My PC decided to stop working properly one day. The computer takes me to the "Starting Windows" screen and the logo appears, then after about 5 to 7 minutes of sitting, it'll restart. Upon the restart it'll then read that the HDD wasn't detected by asking to insert a boot device. I've tried to reseat things, I've tried letting the battery discharge for 2 minutes or so, but still nothing. I've tried using a different HDD and still the same problem. I can, however, start my computer using Safe Mode. I'm unsure what the problem may be. Any help will be welcomed and appreciated. Thank you.
Computer Won't Boot In Normal Mode [Closed]
Started by
PhantasmSTG
, Apr 01 2014 03:13 PM
-
This topic is locked
#2
Posted 01 April 2014 - 04:10 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello PhantasmSTG,
Welcome to G2G.
I guess you will have to do this one in Safe Mode. 
Please download Farbar Recovery Scan Tool from here and save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called (FRST.txt) in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.
#3
Posted 04 April 2014 - 10:12 PM
PhantasmSTG
- Topic Starter
-
- Member
-
- 6 posts
New Member
Alright, got your program and followed the instructions.
This is the FRST.txt file
http://puu.sh/7WsBb.txt
And here is the Addition.txt file.
http://puu.sh/7WsFu.txt
My apologies for the delay on my response.
#4
Posted 04 April 2014 - 10:30 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello PhantasmSTG,
Firstly, in future unless otherwise instructed, please copy and paste your replies in the thread. It makes it easier to analyze. Also this is a teaching site and it is easier for the students.
Now
You appear to have multiple security programs running.
Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.
Please uninstall either of:
Avast
or
Microsoft Security Essentials
I recommend for this exercise at least, that you uninstall Avast. It did have an issue with a Windows update a while ago and I think for now, the better option would be to keep Microsoft Security Essentials. You can always reinstall Avast later. If you do though make sure you uninstall MSE.
And
Please uninstall
Comodo
It can get in the way of the tools we are using. MSE works well with Windows own firewall so you will still have firewall protection.
After that
Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).
- Close any open browsers.
- Temporarily disable your AntiVirus program. (If necessary)
- Double click zoek.zip
- Double click on zoek.exe to run.
- Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
- Copy the text below and paste it into the large window in the zoek tool:
StandardSearch; FFDefaults; CHRDefaults; emptyclsid; EmptyAllTemp; AutoClean;
- Click on Run script button
- Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
- Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.
Note: It will also create a log in the C:\ directory named "zoek-results.log"
#5
Posted 10 April 2014 - 02:49 AM
PhantasmSTG
- Topic Starter
-
- Member
-
- 6 posts
New Member
Following your instructions, here is what was produced.
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Sean on Mon 04/07/2014 at 20:37:35.26.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sean\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
4/7/2014 8:40:12 PM Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1692878950-4230530971-1470192091-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
HKEY_USERS\S-1-5-21-1692878950-4230530971-1470192091-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1692878950-4230530971-1470192091-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_USERS\S-1-5-21-1692878950-4230530971-1470192091-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
==== Running Processes ======================
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\vVX3000.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\puush\puush.exe
C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Maxin Gaming Keyboard\Monitor.EXE
C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:
Added to C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.co...le Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.co...le Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
Added to C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.co...le Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.co...le Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\0
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20140407_0847_.backup
ProfilePath: C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20140407_0847_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Mozilla Firefox\user.js deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\prefs.js deleted
C:\PROGRA~2\ExpressFiles deleted
C:\PROGRA~2\PutLockerDownloader deleted
C:\PROGRA~2\OApps deleted
C:\PROGRA~2\Conduit deleted
C:\Users\Sean\AppData\Roaming\MPQEditor.ini deleted
C:\Users\Sean\AppData\Roaming\uninstall.bat deleted
C:\Users\Sean\AppData\Roaming\QwiklinxForChrome deleted
C:\Users\Sean\AppData\Roaming\GoforFiles deleted
C:\Users\Sean\AppData\Roaming\ExpressFiles deleted
C:\Users\Sean\AppData\Roaming\ParetoLogic deleted
C:\Users\Sean\AppData\Roaming\DriverCure deleted
C:\Users\Sean\AppData\Roaming\Babylon deleted
C:\Users\Sean\AppData\Roaming\OpenCandy deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\eSafe deleted
C:\PROGRA~3\StarApp deleted
C:\PROGRA~3\sAafei savE deleted
C:\PROGRA~3\ParetoLogic deleted
C:\PROGRA~3\SoftSafe deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Tarma Installer deleted
C:\PROGRA~3\Premium deleted
C:\PROGRA~3\Babylon deleted
C:\PROGRA~3\WinterSoft deleted
C:\Users\Sean\AppData\Local\funmoods.crx deleted
C:\Users\Sean\AppData\Local\CRE deleted
C:\Users\Sean\AppData\Local\APN deleted
C:\Users\Sean\AppData\Local\jZip deleted
C:\Users\Sean\AppData\Local\eSupport.com deleted
C:\Users\Sean\AppData\Local\PutLockerDownloader deleted
C:\Users\Sean\AppData\Local\PackageAware deleted
C:\Users\Sean\AppData\Local\Conduit deleted
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx deleted
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com deleted
C:\Users\Sean\AppData\LocalLow\ElectroLyrics-16 deleted
C:\Users\Sean\AppData\LocalLow\Delta deleted
C:\Users\Sean\AppData\LocalLow\Conduit deleted
C:\windows\SysNative\Tasks\Express FilesUpdate deleted
C:\windows\SysNative\Tasks\GoforFilesUpdate deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected] deleted
C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected] deleted
"C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]" deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 6125 MB
CPU Info: Intel® Core™ i3-2120 CPU @ 3.30GHz
CPU Speed: 3292.2 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: NVIDIA GeForce GT 630 | NVIDIA GeForce GT 630 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek PCIe GBE Family Controller | 802.11n Wireless LAN Card
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GH70N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 917.4GB | Q: 0.0MB
Hard Disks - Free: C: 580.0GB | Q: 0.0MB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 10/31/11 | ACRSYS - 1072009
Time Zone: Pacific Standard Time
Motherboard *: Gateway IPISB-VR
Country: United States
Language: ENU
==== System Specs (Software) ======================
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Google Chrome 33.0.1750.154
Internet Explorer Version: 11.0.9600.16521
Google Chrome version: 33.0.1750.154
Adobe Reader version: 10.1.9.22
Sun Java version: 1.7.0_51 (32-bit)
Sun Java version: 1.7.0_21 (64-bit)
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-03-16 10:55:53 9FFBB8A29E2DCC69A6DC5B034C7C7654 2155 ----a-w- C:\Windows\epplauncher.mif
2014-03-15 02:11:02 D1E75542EC8D1B4851765A57AC63618E 1908 ----a-w- C:\Windows\diagwrn.xml
2014-03-15 02:11:02 D1E75542EC8D1B4851765A57AC63618E 1908 ----a-w- C:\Windows\diagerr.xml
====== C:\Users\Sean\AppData\Local\Temp ====
2014-04-08 01:22:46 FE447D1CD38CECAC2331FA932078D9A0 271360 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\SmiProvider.dll
2014-04-08 01:22:46 FC2DB5842190C6E78A40CD7DA483B27C 435712 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\DmiProvider.dll
2014-04-08 01:22:46 FC00A05639494779002682A9B965EF9C 471040 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\WimProvider.dll
2014-04-08 01:22:46 F2B0771A7CD27F20689E0AB787B7EB7C 289792 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\DismCore.dll
2014-04-08 01:22:46 EFCB002ABC3529D71B61E6FB6434566C 762368 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\CbsProvider.dll
2014-04-08 01:22:46 E7CAED467F80B29F4E63BA493614DBB1 127488 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\OSProvider.dll
2014-04-08 01:22:46 C9D74156913061BE6C51D8FC3ACF8E93 53760 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\FolderProvider.dll
2014-04-08 01:22:46 BBB9E4FA2561F6A6E5CCF25DA069AC1B 313344 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\IntlProvider.dll
2014-04-08 01:22:46 9A821D8D62F4C60232B856E98CBA7E4F 96768 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\DismHost.exe
2014-04-08 01:22:46 8D3855B133E21143E8B4BFADB9FB14A3 302080 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\UnattendProvider.dll
2014-04-08 01:22:46 8CA117CB9338C0351236939717CB7084 186368 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\DismProv.dll
2014-04-08 01:22:46 7B38D7916A7CD058C16A0A6CA5077901 271360 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\wdscore.dll
2014-04-08 01:22:46 739968678548BA15F6B9372E8760C012 444416 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\TransmogProvider.dll
2014-04-08 01:22:46 6A4BD682396F29FD7DF5AB389509B950 183296 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\CompatProvider.dll
2014-04-08 01:22:46 5488E381238FF19687FDD7AB2F44CFCC 111616 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\DismCorePS.dll
2014-04-08 01:22:46 45FF4FA5CA5432BFCCDED4433FE2A85B 216576 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\MsiProvider.dll
2014-04-04 12:09:42 21DCEE5DCA68CB20014A9536F2FCDC5B 1007464 ----a-w- C:\Users\Sean\AppData\Local\Temp\com.nvidia\NVIDIA GPU_Reader\1.3.3\GPU_Reader.dll
====== Java Cache =====
2014-04-04 12:09:26 1CCD10632B6AB237083FABA132F8536C 100 ----a-w- C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1d58b207-6.0.lap
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-03-22 10:26:56 757ACE4D4C9FF0571F86AA5D586B45E8 12708128 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-03-26 22:25:32 -------- d-----w- C:\Program Files\WinZip
======= C:\PROGRA~2 =====
2014-04-06 00:09:51 -------- d-----w- C:\PROGRA~2\Cockatrice
2014-04-02 10:38:49 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
2014-04-02 10:38:48 -------- d-----r- C:\PROGRA~2\Skype
2014-03-21 21:16:22 -------- d-----w- C:\PROGRA~2\Maxin Gaming Keyboard
======= C: =====
====== C:\Users\Sean\AppData\Roaming ======
2014-04-07 16:07:00 -------- d-----w- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dotDev Studio
2014-04-07 06:29:50 1103B65CB02AC0C46C312D1BDED8808F 11965 ----a-w- C:\Users\Sean\AppData\Local\recently-used.xbel
2014-04-06 00:15:06 -------- d-----w- C:\Users\Sean\AppData\Local\Cockatrice
2014-04-06 00:14:50 -------- d-----w- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cockatrice
2014-04-02 10:38:58 -------- d-----w- C:\Users\Sean\AppData\Local\Skype
2014-04-01 10:11:51 -------- d-----w- C:\Users\Sean\AppData\Local\SWTOR
2014-03-26 22:26:40 -------- d-----w- C:\Users\Sean\AppData\Local\WinZip
2014-03-10 06:27:54 -------- d-----w- C:\Users\Sean\AppData\Roaming\SYSTEMAX Software Development
====== C:\Users\Sean ======
2014-04-06 00:14:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cockatrice
2014-04-02 10:38:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-03-26 22:25:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-03-26 22:25:33 -------- d-----w- C:\ProgramData\WinZip
2014-03-21 21:16:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxin Gaming Keyboard
2014-03-10 06:27:54 -------- d-----w- C:\ProgramData\SYSTEMAX Software Development
====== C: exe-files ==
2014-04-08 03:37:38 E3ED9390D26F22AE4E211F8A8E6DF840 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1692878950-4230530971-1470192091-1000\$IRINZGG.exe
2014-04-08 03:37:38 9DC2816027169FA5083E0181EFCFD18A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1692878950-4230530971-1470192091-1000\$I7OQ0HK.exe
2014-04-08 03:37:37 E2E43E5819E95BA69B068AD8020DE2D7 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1692878950-4230530971-1470192091-1000\$I06GIFH.exe
2014-04-08 01:22:46 9A821D8D62F4C60232B856E98CBA7E4F 96768 ----a-w- C:\Users\Sean\AppData\Local\Temp\B82C780A-AFC7-4CA6-9310-03D03749F792\DismHost.exe
2014-04-07 18:38:37 F397AEF3CBD1C1693365C14769F093E1 118448 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
2014-04-07 18:38:28 40888BA39268D5DFD404AB09703565D8 35985048 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
2014-04-07 16:07:00 13D145ECEF6FC75DE2BEA54BD035E5A9 2504192 ------w- C:\Users\Sean\AppData\Local\Apps\2.0\DZX8WAZQ.XPT\D6DLTPV4.HDK\soku..tion_0000000000000000_0000.0007_889aba714cbd09f5\SokuLobby.exe
2014-04-07 16:06:58 8E78E646AD8A03B0E7F182526EE4D8C8 224768 ----a-w- C:\Users\Sean\AppData\Local\Apps\2.0\DZX8WAZQ.XPT\D6DLTPV4.HDK\soku...exe_0000000000000000_0000.0007_none_4984ae2a04f9aabd\SokuRoll\SokuRollLoader.exe
2014-04-07 16:06:58 8E78E646AD8A03B0E7F182526EE4D8C8 224768 ------w- C:\Users\Sean\AppData\Local\Apps\2.0\DZX8WAZQ.XPT\D6DLTPV4.HDK\soku..tion_0000000000000000_0000.0007_889aba714cbd09f5\SokuRoll\SokuRollLoader.exe
2014-04-07 16:05:25 EDAA720524AE24E0964BC19D24003118 428544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1692878950-4230530971-1470192091-1000\$R7OQ0HK.exe
2014-04-06 00:09:53 2A38BD636BB426926A089CC2C10FBEB6 91441 ----a-w- C:\Program Files (x86)\Cockatrice\uninstall.exe
2014-04-04 16:04:15 6655936E40C43120145A11547734F01F 2157056 ----a-w- C:\$Recycle.Bin\S-1-5-21-1692878950-4230530971-1470192091-1000\$RRINZGG.exe
2014-04-04 09:13:58 0A0D5A3AA1A5CBC27EBE0A985B9DB900 3443872 ----a-w- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\Packages\000059bd\DAO.18192802.exe
2014-04-03 17:43:44 E093151047BBFFC0CD78D52F36490206 51080 ----atw- C:\Users\Sean\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe
2014-04-03 17:43:44 398F40FAE5ADA9521544393F1F67A17E 51080 ----atw- C:\Users\Sean\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateBroker.exe
2014-04-03 17:43:44 039DE3F65C7992994F788EAC8E79BF4F 884504 ----a-w- C:\Users\Sean\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateSetup.exe
2014-04-03 17:43:39 7E6B107120108B3A15BFECE0DE3201DB 228744 ----atw- C:\Users\Sean\AppData\Local\Google\Update\1.3.23.9\GoogleCrashHandler.exe
2014-04-03 17:43:39 6EFC5F64258FE0D9DA3CCFA7FF4D84BD 114568 ----atw- C:\Users\Sean\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateComRegisterShell64.exe
2014-04-03 17:43:39 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Sean\AppData\Local\Google\Update\1.3.23.9\GoogleUpdate.exe
2014-04-03 17:43:39 0D5CE0E5AEC3ACC7930AB955334B8533 281480 ----atw- C:\Users\Sean\AppData\Local\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
2014-04-03 17:43:35 039DE3F65C7992994F788EAC8E79BF4F 884504 ----a-w- C:\Users\Sean\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.23.9\GoogleUpdateSetup.exe
2014-04-03 02:38:23 5C5C17F9BC730B0B1111BF2A001E68E5 10380912 ----a-w- C:\Users\Sean\AppData\Local\Akamai\installer_no_upload_silent.exe
2014-04-02 07:43:50 4C67B0A9D9D17BF19ED4A3724D1D4628 3428656 ----a-w- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\Packages\000059a4\DAO.18179243.exe
=== C: other files ==
2014-04-08 03:37:37 654BBDEB16D58ECC0303E679FB587B13 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1692878950-4230530971-1470192091-1000\$IEADRWW.zip
2014-04-07 21:45:23 675944F1D2158160B13823436AB3C24C 20656513 ----a-w- C:\Users\Sean\Documents\FINALFANTASYXIVARealmReborn_Temp\FINALFANTASYXIVARealmReborn.zip
2014-04-06 00:08:27 7E2864942022546BCE7D225DA6BD6CE9 13825856 ----a-w- C:\$Recycle.Bin\S-1-5-21-1692878950-4230530971-1470192091-1000\$READRWW.zip
2014-04-04 16:30:50 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Sean\AppData\Local\Temp\{708391FF-53DE-4520-B6F6-03FD078FC0AC}.bat
2014-04-04 16:20:45 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Sean\AppData\Local\Temp\{7F78BBB6-EBEE-4FDD-B606-43ADEE49EF70}.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1692878950-4230530971-1470192091-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"Gyazo"="C:\Program Files (x86)\Gyazo\GyStation.exe"
"puush"="C:\Program Files (x86)\puush\puush.exe"
"Driver Detective"="C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false"
"Akamai NetSession Interface"="C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
"LifeCam"="C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"RazerGameBooster"="C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Dare-U Keyboard"="C:\Program Files (x86)\Maxin Gaming Keyboard\Monitor.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"Gyazo"="C:\Program Files (x86)\Gyazo\GyStation.exe"
"puush"="C:\Program Files (x86)\puush\puush.exe"
"Driver Detective"="C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false"
"Akamai NetSession Interface"="C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="C:\Windows\vVX3000.exe"
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bionix Wallpaper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Bionix Wallpaper"
"hkey"="HKCU"
"command"="\"C:\\BioniX Wallpaper\\Bionix Wallpaper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Hotkey Utility]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hotkey Utility"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Gateway\\Hotkey Utility\\HotkeyUtility.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotKeysCmds"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\hkcmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IgfxTray"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxtray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Norton Online Backup"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Paint.NET Updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Paint.NET Updater"
"hkey"="HKCU"
"command"="C:\\Users\\Sean\\AppData\\Local\\Paint.NET Updater\\paintnetupdater.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC_GIZMOS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PC_GIZMOS"
"hkey"="HKCU"
"command"="\"C:\\Users\\Sean\\AppData\\Roaming\\PC-Gizmos\\PC_136519.en_76.exe\" --update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Persistence"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxpers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM.EXE"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PowerISO\\PWRISOVM.EXE -startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RemoteControl10"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD10\\PDVD10Serv.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_ROC_NT]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ROC_ROC_NT"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\AVG Secure Search\\ROC_ROC_NT.exe\" / /PROMPT /CMPID=ROC_NT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_ssl_v12]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ROC_roc_ssl_v12"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\AVG Secure Search\\ROC_roc_ssl_v12.exe\" / /PROMPT /CMPID=roc_ssl_v12"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"
"backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\MCAFEE~1\\21FF9D~1.121\\SSSCHE~1.EXE "
"item"="McAfee Security Scan Plus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Sean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
"path"="C:\\Users\\Sean\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\CurseClientStartup.ccip"
"backup"="C:\\Windows\\pss\\CurseClientStartup.ccip.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Sean\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\CurseClientStartup.ccip"
"item"="CurseClientStartup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Sean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameStop Now.lnk]
"path"="C:\\Users\\Sean\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GameStop Now.lnk"
"backup"="C:\\Windows\\pss\\GameStop Now.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\GAMEST~1\\Now\\GAMEST~1.EXE "
"item"="GameStop Now"
==== Startup Folders ======================
2013-05-02 14:12:58 0 ----a-w- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
2013-06-07 14:40:04 3501 ----a-w- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsk-e.exe - Shortcut.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [03/11/2014 12:21 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1692878950-4230530971-1470192091-1000Core.job --a------ C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [06/05/2012 06:18 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1692878950-4230530971-1470192091-1000UA.job --a------ [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe]
"C:\Windows\SysNative\tasks\Driver Detective-RTMRules" [C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe]
"C:\Windows\SysNative\tasks\Driver Detective-RTMScan" [C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe]
"C:\Windows\SysNative\tasks\Driver Detective-RTMUpdater" [C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1692878950-4230530971-1470192091-1000Core" [C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1692878950-4230530971-1470192091-1000UA" [C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\LAUNCH CDPCO" [C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe]
"C:\Windows\SysNative\tasks\NBAgent" [C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe]
"C:\Windows\SysNative\tasks\UALU notificatin" ["C:\Program Files\Gateway\Gateway Updater\UALU.exe"]
"C:\Windows\SysNative\tasks\{0F2D45F8-4F2C-4181-BCF4-2FB0ACE62511}" ["c:\users\sean\appdata\local\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\{191389DA-6365-4BA9-9D6E-404C86ACF7E3}" [C:\Users\Sean\Documents\~Touhou Project~\Hisoutensoku\tsk-e.exe]
"C:\Windows\SysNative\tasks\{1E98B8DC-7D0A-49D3-8788-775AA02AD021}" [C:\Users\Sean\Documents\~Touhou Project~\Hisoutensoku\tsk-e.exe]
"C:\Windows\SysNative\tasks\{2C3497D5-CDEE-4C23-87B4-8F9773D97C61}" [C:\Users\Sean\Documents\~Touhou Project~\Hisoutensoku\tsk-e.exe]
"C:\Windows\SysNative\tasks\{3B55EF8A-F69F-49E7-910F-B2A2AC5BC7BD}" [C:\Users\Sean\Documents\~Touhou Project~\Hisoutensoku\tsk-e.exe]
"C:\Windows\SysNative\tasks\{496FAFEA-E487-4431-86DB-2FD227049AE8}" ["c:\users\sean\appdata\local\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\{5A4A816F-14F7-4903-9BFF-36EDEAC843AD}" [C:\Users\Sean\Documents\~Touhou Project~\Hisoutensoku\tsk-e.exe]
"C:\Windows\SysNative\tasks\{62C33ED9-6308-4610-8A2C-ACCD056C3DB7}" ["c:\users\sean\appdata\local\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\{6B72AC9B-AF4E-42A0-B309-6CEBCC31A9BB}" ["c:\users\sean\appdata\local\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\{72FA46D5-9C46-4D0B-BEAE-42ECE664A644}" [C:\Users\Sean\Documents\~Touhou Project~\Hisoutensoku\tsk-e.exe]
"C:\Windows\SysNative\tasks\{A9EA3657-85A9-4C39-ADF8-4F51C046DE7F}" [C:\Users\Sean\Documents\~Touhou Project~\Hisoutensoku\tsk-e.exe]
"C:\Windows\SysNative\tasks\{C2B41C5D-AF57-4255-9FFB-84638521753C}" ["c:\users\sean\appdata\local\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\{D6D5C095-7F5C-4D2B-A7BC-17834EC54721}" [C:\Users\Sean\Documents\~Touhou Project~\Hisoutensoku\tsk-e.exe]
"C:\Windows\SysNative\tasks\{DC589C34-B29A-4A52-9B83-477132B19508}" [C:\Users\Sean\Documents\~Touhou Project~\Hisoutensoku\tsk-e.exe]
"C:\Windows\SysNative\tasks\{DFFD3BBC-B20E-4AFE-BCEF-CB7149ED48D0}" ["c:\users\sean\appdata\local\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\{E1BB5815-3C31-4E4A-BF33-99A02A56BE6A}" [C:\Users\Sean\Documents\~Touhou Project~\Hisoutensoku\tsk-e.exe]
"C:\Windows\SysNative\tasks\{EA5222CD-B853-4232-9093-261CDA74143C}" [C:\Users\Sean\Desktop\src\tsk.exe]
"C:\Windows\SysNative\tasks\{EED52C4C-768F-4952-99EE-916F1D4ABB3F}" [C:\Users\Sean\Documents\~Touhou Project~\Hisoutensoku\tsk-e.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dnnajmlhehgnkclpdlggknanmcplloej - C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx[]
ejpbbhjlbipncjklfjjaedaieimbmdda - C:\Users\Sean\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx[]
fdloijijlkoblmigdofommgnheckmaki - C:\Users\Sean\AppData\Local\funmoods.crx[]
gpicboiclhmnllnjdcfcffifpoaebgkm - C:\Program Files (x86)\Freecorder extension\Freecorder.crx[]
ifohbjbgfchkkfhphahclmkpgejiplfo - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx[]
iigplimlmgilpobjilfbfeilnpiigpgl - C:\Users\Sean\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx[]
jbpkiefagocgkmemidfngdkamloieekf - C:\Program Files (x86)\TornTV.com\torn11.crx[]
kincjchfokkeneeofpeefomkikfkiedl - C:\Program Files (x86)\OApps\chromeaddon.crx[]
plmlpkfpkijnlijgalnjaacllnjmoamo - C:\Users\Sean\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx[]
pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
ejpbbhjlbipncjklfjjaedaieimbmdda - C:\Users\Sean\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx[]
fdloijijlkoblmigdofommgnheckmaki - C:\Users\Sean\AppData\Local\funmoods.crx[]
iigplimlmgilpobjilfbfeilnpiigpgl - C:\Users\Sean\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx[]
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\Sean\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx[09/14/2012 08:59 PM]
plmlpkfpkijnlijgalnjaacllnjmoamo - C:\Users\Sean\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx[]
Extended Protection - Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Last updated at time on date - Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Wallet - Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
==== Chrome Fix ======================
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.dailymotion.com/"
"Default_Page_URL"="http://www.dosearche...&ts=1384048694"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Default_Search_URL"="http://search.dosear...={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.dosear...={searchTerms}"
"Default_Page_URL"="http://www.dosearche...&ts=1384048694"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.dosear...={searchTerms}"
"Default_Page_URL"="http://www.dosearche...&ts=1384048694"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.snap.do/...={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.snap.do/...={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.snap.do/...={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://feed.snap.do/...={searchTerms}"
"SearchAssistant"="http://feed.snap.do/...={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Start Page"="http://www.dailymotion.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Start Page"="http://go.microsoft..../?LinkId=69157"
"Start Page Redirect Cache"="http://go.microsoft..../?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Start Page"="http://go.microsoft..../?LinkId=69157"
"Start Page Redirect Cache"="http://go.microsoft..../?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"SearchAssistant"="http://ie.search.msn...t/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/...ox&FORM=IE8SRC"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.co...tputEncoding?}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.co...ge={startPage}"
==== Reset Google Chrome ======================
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{30E68794-E1AE-9C90-4725-CE7C8616A4FE} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0460E3D6-6AA8-4841-F3A9-C354D25396CD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0677B084-388F-E420-E882-4338AA0D75B0} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18DB2F67-F938-A844-7E22-EFA813D6CAE1} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC4AB44A-E905-F6A0-7705-FC939C361F00} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F31E796E-ECB2-AA74-3367-E71C396288D5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dnnajmlhehgnkclpdlggknanmcplloej deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gpicboiclhmnllnjdcfcffifpoaebgkm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vfd-adk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bionix Wallpaper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Paint.NET Updater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC_GIZMOS deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_NT deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_ssl_v12 deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RazerGameBooster] C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Dare-U Keyboard] "C:\Program Files (x86)\Maxin Gaming Keyboard\Monitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe
O4 - HKCU\..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: tsk-e.exe - Shortcut.lnk = C:\Users\Sean\Documents\~Touhou Project~\Hisoutensoku\tsk-e.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sean\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABEDF9F8-CD0F-49B8-82E7-D30F9C844DA5}: NameServer = 209.18.47.61,209.18.47.62
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: US Tech Support Scheduling Service (USTSScheduler) - US Tech Support LLC - C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Sean\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7P0O1ZDK will be deleted at reboot
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\85J6WJAO will be deleted at reboot
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WWPDRZ7 will be deleted at reboot
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7ZHHY7U will be deleted at reboot
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOLATF4L will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=155 folders=144 33747198 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\hedev\AppData\Local\Temp emptied successfully
C:\Users\Sean\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Sean\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7P0O1ZDK" not found
"C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\85J6WJAO" not found
"C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WWPDRZ7" not found
"C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7ZHHY7U" not found
"C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOLATF4L" not found
"C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXK8Q4EJ\www.katestube.com" not found
"C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KXK8Q4EJ\www.wankoz.com" not found
==== EOF on Mon 04/07/2014 at 20:56:05.30 ======================
(Am I supposed to be able to drag the file over to this field and it'll paste on its own? Or did I do it right this time?)
#6
Posted 10 April 2014 - 03:50 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello PhantasmSTG,
Or did I do it right this time?)
It worked fine. Thank you.
Did you computer reboot after zoek finished? If not, please reboot your computer and then follow the next instruction.
Now
Please download Malwarebytes Anti-Malware Free from here .
- Double click to install the progamme
- When the popup "Completing the Malwarebytes Anti-Malware Setup Wizard" appears, uncheck the box enable free trial of Malwarebytes Anti-Malware Premium
- The MBAM console/dashboard will appear together with an alert to update - click the green button Update Now
- When update is complete select Settings > Detection and Protection and check (tick) Scan for rootkits
Go back to the Dashboard and click on the green Scan Now button.
- If threats are detected, click the Apply Actions button, MBAM may ask for a reboot. Let it do so.
- On completion of the scan (or after the reboot) select View Detailed Log (to the right on the light green strip)
- Click on the Export button and select Text file and save to the desktop
Copy and paste the log back here.
#7
Posted 14 April 2014 - 05:17 PM
PhantasmSTG
- Topic Starter
-
- Member
-
- 6 posts
New Member
Alright, here is my report.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4/14/2014
Scan Time: 4:17:42 PM
Logfile: Malwarebytes.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.14.08
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sean
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 271896
Time Elapsed: 11 min, 51 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 49
Trojan.BHO, HKLM\SOFTWARE\CLASSES\APPID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}, , [b74948b853ad15eba53345d71ce6758b],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}, , [b74948b853ad15eba53345d71ce6758b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [c33db54bb34d3cc433acaf999969827e],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [c33db54bb34d3cc433acaf999969827e],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [1be5d729cd33c8386e564bd8a26025db],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr.1, , [1be5d729cd33c8386e564bd8a26025db],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr, , [1be5d729cd33c8386e564bd8a26025db],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr, , [1be5d729cd33c8386e564bd8a26025db],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [1be5d729cd33c8386e564bd8a26025db],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr.1, , [1be5d729cd33c8386e564bd8a26025db],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, , [33cd837d2ad6847c9b7661e4867c29d7],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [5ea23ec25aa6c739a3710e3716ec1de3],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd.1, , [5ea23ec25aa6c739a3710e3716ec1de3],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd, , [5ea23ec25aa6c739a3710e3716ec1de3],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd, , [5ea23ec25aa6c739a3710e3716ec1de3],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd.1, , [5ea23ec25aa6c739a3710e3716ec1de3],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, , [eb157090f30def11c74e172ef30f5aa6],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore.1, , [eb157090f30def11c74e172ef30f5aa6],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore, , [eb157090f30def11c74e172ef30f5aa6],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore, , [eb157090f30def11c74e172ef30f5aa6],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore.1, , [eb157090f30def11c74e172ef30f5aa6],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, , [60a0966aad53619f987e75d056ac9070],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\f, , [60a0966aad53619f987e75d056ac9070],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f, , [60a0966aad53619f987e75d056ac9070],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [2ed22ed2ff01936d2b330e0618ea7c84],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [2ed22ed2ff01936d2b330e0618ea7c84],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [2ed22ed2ff01936d2b330e0618ea7c84],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [2ed22ed2ff01936d2b330e0618ea7c84],
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11111111-1111-1111-1111-110011221158}, , [39c707f9c53b758b85eb81a3bc46659b],
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, , [39c707f9c53b758b85eb81a3bc46659b],
Trojan.BHO, HKLM\SOFTWARE\CLASSES\bho_project.bho_object, , [827ef20e5ba5e41c1418628158aa38c8],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [f01019e77b85d7298733306b1ae9669a],
PUP.Optional.DoSearches.A, HKLM\SOFTWARE\WOW6432NODE\dosearchesSoftware, , [f60af50be11f37c9d5f2c4cfac57cc34],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, , [50b0c53b6b953fc1802cafcb5ba7bc44],
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, , [6c94a858a65a15ebc6cd294a6b97748c],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\bho_project.bho_object, , [e81808f8649cc7398ca07073a85a2dd3],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\DEFAULT TAB, , [02fec23edb25956b1e996b119c668977],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, , [09f7748ce51bbe42904c4050c63d659b],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [7c8431cf1be55ca430177f12a261f709],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, , [3ac613ed8e7227d9079b98fbb54eea16],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [fd03857bd42c6997408799f6f90ab749],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [c040fe02ea16ec146a5c5f30ec1748b8],
PUP.Optional.SProtector.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SProtector, , [f010d32d04fcec14690c375b818253ad],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [9967a35d53addb25a1e25c489f64d030],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB, , [67998b7544bc57a9bbfde993ea188878],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [916f04fc6898ee127241b8c19e642bd5],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [7c846c9406fafc0488667f10ce353cc4],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [27d91ae6e51bdc241aaf46216e948d73],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [9769b947748c40c0be1d4947a45f26da],
Registry Values: 7
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Funmoods Toolbar, , [5ea23ec25aa6c739a3710e3716ec1de3]
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [14ec13edb14f768aae668cb912f04ab6],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\DEFAULT TAB|Version, 2.0.6.0, , [02fec23edb25956b1e996b119c668977]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 11111111, , [09f7748ce51bbe42904c4050c63d659b]
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB|Version, 2.0.6.0, , [67998b7544bc57a9bbfde993ea188878]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0R1R1L0E1Q, , [7c846c9406fafc0488667f10ce353cc4]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1692878950-4230530971-1470192091-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 11111111, , [9769b947748c40c0be1d4947a45f26da]
Registry Data: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[79875fa1d9271ce46565081a2bd9cf31]
Folders: 0
(No malicious items detected)
Files: 2
PUP.Optional.Spigot.A, C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Offercast2802_PCD_.exe, , [fa06f50bde22e11f29e8948be91819e7],
PUP.Optional.DomaIQ, C:\$RECYCLE.BIN\S-1-5-21-1692878950-4230530971-1470192091-1000\$RPW7G44.exe, , [fa06c040d030df213b13fc43c23e857b],
Physical Sectors: 0
(No malicious items detected)
(end)
#8
Posted 14 April 2014 - 06:29 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello PhantasmSTG,
MBAM found quite a few foistware ones there, did you click Apply Actions to have Malwarebytes quarantine/remove them? If not please run the program again and this time click to Apply Actions and quarantine all the ones found.
After that
Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..
NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.
Close all programs and click on the AdwCleaner icon.
Click on Scan and follow the prompts. Let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.
A copy of the report is also saved in the C:\AdwCleaner folder.
#9
Posted 20 April 2014 - 02:15 AM
PhantasmSTG
- Topic Starter
-
- Member
-
- 6 posts
New Member
Here is my recent report. (Again, sorry for the delay.)
# AdwCleaner v3.100 - Report created 20/04/2014 at 01:11:04
# Updated 20/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sean - PHANTASM
# Running from : C:\Users\Sean\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\eSupport.com
Folder Deleted : C:\Users\Sean\AppData\Roaming\DVDVideoSoft
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PutLockerDownloader
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver-InternalInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\594ded9e13ebf43
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_audacity_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_audacity_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sonicstage_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sonicstage_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\dosearchessoftware
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v
[ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]
[ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [23210 octets] - [30/10/2013 23:15:12]
AdwCleaner[R1].txt - [12959 octets] - [16/04/2014 22:59:00]
AdwCleaner[R2].txt - [13217 octets] - [20/04/2014 01:10:29]
AdwCleaner[S0].txt - [12311 octets] - [20/04/2014 01:11:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12372 octets] ##########
#10
Posted 20 April 2014 - 01:05 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello again PhantasmSTG,
We need to have a look at things to see where we are.
Please download Farbar Recovery Scan Tool from here and save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called (FRST.txt) in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.
#11
Posted 21 April 2014 - 07:33 PM
PhantasmSTG
- Topic Starter
-
- Member
-
- 6 posts
New Member
My report:
Here is the first log created after the scan.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Sean (administrator) on PHANTASM on 21-04-2014 18:29:51
Running from C:\Users\Sean\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(US Tech Support LLC) C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\puush\puush.exe
(PC Drivers Headquarters) C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Maxin Gaming Keyboard\Monitor.EXE
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(dotDev Studio) C:\Users\Sean\AppData\Local\Apps\2.0\DZX8WAZQ.XPT\D6DLTPV4.HDK\soku..tion_0000000000000000_0000.0007_889aba714cbd09f5\SokuLobby.exe
(SQUARE ENIX CO., LTD.) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-07] (Razer Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dare-U Keyboard] => C:\Program Files (x86)\Maxin Gaming Keyboard\Monitor.exe [475136 2013-05-22] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1692878950-4230530971-1470192091-1000\...\Run: [Google Update] => C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-05] (Google Inc.)
HKU\S-1-5-21-1692878950-4230530971-1470192091-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1692878950-4230530971-1470192091-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe
HKU\S-1-5-21-1692878950-4230530971-1470192091-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-10-21] ()
HKU\S-1-5-21-1692878950-4230530971-1470192091-1000\...\Run: [Driver Detective] => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [3988888 2013-09-19] (PC Drivers Headquarters)
HKU\S-1-5-21-1692878950-4230530971-1470192091-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1692878950-4230530971-1470192091-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1692878950-4230530971-1470192091-1000\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-1692878950-4230530971-1470192091-1000\...\Policies\Explorer: [NoInstrumentation] 0
Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsk-e.exe - Shortcut.lnk
ShortcutTarget: tsk-e.exe - Shortcut.lnk -> C:\Users\Sean\Documents\~Touhou Project~\Hisoutensoku\tsk-e.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dailymotion.com/
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 pc-gizmos-ssl.com www.pc-gizmos-ssl.com # added by PC-Gizmos.com
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{ABEDF9F8-CD0F-49B8-82E7-D30F9C844DA5}: [NameServer]209.18.47.61,209.18.47.62
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sean\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Sean\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Extension: No Name - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\profiles\extensions\defaults [2013-11-09]
FF Extension: No Name - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2012-09-14]
Chrome:
=======
CHR HomePage: hxxp://www.youtube.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-07]
CHR Extension: (Google Drive) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (YouTube) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-07]
CHR Extension: (Google Search) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-07]
CHR Extension: (AdBlock) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-08]
CHR Extension: (Google Wallet) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-07]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Sean\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2014-04-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-02] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-10] (Razer, Inc.)
R2 USTSScheduler; C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [736648 2012-07-12] (US Tech Support LLC)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S3 MSCSPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [X]
S3 SPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe" [X]
==================== Drivers (Whitelisted) ====================
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15104 2012-10-15] (Headsoft)
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 sclbl; \??\C:\AeriaGames\ScarletBlade\avital\scarbt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-21 18:29 - 2014-04-21 18:29 - 00016654 _____ () C:\Users\Sean\Downloads\FRST.txt
2014-04-21 18:29 - 2014-04-21 18:29 - 00000000 ____D () C:\Users\Sean\Downloads\FRST-OlderVersion
2014-04-21 12:39 - 2014-04-21 18:29 - 02061312 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe
2014-04-21 12:26 - 2014-04-21 12:26 - 00014402 _____ () C:\Users\Sean\AppData\Local\recently-used.xbel
2014-04-20 01:09 - 2014-04-20 01:09 - 01308369 _____ () C:\Users\Sean\Downloads\AdwCleaner.exe
2014-04-18 15:13 - 2014-03-21 12:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-04-18 15:13 - 2014-03-21 12:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-04-15 13:16 - 2014-04-15 13:16 - 00003118 _____ () C:\Windows\System32\Tasks\{7D60BC81-E918-47F1-935E-A66DD4F863BC}
2014-04-15 13:15 - 2014-04-16 09:04 - 00000000 ____D () C:\Program Files (x86)\Bruteforce Save Data
2014-04-15 13:15 - 2014-04-15 13:16 - 00001064 _____ () C:\Users\Sean\Desktop\Bruteforce Save Data.lnk
2014-04-15 12:47 - 2014-04-15 12:47 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Wireshark
2014-04-15 12:36 - 2014-04-15 12:36 - 00000092 _____ () C:\Users\Sean\AppData\Local\fusioncache.dat
2014-04-15 00:39 - 2014-04-15 00:39 - 00000000 ____D () C:\Program Files (x86)\Wireshark
2014-04-15 00:38 - 2014-04-15 00:38 - 00000000 ____D () C:\Program Files (x86)\CF3B5
2014-04-15 00:36 - 2014-04-15 00:41 - 00000530 _____ () C:\Windows\DtcInstall.log
2014-04-14 16:17 - 2014-04-14 16:17 - 00009523 _____ () C:\Users\Sean\Downloads\Malwarebytes.txt
2014-04-14 16:04 - 2014-04-14 16:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 16:04 - 2014-04-14 16:04 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-14 16:04 - 2014-04-14 16:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 16:04 - 2014-04-14 16:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 16:04 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 16:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 16:04 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-08 10:35 - 2014-03-30 18:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-08 10:35 - 2014-03-30 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 10:35 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-08 10:35 - 2014-03-30 16:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-08 10:35 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 10:35 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 10:35 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 10:35 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 10:35 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 10:35 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 10:35 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 10:35 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 10:35 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 10:35 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 10:35 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 10:35 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 10:35 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 10:35 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 10:35 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 10:35 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 10:35 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 20:54 - 2014-04-07 20:37 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-07 20:40 - 2014-04-07 20:56 - 00059033 _____ () C:\zoek-results.log
2014-04-07 18:32 - 2014-04-21 17:47 - 00006505 _____ () C:\Windows\setupact.log
2014-04-07 18:32 - 2014-04-07 18:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 18:29 - 2014-04-07 20:52 - 00000000 ____D () C:\zoek_backup
2014-04-07 18:29 - 2014-04-07 18:29 - 01285120 _____ () C:\Users\Sean\Downloads\zoek.exe
2014-04-07 09:07 - 2014-04-07 09:07 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dotDev Studio
2014-04-05 22:02 - 2014-04-05 22:02 - 00000926 _____ () C:\Users\Sean\Desktop\cockatrice.exe - Shortcut.lnk
2014-04-05 17:15 - 2014-04-05 17:15 - 00000000 ____D () C:\Users\Sean\AppData\Local\Cockatrice
2014-04-05 17:14 - 2014-04-05 17:14 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cockatrice
2014-04-05 17:09 - 2014-04-06 20:36 - 00000000 ____D () C:\Program Files (x86)\Cockatrice
2014-04-04 09:05 - 2014-04-21 18:29 - 00000000 ____D () C:\FRST
2014-04-04 05:27 - 2014-04-04 17:23 - 01135030 _____ () C:\Users\Sysinfo.nfo
2014-04-02 22:30 - 2013-12-15 15:18 - 00024350 _____ () C:\Users\Brittany%20Bradley%20Resume.doc_0.odt
2014-04-02 03:38 - 2014-04-02 03:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-02 03:38 - 2014-04-02 03:38 - 00000000 ____D () C:\Users\Sean\AppData\Local\Skype
2014-04-01 09:02 - 2014-04-07 18:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-01 03:11 - 2014-04-01 03:11 - 00000000 ____D () C:\Users\Sean\AppData\Local\SWTOR
2014-03-26 15:26 - 2014-04-13 00:14 - 00000000 ____D () C:\Users\Sean\AppData\Local\WinZip
2014-03-26 15:25 - 2014-03-26 15:26 - 00000000 ____D () C:\ProgramData\WinZip
2014-03-26 15:25 - 2014-03-26 15:25 - 00000000 ____D () C:\Program Files\WinZip
2014-03-22 03:29 - 2014-03-04 04:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-22 03:26 - 2014-03-04 07:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-22 03:26 - 2014-03-04 07:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-22 03:26 - 2014-03-04 07:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-22 00:47 - 2014-03-22 00:47 - 00001986 _____ () C:\Users\Sean\Desktop\Maxin Gaming Keyboard Driver.lnk
==================== One Month Modified Files and Folders =======
2014-04-21 18:30 - 2014-04-21 18:29 - 00016654 _____ () C:\Users\Sean\Downloads\FRST.txt
2014-04-21 18:29 - 2014-04-21 18:29 - 00000000 ____D () C:\Users\Sean\Downloads\FRST-OlderVersion
2014-04-21 18:29 - 2014-04-21 12:39 - 02061312 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe
2014-04-21 18:29 - 2014-04-04 09:05 - 00000000 ____D () C:\FRST
2014-04-21 18:22 - 2013-05-20 16:48 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Skype
2014-04-21 18:21 - 2012-07-09 09:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 17:54 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 17:54 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 17:51 - 2012-06-05 18:18 - 00000000 ____D () C:\Users\Sean\AppData\Local\Deployment
2014-04-21 17:50 - 2012-03-12 23:12 - 01439585 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 17:49 - 2013-07-11 19:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-21 17:48 - 2012-06-05 18:19 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1692878950-4230530971-1470192091-1000UA.job
2014-04-21 17:47 - 2014-04-07 18:32 - 00006505 _____ () C:\Windows\setupact.log
2014-04-21 17:47 - 2013-07-15 11:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-21 17:47 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-21 15:43 - 2012-08-11 01:21 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Audacity
2014-04-21 13:44 - 2012-12-31 05:14 - 00000000 ____D () C:\Users\Sean\AppData\Local\Paint.NET
2014-04-21 12:27 - 2013-07-14 21:34 - 00000000 ____D () C:\Users\Sean\.gimp-2.8
2014-04-21 12:26 - 2014-04-21 12:26 - 00014402 _____ () C:\Users\Sean\AppData\Local\recently-used.xbel
2014-04-21 10:48 - 2012-06-05 18:19 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1692878950-4230530971-1470192091-1000Core.job
2014-04-20 14:34 - 2012-12-15 18:14 - 00000000 ____D () C:\Users\Sean\Documents\osu!
2014-04-20 01:11 - 2013-10-30 23:15 - 00000000 ____D () C:\AdwCleaner
2014-04-20 01:09 - 2014-04-20 01:09 - 01308369 _____ () C:\Users\Sean\Downloads\AdwCleaner.exe
2014-04-20 01:07 - 2012-06-07 18:38 - 00000000 ____D () C:\Users\Sean\AppData\Local\CrashDumps
2014-04-18 15:13 - 2013-12-21 18:14 - 00000000 ____D () C:\Users\Sean\AppData\Local\NVIDIA Corporation
2014-04-18 15:13 - 2013-07-15 11:42 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-18 15:13 - 2013-07-15 11:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-16 09:29 - 2013-10-30 13:06 - 00000000 ____D () C:\Windows\Razer Core
2014-04-16 09:04 - 2014-04-15 13:15 - 00000000 ____D () C:\Program Files (x86)\Bruteforce Save Data
2014-04-16 09:04 - 2012-07-09 09:43 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-16 09:04 - 2012-07-09 09:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-16 09:04 - 2011-10-27 03:51 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-16 09:03 - 2012-06-05 17:50 - 00000000 ____D () C:\Users\Sean\AppData\Local\Adobe
2014-04-15 13:16 - 2014-04-15 13:16 - 00003118 _____ () C:\Windows\System32\Tasks\{7D60BC81-E918-47F1-935E-A66DD4F863BC}
2014-04-15 13:16 - 2014-04-15 13:15 - 00001064 _____ () C:\Users\Sean\Desktop\Bruteforce Save Data.lnk
2014-04-15 12:47 - 2014-04-15 12:47 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Wireshark
2014-04-15 12:36 - 2014-04-15 12:36 - 00000092 _____ () C:\Users\Sean\AppData\Local\fusioncache.dat
2014-04-15 09:08 - 2012-06-05 19:43 - 00000000 ____D () C:\New Folder1
2014-04-15 08:35 - 2009-07-13 22:13 - 00797180 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-15 00:41 - 2014-04-15 00:36 - 00000530 _____ () C:\Windows\DtcInstall.log
2014-04-15 00:39 - 2014-04-15 00:39 - 00000000 ____D () C:\Program Files (x86)\Wireshark
2014-04-15 00:39 - 2012-12-05 00:43 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-04-15 00:38 - 2014-04-15 00:38 - 00000000 ____D () C:\Program Files (x86)\CF3B5
2014-04-15 00:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-04-15 00:36 - 2012-08-18 18:47 - 00813260 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-14 19:26 - 2013-07-14 21:37 - 00000000 ____D () C:\Users\Sean\AppData\Local\gtk-2.0
2014-04-14 19:15 - 2014-01-24 17:44 - 00048128 ___SH () C:\Users\Sean\Thumbs.db
2014-04-14 19:15 - 2012-06-05 17:50 - 00000000 ____D () C:\Users\Sean
2014-04-14 18:19 - 2013-10-21 14:55 - 00231936 ___SH () C:\Users\Sean\Documents\Thumbs.db
2014-04-14 16:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\security
2014-04-14 16:17 - 2014-04-14 16:17 - 00009523 _____ () C:\Users\Sean\Downloads\Malwarebytes.txt
2014-04-14 16:05 - 2014-04-14 16:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 16:04 - 2014-04-14 16:04 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-14 16:04 - 2014-04-14 16:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 16:04 - 2014-04-14 16:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 05:09 - 2014-03-09 23:26 - 00000000 ____D () C:\Users\Sean\Documents\PaintToolSAI
2014-04-13 14:10 - 2013-09-01 05:31 - 00000000 ____D () C:\Program Files (x86)\MP3 My MP3 4.0
2014-04-13 00:14 - 2014-03-26 15:26 - 00000000 ____D () C:\Users\Sean\AppData\Local\WinZip
2014-04-12 03:14 - 2012-06-05 19:43 - 00000000 ____D () C:\Users\Sean\Documents\GIF Image
2014-04-11 12:49 - 2013-09-01 05:53 - 00009728 _____ () C:\Users\Sean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-10 18:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-10 15:54 - 2013-10-30 13:07 - 00129472 _____ (Razer, Inc.) C:\Windows\system32\Drivers\RzDxgk.sys
2014-04-10 15:54 - 2013-10-30 13:07 - 00074432 _____ (Razer, Inc.) C:\Windows\system32\Drivers\RzFilter.sys
2014-04-09 13:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 02:11 - 2013-10-06 18:42 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 02:11 - 2013-10-06 18:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-07 20:56 - 2014-04-07 20:40 - 00059033 _____ () C:\zoek-results.log
2014-04-07 20:55 - 2013-11-10 14:21 - 00563606 _____ () C:\Windows\PFRO.log
2014-04-07 20:52 - 2014-04-07 18:29 - 00000000 ____D () C:\zoek_backup
2014-04-07 20:47 - 2012-11-21 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-07 20:37 - 2014-04-07 20:54 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-07 18:32 - 2014-04-07 18:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 18:31 - 2014-04-01 09:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-07 18:29 - 2014-04-07 18:29 - 01285120 _____ () C:\Users\Sean\Downloads\zoek.exe
2014-04-07 18:27 - 2013-07-26 08:34 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\COMODO
2014-04-07 09:07 - 2014-04-07 09:07 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dotDev Studio
2014-04-06 20:36 - 2014-04-05 17:09 - 00000000 ____D () C:\Program Files (x86)\Cockatrice
2014-04-05 22:02 - 2014-04-05 22:02 - 00000926 _____ () C:\Users\Sean\Desktop\cockatrice.exe - Shortcut.lnk
2014-04-05 17:15 - 2014-04-05 17:15 - 00000000 ____D () C:\Users\Sean\AppData\Local\Cockatrice
2014-04-05 17:14 - 2014-04-05 17:14 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cockatrice
2014-04-04 17:23 - 2014-04-04 05:27 - 01135030 _____ () C:\Users\Sysinfo.nfo
2014-04-04 09:25 - 2012-12-05 02:24 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-04-04 09:24 - 2014-01-03 14:33 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-04-04 09:24 - 2012-12-05 02:24 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-04-03 10:43 - 2012-06-05 18:19 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692878950-4230530971-1470192091-1000UA
2014-04-03 10:43 - 2012-06-05 18:19 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692878950-4230530971-1470192091-1000Core
2014-04-03 09:51 - 2014-04-14 16:04 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 16:04 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 16:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 19:39 - 2014-01-03 22:02 - 00000000 ____D () C:\Users\Sean\AppData\Local\Akamai
2014-04-02 06:27 - 2013-12-21 18:12 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-02 06:27 - 2013-12-21 18:12 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-04-02 03:38 - 2014-04-02 03:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-02 03:38 - 2014-04-02 03:38 - 00000000 ____D () C:\Users\Sean\AppData\Local\Skype
2014-04-02 03:38 - 2011-10-27 03:42 - 00000000 ____D () C:\ProgramData\Skype
2014-04-01 05:55 - 2013-02-03 21:38 - 00000000 ____D () C:\Users\Sean\Documents\Hisoutensoku Plus
2014-04-01 03:11 - 2014-04-01 03:11 - 00000000 ____D () C:\Users\Sean\AppData\Local\SWTOR
2014-03-30 18:16 - 2014-04-08 10:35 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 18:13 - 2014-04-08 10:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 17:13 - 2014-04-08 10:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 16:57 - 2014-04-08 10:35 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-29 16:30 - 2014-03-16 03:55 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-03-29 16:30 - 2014-03-16 03:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-29 16:30 - 2014-03-16 03:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-26 18:15 - 2013-05-20 18:01 - 00000000 ____D () C:\Users\Sean\Documents\Sounds
2014-03-26 15:28 - 2012-06-05 17:57 - 00000000 ____D () C:\Windows\system32\ico (256)
2014-03-26 15:26 - 2014-03-26 15:25 - 00000000 ____D () C:\ProgramData\WinZip
2014-03-26 15:25 - 2014-03-26 15:25 - 00000000 ____D () C:\Program Files\WinZip
2014-03-22 00:47 - 2014-03-22 00:47 - 00001986 _____ () C:\Users\Sean\Desktop\Maxin Gaming Keyboard Driver.lnk
Files to move or delete:
====================
C:\Users\Sean\Windows_7_MouseFix_TextSize(DPI)=100%[email protected]
C:\Users\Sean\Windows_7_MouseFix_TextSize(DPI)=100%[email protected]
C:\Users\Sean\Windows_7_MouseFix_TextSize(DPI)=100%[email protected]
Some content of TEMP:
====================
C:\Users\Sean\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-19 00:48
==================== End Of Log ============================
Only problem is that it didn't create an additional log this time. Unless it's in a location that I haven't check. The first log was made where I had FRST64 downloaded to. Does it go somewhere else?
#12
Posted 21 April 2014 - 08:25 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
The first log was made where I had FRST64 downloaded to.
Yes that is where the log should appear. There is a copy at C:\FRST\Logs
Does it go somewhere else?
That log only comes up the first time FRST is run. After that it has to be asked for. See Addition.txt box.
Now
Download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
#13
Posted 29 April 2014 - 04:47 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
