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\Silverlight.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\skse_1_06_16_installer (1).exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\skse_1_06_16_installer (2).exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\skse_1_06_16_installer (3).exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\skse_1_06_16_installer (4).exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\skse_1_06_16_installer.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\SkypeSetup.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\SkypeSetupFull.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\Star_Wars_The_Old_Republic_2400_Cartel_Coins_Exclusive_Item_Online_Game_Code_Downloader (1).exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\Star_Wars_The_Old_Republic_2400_Cartel_Coins_Exclusive_Item_Online_Game_Code_Downloader (2).exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\Star_Wars_The_Old_Republic_2400_Cartel_Coins_Exclusive_Item_Online_Game_Code_Downloader.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\TERA-Setup.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\The_Bureau_XCOM_Declassified_Online_Game_Code_Downloader.exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\XCOM_Enemy_Unknown_Online_Game_Code_Downloader (1).exe:BDU

AlternateDataStreams: C:\Users\Drewskii\Downloads\XCOM_Enemy_Unknown_Online_Game_Code_Downloader.exe:BDU

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

C:\Program Files (x86)\Ask.com

C:\Program Files (x86)\AskPartnerNetwork

HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)

HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1956760 2014-06-23] (APN)

ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF31B96191CFACE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank


CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Drewskii\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2013-05-28]

C:\Users\Drewskii\AppData\Local\APN

CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2014-06-24]

C:\ProgramData\AskPartnerNetwork

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)

C:\Users\Drewskii\AppData\Local\Temp\APNSetup.exe

C:\Users\Drewskii\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

C:\Users\Drewskii\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Drewskii\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Drewskii\AppData\Local\Temp\nvStInst.exe

C:\Users\Drewskii\AppData\Local\Temp\sonarinst.exe

C:\Users\Drewskii\AppData\Local\Temp\SRLDetectionLibrary7307318649763522726.dll

C:\Users\Drewskii\AppData\Local\Temp\swt-win32-3349.dll

cmd: ipconfig /flushdns

*****************

 

Task: {5446DFDF-5672-4792-8C62-90BBDF61240D} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION => Error: The entry should be fixed outside recovery mode.

Task: {573321D3-5F35-46BD-9E83-6FC8D328B90D} - System32\Tasks\ASP => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION => Error: The entry should be fixed outside recovery mode.

Task: {96DCEF92-E4E8-4D38-86AB-C655B2B50CFF} - System32\Tasks\Digital Sites => C:\Users\Drewskii\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION => Error: The entry should be fixed outside recovery mode.

Task: {C860FA74-E2A3-4C62-9904-3BDC7FF09474} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.

"C:\Users\Drewskii\SkyDrive" => ":ms-properties" ADS not found.

"C:\Users\Drewskii\Downloads\331.82-desktop-win8-win7-winvista-64bit-english-whql.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\334.89-desktop-win8-win7-winvista-64bit-english-whql.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\337.88-desktop-win8-win7-winvista-64bit-english-whql (1).exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\337.88-desktop-win8-win7-winvista-64bit-english-whql.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\60Second_en_us.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\battlelog-web-plugins_2.3.2_129.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\battlelog-web-plugins_2.3.2_130.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\battlelog-web-plugins_2.4.0_141.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\bitdefender_w8security.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\BOSS v2.1.1 Installer.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\Castlevania_Lords_of_Shadow_Ultimate_Edition_Online_Game_Code_Downloader.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\chromeinstall-7u45.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\chromeinstall-7u51.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\Diablo-III-Setup-enUS (1).exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\Diablo-III-Setup-enUS.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\ffxivsetup.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\FRST64.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\GeForce_Experience_v1.8.0.0 (1).exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\GeForce_Experience_v1.8.0.0 (2).exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\GeForce_Experience_v1.8.0.0.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\gfwlivesetup.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\Hearthstone-Setup-enUS.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\ImageEditorSetup.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\iTunes64Setup.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\IZArcInstall.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\jre-7u65-windows-i586.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\jre-7u65-windows-x64.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\mbam-setup-2.0.2.1012.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\Nexus Mod Manager-0.46.0.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\Nexus Mod Manager-0.49.3.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\OriginThinSetup.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\setup.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\Setup.X86.en-US_O365HomePremRetail_f10263c9-8cf6-44b4-80a3-0fcc6ed8c102_TX_PR_.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\Silverlight (1).exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\Silverlight.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\skse_1_06_16_installer (1).exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\skse_1_06_16_installer (2).exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\skse_1_06_16_installer (3).exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\skse_1_06_16_installer (4).exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\skse_1_06_16_installer.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\SkypeSetup.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\SkypeSetupFull.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\Star_Wars_The_Old_Republic_2400_Cartel_Coins_Exclusive_Item_Online_Game_Code_Downloader (1).exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\Star_Wars_The_Old_Republic_2400_Cartel_Coins_Exclusive_Item_Online_Game_Code_Downloader (2).exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\Star_Wars_The_Old_Republic_2400_Cartel_Coins_Exclusive_Item_Online_Game_Code_Downloader.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\TERA-Setup.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\The_Bureau_XCOM_Declassified_Online_Game_Code_Downloader.exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\XCOM_Enemy_Unknown_Online_Game_Code_Downloader (1).exe" => ":BDU" ADS not found.

"C:\Users\Drewskii\Downloads\XCOM_Enemy_Unknown_Online_Game_Code_Downloader.exe" => ":BDU" ADS not found.

C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe => No running process found

"C:\Program Files (x86)\Ask.com" => File/Directory not found.

"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key not found.

"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key not found.

"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key not found.

"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key not found.

"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key not found.

"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key not found.

"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank => Error: The entry should be fixed outside recovery mode.

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/ => Error: The entry should be fixed outside recovery mode.

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF31B96191CFACE01 => Error: The entry should be fixed outside recovery mode.

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US => Error: The entry should be fixed outside recovery mode.

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank => Error: The entry should be fixed outside recovery mode.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank => Error: The entry should be fixed outside recovery mode.

SearchScopes: HKCU - {51CFE20F-1B1D-4AFE-98D8-6558611E4C48} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=CDE4AC2E-BDB6-4760-9830-11095A928CF6&apn_sauid=5C2E5512-6F0F-4273-A5BD-E957B37A199F => Error: The entry should be fixed outside recovery mode.

CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Drewskii\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2013-05-28] => Error: The entry should be fixed outside recovery mode.

"C:\Users\Drewskii\AppData\Local\APN" => File/Directory not found.

CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2014-06-24] => Error: The entry should be fixed outside recovery mode.

"C:\ProgramData\AskPartnerNetwork" => File/Directory not found.

APNMCP => Service not found.

"C:\Users\Drewskii\AppData\Local\Temp\APNSetup.exe" => File/Directory not found.

"C:\Users\Drewskii\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe" => File/Directory not found.

"C:\Users\Drewskii\AppData\Local\Temp\nvSCPAPI.dll" => File/Directory not found.

"C:\Users\Drewskii\AppData\Local\Temp\nvSCPAPI64.dll" => File/Directory not found.

"C:\Users\Drewskii\AppData\Local\Temp\nvStInst.exe" => File/Directory not found.

"C:\Users\Drewskii\AppData\Local\Temp\sonarinst.exe" => File/Directory not found.

"C:\Users\Drewskii\AppData\Local\Temp\SRLDetectionLibrary7307318649763522726.dll" => File/Directory not found.

"C:\Users\Drewskii\AppData\Local\Temp\swt-win32-3349.dll" => File/Directory not found.

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Could not flush the DNS Resolver Cache: Function failed during execution.

 

 

========= End of CMD: =========

 

 

==== End of Fixlog ====

Link to post
Share on other sites

Guest Taykum
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-07-2014

Ran by SYSTEM at 2014-07-27 06:31:18 Run:3

Running from e:\

Boot Mode: Recovery

==============================================

 

Content of fixlist:

*****************

LastRegBack: 2014-07-17 22:01

*****************

 

DEFAULT hive was successfully copied to System32\config\HiveBackup

DEFAULT hive was successfully restored from registry back up.

SAM hive was successfully copied to System32\config\HiveBackup

SAM hive was successfully restored from registry back up.

SECURITY hive was successfully copied to System32\config\HiveBackup

SECURITY hive was successfully restored from registry back up.

SOFTWARE hive was successfully copied to System32\config\HiveBackup

SOFTWARE hive was successfully restored from registry back up.

SYSTEM hive was successfully copied to System32\config\HiveBackup

SYSTEM hive was successfully restored from registry back up.

 

==== End of Fixlog ====

 

 

Didn't Start up normally it went into sleep mode and than after waking it up was on a black screen with the mouse in the middle and i couldn't move it.

Link to post
Share on other sites

Guest Taykum

When i attempt to start it up normally it stays on the windows starting up screen. And i couldn't load into safe mode, it froze when it was loading drivers.

Link to post
Share on other sites

Guest Taykum

Just finished running malwarebytes twice first run deleted 76 threats second one didn't detect anything. I still think there is an underlying problem. Can't use chrome/Firefox/ie and the disk drive isn't showing up. Also got a memory warning half way through the first scan. Everything is running pretty slow too and I can't export any logs from malwarebytes because it instantly locks up as I hit export.

Link to post
Share on other sites

Guest Taykum

Here are 2 logs from malware bytes

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 7/27/2014 1:19:35 PM, SYSTEM, JACOB-PC, Manual, Malware Database, 2014.7.24.1, 2014.7.27.7, 
Update, 7/27/2014 5:32:38 PM, SYSTEM, JACOB-PC, Manual, Malware Database, 2014.7.27.7, 2014.7.27.10, 
 
(end)
Link to post
Share on other sites

Guest Taykum
<logs>


<record severity="debug" LoggingEventType="1" datetime="2014-07-27T13:19:35.822377-06:00" source="Manual" type="Update" username="SYSTEM" systemname="JACOB-PC"fromVersion="2014.7.24.1" last_modified_tag="84afcf45-572e-4a1e-bff4-a05cdb8a313b" name="Malware Database" toVersion="2014.7.27.7"/>

<record severity="debug" LoggingEventType="1" datetime="2014-07-27T17:32:38.752903-06:00" source="Manual" type="Update" username="SYSTEM" systemname="JACOB-PC"fromVersion="2014.7.27.7" last_modified_tag="ebca492e-37d2-473b-8552-216df1c9228f" name="Malware Database" toVersion="2014.7.27.10"/>


</logs>

Link to post
Share on other sites

  • Staff

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.

Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Guest Taykum
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014

Ran by Jacob (administrator) on JACOB-PC on 30-07-2014 14:37:31

Running from C:\Users\Jacob\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\DFDWiz.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe

() C:\Program Files (x86)\puush\puush.exe

() C:\Windows\System32\AppleOSSMgr.exe

(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe

(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\sdclt.exe

(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [741760 2012-03-27] (Apple Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2012-01-04] (Intel Corporation)

HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442712 2013-11-17] (Razer Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)

HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [3487888 2014-01-21] (Bradford Networks)

HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-21-2221887244-471328896-3595182596-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-07-14] ()

HKU\S-1-5-21-2221887244-471328896-3595182596-1000\...\Run: [uTorrent] => C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-14] (BitTorrent Inc.)

HKU\S-1-5-21-2221887244-471328896-3595182596-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2221887244-471328896-3595182596-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-2221887244-471328896-3595182596-1000\...\MountPoints2: {11ce87c3-c4d8-11e2-a273-806e6f6e6963} - G:\Setup.exe

HKU\S-1-5-21-2221887244-471328896-3595182596-1000\...\MountPoints2: {21e80aba-9ebf-11e3-abf1-406c8f127226} - G:\LaunchU3.exe -a

HKU\S-1-5-21-2221887244-471328896-3595182596-1000\...\MountPoints2: {445a0558-ea10-11e1-9401-1040f3eef0e3} - F:\Setup.exe

Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk

ShortcutTarget: Curse.lnk -> C:\Users\Jacob\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jacob\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253



StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe




SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


SearchScopes: HKCU - DefaultScope {C393DECF-DDAC-4CBE-9B87-2971E163CE72} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}

SearchScopes: HKCU - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}


SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {480A0AE6-E977-4075-ADA9-77926F6B1787} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253


SearchScopes: HKCU - {C393DECF-DDAC-4CBE-9B87-2971E163CE72} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}

BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - avast! EasyPass Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

 

FireFox:

========

FF ProfilePath: C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\lekf6310.default

FF DefaultSearchEngine: Yahoo!

FF SelectedSearchEngine: Yahoo!


FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()

FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Jacob\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jacob\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File

FF SearchPlugin: C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\lekf6310.default\searchplugins\yahoo_ff.xml

FF Extension: DownloadHelper - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\lekf6310.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-07-07]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-09]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-23]

FF HKLM-x32\...\Firefox\Extensions: [{55A8EC97-6AF6-442c-877F-11C51DBD162D}] - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YTVD_FF.xpi

FF Extension: YouTube Video Downloader Extension - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YTVD_FF.xpi [2014-06-15]

 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR Extension: (No Name) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]

CHR Extension: (YouTube) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-29]

CHR Extension: (Slinky Elegant) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2013-01-16]

CHR Extension: (Google Search) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-29]

CHR Extension: (AdBlock) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-14]

CHR Extension: (Google Wallet) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

CHR Extension: (Google Reader) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2013-01-16]

CHR Extension: (Gmail) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-29]

CHR HKCU\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Jacob\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-11-15]

CHR HKLM-x32\...\Chrome\Extension: [igljnkmljjbhcellpnjppojkfdfmkjmp] - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YTVD_GC.crx [2014-06-15]

CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Jacob\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-11-15]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2012-03-27] ()

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-10] (AVAST Software)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-26] () [File not signed]

R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [4130960 2014-01-21] (Bradford Networks)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)

U2 HPSLPSVC; C:\Users\Jacob\AppData\Local\Temp\7zS7447\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.) [File not signed]

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4145600 2012-06-20] (INCA Internet Co., Ltd.)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-11] ()

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]

S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [X]

S2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-02-07] (Apple Inc.)

R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-02-07] (Apple Inc.)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-10] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-10] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-10] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-10] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-10] (AVAST Software)

R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-10] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-10] ()

S3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [33240 2012-08-21] () [File not signed]

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

S3 dump_wmimmc; \??\C:\Program Files (x86)\SEGA\PHANTASYSTARONLINE2\pso2_bin\GameGuard\dump_wmimmc.sys [X]

S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-30 14:37 - 2014-07-30 08:45 - 00021570 _____ () C:\Users\Jacob\Desktop\FRST.txt

2014-07-30 07:58 - 2014-07-30 07:59 - 00000000 ____D () C:\.fseventsd

2014-07-30 07:52 - 2014-07-30 07:52 - 02093568 _____ (Farbar) C:\Users\Jacob\Desktop\FRST64.exe

2014-07-30 07:52 - 2014-07-30 07:52 - 00004096 _____ () C:\Users\Jacob\Desktop\._FRST64.exe

2014-07-28 22:20 - 2014-07-28 22:20 - 00006148 _____ () C:\Users\Jacob\Desktop\.DS_Store

2014-07-28 22:20 - 2014-07-28 22:20 - 00004096 _____ () C:\Users\Jacob\Desktop\._.DS_Store

2014-07-28 00:53 - 2014-07-28 22:20 - 00015364 _____ () C:\Users\.DS_Store

2014-07-28 00:53 - 2014-07-28 22:20 - 00012292 _____ () C:\Users\Jacob\.DS_Store

2014-07-28 00:53 - 2014-07-28 00:54 - 00006148 _____ () C:\ProgramData\.DS_Store

2014-07-28 00:53 - 2014-07-28 00:53 - 00004096 _____ () C:\Users\Jacob\._.DS_Store

2014-07-28 00:53 - 2014-07-28 00:53 - 00004096 _____ () C:\Users\._.DS_Store

2014-07-28 00:53 - 2014-07-28 00:53 - 00004096 _____ () C:\ProgramData\._.DS_Store

2014-07-28 00:52 - 2014-07-28 22:20 - 00015364 _____ () C:\.DS_Store

2014-07-28 00:52 - 2014-07-28 00:52 - 00004096 _____ () C:\._.DS_Store

2014-07-27 18:58 - 2014-07-27 18:58 - 00004096 _____ () C:\._.Trashes

2014-07-27 18:58 - 2014-07-27 18:58 - 00000000 ____D () C:\.Trashes

2014-07-27 17:48 - 2014-07-27 17:48 - 00000265 _____ () C:\Users\Jacob\Desktop\dasdfas.txt

2014-07-27 08:31 - 2014-07-27 08:31 - 00000000 ____D () C:\Windows\system32\config\HiveBackup

2014-07-26 05:14 - 2014-07-30 08:39 - 00000000 ____D () C:\FRST

2014-07-24 00:37 - 2014-07-27 17:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-24 00:37 - 2014-07-24 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-24 00:37 - 2014-07-24 00:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-24 00:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-24 00:37 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-24 00:12 - 2014-07-24 00:12 - 00002526 _____ () C:\Users\Jacob\Desktop\Windows 7 USB DVD Download Tool.lnk

2014-07-24 00:12 - 2014-07-24 00:12 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool

2014-07-24 00:12 - 2014-07-24 00:12 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Apps\Windows 7 USB DVD Download Tool

2014-07-16 21:10 - 2014-07-16 21:10 - 00000000 ____D () C:\ProgramData\Riot Games

2014-07-11 02:56 - 2014-07-11 02:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Unity

2014-07-11 02:54 - 2014-07-11 02:54 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Unity

2014-07-09 01:29 - 2014-07-09 01:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-07 22:20 - 2014-07-07 22:20 - 00000000 ____D () C:\Users\Jacob\dwhelper

2014-07-02 20:56 - 2014-07-02 20:59 - 00000000 ____D () C:\Program Files (x86)\RaidCall

2014-07-02 20:56 - 2014-07-02 20:56 - 00001039 _____ () C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk

2014-07-02 20:56 - 2014-07-02 20:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\raidcall

2014-07-02 20:56 - 2014-07-02 20:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall

2014-07-02 20:56 - 2014-07-02 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall

2014-07-01 19:00 - 2014-07-01 19:00 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\SpaceEngineers

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-30 14:33 - 2012-11-29 10:46 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-30 14:33 - 2012-08-02 21:37 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\uTorrent

2014-07-30 14:33 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-30 14:32 - 2009-07-13 22:51 - 00183410 _____ () C:\Windows\setupact.log

2014-07-30 08:45 - 2014-07-30 14:37 - 00021570 _____ () C:\Users\Jacob\Desktop\FRST.txt

2014-07-30 08:39 - 2014-07-26 05:14 - 00000000 ____D () C:\FRST

2014-07-30 07:59 - 2014-07-30 07:58 - 00000000 ____D () C:\.fseventsd

2014-07-30 07:52 - 2014-07-30 07:52 - 02093568 _____ (Farbar) C:\Users\Jacob\Desktop\FRST64.exe

2014-07-30 07:52 - 2014-07-30 07:52 - 00004096 _____ () C:\Users\Jacob\Desktop\._FRST64.exe

2014-07-28 22:20 - 2014-07-28 22:20 - 00006148 _____ () C:\Users\Jacob\Desktop\.DS_Store

2014-07-28 22:20 - 2014-07-28 22:20 - 00004096 _____ () C:\Users\Jacob\Desktop\._.DS_Store

2014-07-28 22:20 - 2014-07-28 00:53 - 00015364 _____ () C:\Users\.DS_Store

2014-07-28 22:20 - 2014-07-28 00:53 - 00012292 _____ () C:\Users\Jacob\.DS_Store

2014-07-28 22:20 - 2014-07-28 00:52 - 00015364 _____ () C:\.DS_Store

2014-07-28 22:20 - 2013-02-25 05:26 - 00000000 ___RD () C:\Users\Jacob\Desktop\Desktop Stuff

2014-07-28 22:20 - 2012-07-22 23:35 - 00000000 __SHD () C:\Recovery

2014-07-28 00:54 - 2014-07-28 00:53 - 00006148 _____ () C:\ProgramData\.DS_Store

2014-07-28 00:54 - 2013-09-15 00:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-28 00:53 - 2014-07-28 00:53 - 00004096 _____ () C:\Users\Jacob\._.DS_Store

2014-07-28 00:53 - 2014-07-28 00:53 - 00004096 _____ () C:\Users\._.DS_Store

2014-07-28 00:53 - 2014-07-28 00:53 - 00004096 _____ () C:\ProgramData\._.DS_Store

2014-07-28 00:53 - 2012-07-22 23:35 - 00000000 ____D () C:\Users\Jacob

2014-07-28 00:52 - 2014-07-28 00:52 - 00004096 _____ () C:\._.DS_Store

2014-07-28 00:32 - 2012-07-23 06:30 - 01934951 _____ () C:\Windows\WindowsUpdate.log

2014-07-28 00:31 - 2012-11-29 10:46 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-27 19:15 - 2012-07-22 23:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Skype

2014-07-27 19:14 - 2009-07-13 22:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-27 19:14 - 2009-07-13 22:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-27 18:58 - 2014-07-27 18:58 - 00004096 _____ () C:\._.Trashes

2014-07-27 18:58 - 2014-07-27 18:58 - 00000000 ____D () C:\.Trashes

2014-07-27 17:48 - 2014-07-27 17:48 - 00000265 _____ () C:\Users\Jacob\Desktop\dasdfas.txt

2014-07-27 17:32 - 2014-07-24 00:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-27 17:31 - 2010-11-20 21:47 - 00398448 _____ () C:\Windows\PFRO.log

2014-07-27 08:31 - 2014-07-27 08:31 - 00000000 ____D () C:\Windows\system32\config\HiveBackup

2014-07-24 13:53 - 2013-10-17 17:44 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-07-24 13:53 - 2013-10-15 19:54 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Battle.net

2014-07-24 11:17 - 2014-01-07 19:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-07-24 00:37 - 2014-07-24 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-24 00:37 - 2014-07-24 00:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-24 00:37 - 2013-09-15 00:57 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Malwarebytes

2014-07-24 00:12 - 2014-07-24 00:12 - 00002526 _____ () C:\Users\Jacob\Desktop\Windows 7 USB DVD Download Tool.lnk

2014-07-24 00:12 - 2014-07-24 00:12 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool

2014-07-24 00:12 - 2014-07-24 00:12 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Apps\Windows 7 USB DVD Download Tool

2014-07-23 23:34 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-23 23:14 - 2012-07-23 00:00 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-07-23 22:49 - 2014-05-18 11:41 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios

2014-07-23 22:49 - 2012-07-23 22:32 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios

2014-07-23 22:49 - 2012-07-22 23:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-07-23 22:47 - 2013-10-01 19:21 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft

2014-07-23 01:41 - 2014-05-22 17:37 - 00000000 ____D () C:\Program Files (x86)\Hearthstone

2014-07-20 12:37 - 2012-07-23 00:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-07-16 21:10 - 2014-07-16 21:10 - 00000000 ____D () C:\ProgramData\Riot Games

2014-07-14 16:50 - 2013-08-02 04:50 - 00000839 _____ () C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2014-07-14 16:42 - 2014-02-12 05:10 - 00000000 ___RD () C:\Users\Jacob\Dropbox

2014-07-14 16:42 - 2014-02-12 05:03 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\DropboxMaster

2014-07-14 16:42 - 2014-02-12 05:00 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Dropbox

2014-07-11 02:56 - 2014-07-11 02:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Unity

2014-07-11 02:54 - 2014-07-11 02:54 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Unity

2014-07-10 22:39 - 2012-07-22 23:52 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Deployment

2014-07-09 01:29 - 2014-07-09 01:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-07 22:20 - 2014-07-07 22:20 - 00000000 ____D () C:\Users\Jacob\dwhelper

2014-07-02 20:59 - 2014-07-02 20:56 - 00000000 ____D () C:\Program Files (x86)\RaidCall

2014-07-02 20:58 - 2014-06-23 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64

2014-07-02 20:56 - 2014-07-02 20:56 - 00001039 _____ () C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk

2014-07-02 20:56 - 2014-07-02 20:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\raidcall

2014-07-02 20:56 - 2014-07-02 20:56 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall

2014-07-02 20:56 - 2014-07-02 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall

2014-07-01 19:00 - 2014-07-01 19:00 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\SpaceEngineers

 

Files to move or delete:

====================

C:\ProgramData\hash.dat

C:\ProgramData\uninstaller.exe

 

 

Some content of TEMP:

====================

C:\Users\Jacob\AppData\Local\Temp\AcDeltree.exe

C:\Users\Jacob\AppData\Local\Temp\Activemail21461.exe

C:\Users\Jacob\AppData\Local\Temp\Activemail28901.exe

C:\Users\Jacob\AppData\Local\Temp\Activemail4308.exe

C:\Users\Jacob\AppData\Local\Temp\ActiveMailComServer.exe

C:\Users\Jacob\AppData\Local\Temp\BRSVC_750006521_hlp.exe

C:\Users\Jacob\AppData\Local\Temp\certutil.exe

C:\Users\Jacob\AppData\Local\Temp\crt4B16.tmp.exe

C:\Users\Jacob\AppData\Local\Temp\drm_dyndata_7400005.dll

C:\Users\Jacob\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppdpoft.dll

C:\Users\Jacob\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpviqof5.dll

C:\Users\Jacob\AppData\Local\Temp\FNP_ACT_InstallerCA.dll

C:\Users\Jacob\AppData\Local\Temp\gtalkwmp1.dll

C:\Users\Jacob\AppData\Local\Temp\Gw2.exe

C:\Users\Jacob\AppData\Local\Temp\hcuninstaller_20130324_235158_14468.exe

C:\Users\Jacob\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe

C:\Users\Jacob\AppData\Local\Temp\HiRezLauncherControls.dll

C:\Users\Jacob\AppData\Local\Temp\HPInstaller.exe

C:\Users\Jacob\AppData\Local\Temp\ICReinstall_mozilla-firefox-toDownload.exe

C:\Users\Jacob\AppData\Local\Temp\ICReinstall_WECPSetup.exe

C:\Users\Jacob\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

C:\Users\Jacob\AppData\Local\Temp\msvcr71.dll

C:\Users\Jacob\AppData\Local\Temp\nspr4.dll

C:\Users\Jacob\AppData\Local\Temp\nss3.dll

C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Jacob\AppData\Local\Temp\nvStereoApiI64.dll

C:\Users\Jacob\AppData\Local\Temp\nvStInst.exe

C:\Users\Jacob\AppData\Local\Temp\plc4.dll

C:\Users\Jacob\AppData\Local\Temp\plds4.dll

C:\Users\Jacob\AppData\Local\Temp\riftuninstall.exe

C:\Users\Jacob\AppData\Local\Temp\Setup64.exe

C:\Users\Jacob\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Jacob\AppData\Local\Temp\smime3.dll

C:\Users\Jacob\AppData\Local\Temp\softokn3.dll

C:\Users\Jacob\AppData\Local\Temp\SRLDetectionLibrary8222817698689782986.dll

C:\Users\Jacob\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Jacob\AppData\Local\Temp\swt-win32-3740.dll

C:\Users\Jacob\AppData\Local\Temp\tbuTo0.dll

C:\Users\Jacob\AppData\Local\Temp\tmp511.exe

C:\Users\Jacob\AppData\Local\Temp\tmpAAD.exe

C:\Users\Jacob\AppData\Local\Temp\tmpDC99.exe

C:\Users\Jacob\AppData\Local\Temp\tmpF190.exe

C:\Users\Jacob\AppData\Local\Temp\Uninstall.exe

C:\Users\Jacob\AppData\Local\Temp\Uninstaller-3244.exe

C:\Users\Jacob\AppData\Local\Temp\Uninstaller-3544.exe

C:\Users\Jacob\AppData\Local\Temp\Uninstaller-5480.exe

C:\Users\Jacob\AppData\Local\Temp\utt129A.tmp.exe

C:\Users\Jacob\AppData\Local\Temp\utt3C63.tmp.exe

C:\Users\Jacob\AppData\Local\Temp\utt5BE8.tmp.exe

C:\Users\Jacob\AppData\Local\Temp\vlc-2.0.6-win32.exe

C:\Users\Jacob\AppData\Local\Temp\vlc-2.0.7-win32.exe

C:\Users\Jacob\AppData\Local\Temp\vlc-2.0.8-win32.exe

C:\Users\Jacob\AppData\Local\Temp\vrayuninst.dll

C:\Users\Jacob\AppData\Local\Temp\xmlUpdater.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-18 00:01

 

==================== End Of Log ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.