Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with Magnipic.exe/PrivitiseVPN infection


  • This topic is locked This topic is locked
26 replies to this topic

#16 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 AM

Posted 07 August 2013 - 09:46 PM


Hello Cetadon



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

BC AdBot (Login to Remove)

 


#17 Cetadon

Cetadon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 07 August 2013 - 09:53 PM

Hi Gringo,

 

Herewith the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013
Ran by JP (administrator) on 08-08-2013 11:50:13
Running from C:\Users\JP\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2011-02-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-12-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-12-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-12-24] (Lenovo)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKCU\...\Run: [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3541008 2012-12-15] (Tonec Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_D485D20C06BDCDEB626207281C5C94F7] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288 2013-07-25] (Google Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-14] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM-x32\...\Run: [CheckNDISPort_df] - C:\Program Files (x86)\Hostless Modem\CheckNDISPort_df.exe [440648 2012-07-10] ()
HKU\UpdatusUser\...\Run: [Power2GoExpress] - NA [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [226920 2011-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [192616 2011-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk
ShortcutTarget: Samsung Auto Backup Guage.lnk -> C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk
ShortcutTarget: Samsung Auto Backup Real-Time Daemon.lnk -> C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk
ShortcutTarget: Samsung Auto Backup Scheduler.lnk -> C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Dashlane BHO - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\JP\AppData\Roaming\Dashlane\ie\Dashlanei.dll (Dashlane)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\JP\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.4.1
 
FireFox:
========
FF ProfilePath: C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\oelalzlp.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Users\JP\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\JP\AppData\Roaming\IDM\idmmzcc5
FF HKCU\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] C:\Users\JP\AppData\Roaming\Dashlane\2.1.3.40973\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}
FF Extension: Dashlane - C:\Users\JP\AppData\Roaming\Dashlane\2.1.3.40973\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Users\JP\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\JP\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: ""
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Zotero Connector) - C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc\4.0.8.2_0
CHR Extension: (AdBlock) - C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (rikaikun) - C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp\0.8.5_0
CHR Extension: (IDM Integration) - C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0
CHR Extension: (      "name": "Dashlane") - C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.1.3.40973_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Bitdefender QuickScan) - C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0
CHR Extension: (Evernote Web Clipper) - C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.19_0
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-10-13] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-06-15] (DT Soft Ltd)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-08 11:49 - 2013-08-08 11:49 - 01790059 _____ (Farbar) C:\Users\JP\Downloads\FRST64.exe
2013-08-08 09:17 - 2013-08-08 09:17 - 00201728 _____ (OldTimer Tools) C:\Users\JP\Downloads\OTC.exe
2013-08-08 08:47 - 2013-08-08 09:07 - 00002920 _____ C:\windows\PFRO.log
2013-08-08 08:36 - 2013-08-08 11:30 - 00000336 _____ C:\windows\setupact.log
2013-08-08 08:36 - 2013-08-08 08:36 - 00000000 _____ C:\windows\setuperr.log
2013-08-07 14:45 - 2013-08-07 14:46 - 02347384 _____ (ESET) C:\Users\JP\Downloads\esetsmartinstaller_enu.exe
2013-08-07 12:57 - 2013-08-07 12:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\JP\Desktop\HijackThis.exe
2013-08-07 12:56 - 2013-08-07 12:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\JP\Downloads\HijackThis.exe
2013-08-07 12:55 - 2013-08-07 12:55 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-07 12:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-08-07 12:53 - 2013-08-07 12:53 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\JP\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-07 12:44 - 2013-08-07 12:44 - 00002766 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-08-07 12:44 - 2013-08-07 12:44 - 00000000 ____D C:\Program Files\CCleaner
2013-08-07 12:43 - 2013-08-07 12:44 - 04429440 _____ (Piriform Ltd) C:\Users\JP\Downloads\ccsetup404.exe
2013-08-07 12:42 - 2013-08-07 12:43 - 00000000 ____D C:\Users\JP\AppData\Roaming\Foxit Software
2013-08-07 12:42 - 2013-08-07 12:42 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-08-07 12:42 - 2013-06-09 21:59 - 00216064 _____ C:\windows\SysWOW64\gcapi_dll.dll
2013-08-07 12:41 - 2013-08-07 12:41 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-07 12:41 - 2013-08-07 12:40 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-08-07 12:41 - 2013-08-07 12:40 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-08-07 12:41 - 2013-08-07 12:40 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-08-07 12:39 - 2013-08-07 12:39 - 29966088 _____ (Foxit Corporation                                           ) C:\Users\JP\Downloads\FoxitReader606.0722_enu_Setup.exe
2013-08-07 12:39 - 2013-08-07 12:39 - 00903080 _____ (Oracle Corporation) C:\Users\JP\Downloads\chromeinstall-7u25.exe
2013-08-07 12:21 - 2013-08-07 12:21 - 00001268 _____ C:\Users\JP\Desktop\Revo Uninstaller.lnk
2013-08-07 12:21 - 2013-08-07 12:21 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-07 12:18 - 2013-08-07 12:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JP\Downloads\revosetup.exe
2013-08-07 08:54 - 2013-08-07 08:54 - 00000000 ____D C:\ProgramData\LockHunter
2013-08-07 08:53 - 2013-08-07 08:54 - 01563024 _____ (Crystal Rich, Ltd                                           ) C:\Users\JP\Downloads\lockhuntersetup64_2-0-beta2.exe
2013-08-07 08:47 - 2013-08-07 08:47 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\JP\Downloads\JRT (1).exe
2013-08-07 08:40 - 2013-08-07 08:40 - 00000000 ____D C:\windows\ERUNT
2013-08-07 08:40 - 2013-08-07 08:39 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\JP\Desktop\JRT.exe
2013-08-07 08:39 - 2013-08-07 08:39 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\JP\Downloads\JRT.exe
2013-08-07 08:35 - 2013-08-07 08:36 - 00003315 _____ C:\AdwCleaner[S1].txt
2013-08-07 08:35 - 2013-08-07 08:34 - 00666633 _____ C:\Users\JP\Desktop\AdwCleaner.exe
2013-08-07 08:34 - 2013-08-07 08:34 - 00666633 _____ C:\Users\JP\Downloads\AdwCleaner.exe
2013-08-06 20:56 - 2013-08-08 08:46 - 00000000 ____D C:\windows\erdnt
2013-08-06 17:08 - 2013-08-07 16:23 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 17:08 - 2013-08-06 19:09 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 12:38 - 2013-08-06 14:26 - 00000000 ____D C:\Users\JP\AppData\Local\NPE
2013-08-06 12:38 - 2013-08-06 12:38 - 00000000 ____D C:\ProgramData\Norton
2013-08-06 11:19 - 2013-08-06 11:19 - 00000000 ____D C:\Program Files\Bitdefender
2013-08-06 11:18 - 2013-08-06 11:19 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-06 11:17 - 2013-08-06 11:18 - 00000000 ____D C:\Users\JP\AppData\Roaming\QuickScan
2013-08-05 22:00 - 2013-08-05 22:00 - 00000000 ____D C:\Users\JP\AppData\Roaming\TuneUp Software
2013-08-05 22:00 - 2013-08-05 22:00 - 00000000 ____D C:\Users\JP\AppData\Roaming\AVG2013
2013-08-05 21:58 - 2013-08-07 16:23 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-05 21:54 - 2013-08-07 01:51 - 00000000 ____D C:\ProgramData\MFAData
2013-08-05 21:54 - 2013-08-06 07:31 - 00000000 ____D C:\Users\JP\AppData\Local\Avg2013
2013-08-05 21:54 - 2013-08-05 21:54 - 00000000 ____D C:\Users\JP\AppData\Local\MFAData
2013-08-05 21:35 - 2013-08-05 21:35 - 00000745 _____ C:\Users\JP\Downloads\xp_exe_fix.zip
2013-08-05 19:37 - 2013-08-07 12:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 19:37 - 2013-08-05 19:37 - 00000000 ____D C:\Users\JP\AppData\Roaming\Malwarebytes
2013-08-05 19:37 - 2013-08-05 19:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-03 17:37 - 2013-08-05 21:19 - 00000000 ____D C:\Users\JP\AppData\Local\Flvto Youtube Downloader
2013-08-03 13:23 - 2013-08-07 08:54 - 00000000 ____D C:\Program Files\LockHunter
2013-08-03 13:23 - 2013-08-03 13:23 - 00000000 ____D C:\Users\JP\AppData\Roaming\LockHunter
2013-07-11 19:07 - 2013-07-11 19:07 - 02351064 _____ C:\Users\JP\Downloads\Churchill-Iii.TheAgeOfRevolution_.epub
2013-07-11 19:07 - 2013-07-11 19:07 - 01954055 _____ C:\Users\JP\Downloads\Churchill-I.Birth_of_britain.epub
2013-07-11 19:07 - 2013-07-11 19:07 - 01744492 _____ C:\Users\JP\Downloads\Churchill-Iv.The_great_democracies.epub
2013-07-11 19:07 - 2013-07-11 19:07 - 01406978 _____ C:\Users\JP\Downloads\Churchill-Ii.The_new_world.epub
2013-07-11 18:59 - 2013-07-11 18:59 - 04843323 _____ C:\Users\JP\Downloads\pg3090.mobi
2013-07-11 18:25 - 2013-07-11 18:25 - 00000000 ____D C:\Users\JP\Downloads\JK
2013-07-11 18:24 - 2013-07-11 18:24 - 00982512 _____ C:\Users\JP\Downloads\JK.zip
115
 
==================== One Month Modified Files and Folders =======
 
2013-08-08 11:50 - 2013-08-08 11:50 - 00000000 ____D C:\FRST
2013-08-08 11:49 - 2013-08-08 11:49 - 01790059 _____ (Farbar) C:\Users\JP\Downloads\FRST64.exe
2013-08-08 11:42 - 2009-07-14 14:13 - 00782154 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-08 11:39 - 2011-12-24 23:46 - 00279089 _____ C:\windows\system32\fastboot.set
2013-08-08 11:38 - 2013-02-13 18:10 - 00000000 _____ C:\windows\system32\Ikeext.etl
2013-08-08 11:30 - 2013-08-08 08:36 - 00000336 _____ C:\windows\setupact.log
2013-08-08 11:30 - 2009-07-14 14:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-08 11:28 - 2011-12-24 22:55 - 01183631 _____ C:\windows\WindowsUpdate.log
2013-08-08 09:17 - 2013-08-08 09:17 - 00201728 _____ (OldTimer Tools) C:\Users\JP\Downloads\OTC.exe
2013-08-08 09:07 - 2013-08-08 08:47 - 00002920 _____ C:\windows\PFRO.log
2013-08-08 08:48 - 2011-12-24 23:41 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-08 08:47 - 2012-06-15 01:20 - 00000000 ____D C:\Users\JP\AppData\Roaming\DMCache
2013-08-08 08:46 - 2013-08-06 20:56 - 00000000 ____D C:\windows\erdnt
2013-08-08 08:43 - 2011-12-24 23:41 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-08 08:36 - 2013-08-08 08:36 - 00000000 _____ C:\windows\setuperr.log
2013-08-08 08:36 - 2013-02-10 16:19 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-08 08:36 - 2009-07-14 12:20 - 00000000 ____D C:\windows\tracing
2013-08-07 22:57 - 2012-06-15 01:38 - 00000000 ____D C:\Users\JP\AppData\Roaming\vlc
2013-08-07 21:17 - 2012-06-15 01:20 - 00000000 ____D C:\Users\JP\Downloads\Video
2013-08-07 21:17 - 2012-06-15 01:20 - 00000000 ____D C:\Users\JP\AppData\Roaming\IDM
2013-08-07 17:30 - 2012-08-19 20:29 - 00000000 ____D C:\Users\JP\AppData\Roaming\Media Player Classic
2013-08-07 16:25 - 2009-07-14 14:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-08-07 16:23 - 2013-08-06 17:08 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-07 16:23 - 2013-08-05 21:58 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-07 16:23 - 2013-06-09 10:08 - 00000000 ____D C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2013-08-07 16:23 - 2013-04-04 08:47 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2013-08-07 16:23 - 2013-03-25 22:10 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-07 16:23 - 2013-03-08 21:45 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-07 16:23 - 2013-02-11 00:53 - 00000000 ____D C:\Users\JP\AppData\Local\FlvtoConverter
2013-08-07 16:23 - 2012-12-06 21:24 - 00000000 ____D C:\Program Files (x86)\Hostless Modem
2013-08-07 16:23 - 2012-08-06 18:55 - 00000000 ____D C:\ProgramData\Energy Management
2013-08-07 16:23 - 2012-07-18 02:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 16:23 - 2012-07-04 02:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-07 16:23 - 2012-07-04 02:21 - 00000000 ____D C:\Program Files\Bonjour
2013-08-07 16:23 - 2012-07-04 02:21 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-07 16:23 - 2012-06-15 03:18 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2013-08-07 16:23 - 2012-06-15 01:20 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-08-07 16:23 - 2012-06-15 00:32 - 00000000 ____D C:\Users\JP\AppData\Local\BioExcess
2013-08-07 16:23 - 2011-12-24 23:35 - 00000000 ____D C:\ProgramData\Port Locker
2013-08-07 16:23 - 2011-12-24 23:34 - 00000000 ____D C:\Program Files (x86)\EgisTec Port Locker
2013-08-07 16:23 - 2011-12-24 23:30 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-08-07 16:23 - 2011-12-24 23:30 - 00000000 ____D C:\Program Files (x86)\EgisTec BioExcess
2013-08-07 16:23 - 2011-12-24 23:24 - 00000000 ____D C:\Program Files (x86)\USB Camera
2013-08-07 16:23 - 2011-12-24 23:13 - 00000000 ____D C:\Program Files\Elantech
2013-08-07 16:23 - 2011-12-24 23:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-07 16:23 - 2011-12-24 23:06 - 00000000 ____D C:\ProgramData\Intel
2013-08-07 16:23 - 2011-12-24 23:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-07 16:23 - 2009-07-14 12:20 - 00000000 ____D C:\windows\AppCompat
2013-08-07 16:22 - 2010-11-21 16:06 - 00000000 ____D C:\windows\SysWOW64\winrm
2013-08-07 16:22 - 2010-11-21 16:06 - 00000000 ____D C:\windows\SysWOW64\WCN
2013-08-07 16:22 - 2010-11-21 16:06 - 00000000 ____D C:\windows\SysWOW64\slmgr
2013-08-07 16:22 - 2009-07-14 14:32 - 00000000 ____D C:\windows\SysWOW64\WindowsPowerShell
2013-08-07 16:22 - 2009-07-14 12:20 - 00000000 ____D C:\windows\Web
2013-08-07 16:22 - 2009-07-14 12:20 - 00000000 ____D C:\windows\Vss
2013-08-07 16:22 - 2009-07-14 12:20 - 00000000 ____D C:\windows\SysWOW64\spp
2013-08-07 16:22 - 2009-07-14 12:20 - 00000000 ____D C:\windows\SysWOW64\Speech
2013-08-07 16:22 - 2009-07-14 12:20 - 00000000 ____D C:\windows\registration
2013-08-07 16:21 - 2012-06-15 01:58 - 00000000 ____D C:\windows\SysWOW64\Macromed
2013-08-07 16:21 - 2012-06-15 01:58 - 00000000 ____D C:\windows\SysWOW64\Adobe
2013-08-07 16:21 - 2010-11-21 16:06 - 00000000 ____D C:\windows\SysWOW64\Printing_Admin_Scripts
2013-08-07 16:21 - 2010-11-21 16:06 - 00000000 ____D C:\windows\system32\winrm
2013-08-07 16:21 - 2010-11-21 16:06 - 00000000 ____D C:\windows\system32\WCN
2013-08-07 16:21 - 2010-11-21 16:06 - 00000000 ____D C:\windows\system32\slmgr
2013-08-07 16:21 - 2010-11-21 16:06 - 00000000 ____D C:\windows\system32\Printing_Admin_Scripts
2013-08-07 16:21 - 2009-07-14 14:32 - 00000000 ____D C:\windows\system32\WindowsPowerShell
2013-08-07 16:21 - 2009-07-14 14:32 - 00000000 ____D C:\windows\system32\WinBioPlugIns
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\SysWOW64\NetworkList
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\SysWOW64\MUI
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\SysWOW64\Msdtc
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\SysWOW64\migwiz
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\SysWOW64\InstallShield
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\SysWOW64\IME
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\SysWOW64\Dism
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\SysWOW64\com
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\sysprep
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\spp
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\spool
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\Speech
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\SMI
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\oobe
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\NetworkList
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\MUI
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\Msdtc
2013-08-07 16:21 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\migwiz
2013-08-07 16:20 - 2013-02-10 16:19 - 00000000 ____D C:\windows\system32\Macromed
2013-08-07 16:20 - 2013-02-09 20:15 - 00000000 ____D C:\Users\JP\Downloads\Antichamber
2013-08-07 16:20 - 2012-10-13 11:41 - 00000000 ____D C:\Users\JP\AppData\Roaming\PunkBuster
2013-08-07 16:20 - 2012-08-23 19:12 - 00000000 ____D C:\Users\JP\Documents\iPhone backups
2013-08-07 16:20 - 2012-07-20 17:02 - 00000000 ____D C:\Users\JP\AppData\Roaming\Skype
2013-08-07 16:20 - 2012-07-18 02:16 - 00000000 ____D C:\Users\JP\AppData\Roaming\Mozilla
2013-08-07 16:20 - 2012-07-03 20:36 - 00000000 ____D C:\Users\JP\Documents\TRANSFER
2013-08-07 16:20 - 2012-06-22 18:35 - 00000000 ____D C:\Users\JP\AppData\Roaming\Ubisoft
2013-08-07 16:20 - 2012-06-18 17:12 - 00000000 ____D C:\Users\JP\Documents\My Games
2013-08-07 16:20 - 2012-06-15 05:08 - 00000000 ____D C:\Users\JP\AppData\Roaming\Red Alert 3
2013-08-07 16:20 - 2012-06-15 03:24 - 00000000 ____D C:\Users\JP\AppData\Roaming\Sun
2013-08-07 16:20 - 2012-06-15 00:31 - 00000000 ___RD C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-07 16:20 - 2012-06-15 00:31 - 00000000 ____D C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2013-08-07 16:20 - 2009-07-14 14:32 - 00000000 ____D C:\windows\Performance
2013-08-07 16:20 - 2009-07-14 13:45 - 00000000 ____D C:\windows\Setup
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 __RSD C:\windows\Media
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\IME
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\Dism
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\com
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\Speech
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\servicing
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\security
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\schemas
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\Resources
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\rescache
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\PLA
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\IME
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\Help
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\Globalization
2013-08-07 16:20 - 2009-07-14 12:20 - 00000000 ____D C:\windows\Branding
2013-08-07 16:19 - 2013-04-11 20:33 - 00000000 ____D C:\Users\JP\AppData\Local\OLYMPUS
2013-08-07 16:19 - 2013-03-08 21:45 - 00000000 ____D C:\ProgramData\DivX
2013-08-07 16:19 - 2013-02-11 00:52 - 00000000 ____D C:\Users\JP\AppData\Local\Flvto Converter
2013-08-07 16:19 - 2013-01-29 12:29 - 00000000 ____D C:\Users\JP\AppData\Local\Zachtronics Industries
2013-08-07 16:19 - 2012-12-19 01:02 - 00000000 ____D C:\sn0wbreeze
2013-08-07 16:19 - 2012-12-18 21:04 - 00000000 ____D C:\Users\JP\AppData\Local\Cranium_Consulting_and_Cu
2013-08-07 16:19 - 2012-10-08 00:46 - 00000000 ____D C:\Users\JP\AppData\Local\Macroplant_LLC
2013-08-07 16:19 - 2012-08-19 20:29 - 00000000 ____D C:\Program Files\MPC-HC
2013-08-07 16:19 - 2012-07-20 17:01 - 00000000 ____D C:\ProgramData\Skype
2013-08-07 16:19 - 2012-07-18 02:16 - 00000000 ____D C:\Users\JP\AppData\Local\Mozilla
2013-08-07 16:19 - 2012-07-04 02:22 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-07 16:19 - 2012-07-04 02:22 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2013-08-07 16:19 - 2012-07-04 02:21 - 00000000 ____D C:\ProgramData\Apple
2013-08-07 16:19 - 2012-07-04 01:51 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-07 16:19 - 2012-06-15 02:06 - 00000000 ____D C:\ProgramData\IObit
2013-08-07 16:19 - 2012-06-15 00:42 - 00000000 ____D C:\Users\JP\AppData\Roaming\Adobe
2013-08-07 16:19 - 2012-06-15 00:41 - 00000000 ____D C:\Users\JP\AppData\Local\Google
2013-08-07 16:19 - 2012-06-15 00:41 - 00000000 ____D C:\Users\JP\AppData\Local\CyberLink
2013-08-07 16:19 - 2012-06-15 00:41 - 00000000 ____D C:\ProgramData\CyberLink
2013-08-07 16:19 - 2011-12-24 23:44 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-08-07 16:19 - 2011-12-24 23:38 - 00000000 ____D C:\Program Files\Windows Live
2013-08-07 16:19 - 2011-12-24 23:31 - 00000000 ____D C:\ProgramData\McAfee
2013-08-07 16:19 - 2011-12-24 23:21 - 00000000 ____D C:\Program Files\Lenovo
2013-08-07 16:19 - 2011-12-24 23:12 - 00000000 ____D C:\Program Files\Realtek
2013-08-07 16:19 - 2011-12-24 23:07 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-07 16:19 - 2011-02-22 20:42 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-07 16:19 - 2009-07-14 14:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-08-07 16:19 - 2009-07-14 14:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-08-07 16:19 - 2009-07-14 14:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-07 16:19 - 2009-07-14 14:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-08-07 16:19 - 2009-07-14 14:32 - 00000000 ____D C:\Program Files\MSBuild
2013-08-07 16:19 - 2009-07-14 14:32 - 00000000 ____D C:\Program Files\Microsoft Games
2013-08-07 16:19 - 2009-07-14 12:20 - 00000000 __RHD C:\Users\Default
2013-08-07 16:19 - 2009-07-14 12:20 - 00000000 ____D C:\Program Files\Windows NT
2013-08-07 16:18 - 2013-05-30 18:17 - 00000000 ____D C:\Program Files (x86)\Evernote
2013-08-07 16:18 - 2013-04-15 17:03 - 00000000 ____D C:\Program Files (x86)\Foldit
2013-08-07 16:18 - 2013-04-11 20:33 - 00000000 ____D C:\Program Files (x86)\OLYMPUS
2013-08-07 16:18 - 2013-03-31 02:38 - 00000000 ____D C:\Program Files\Adobe
2013-08-07 16:18 - 2013-03-08 21:46 - 00000000 ____D C:\Program Files\DivX
2013-08-07 16:18 - 2013-02-22 18:17 - 00000000 ____D C:\Program Files (x86)\Calibre2
2013-08-07 16:18 - 2013-01-29 12:28 - 00000000 ____D C:\Program Files (x86)\Zachtronics Industries
2013-08-07 16:18 - 2012-10-16 23:30 - 00000000 ____D C:\Program Files (x86)\Nitro PDF
2013-08-07 16:18 - 2012-08-23 18:58 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-07 16:18 - 2012-07-20 17:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-07 16:18 - 2012-07-04 02:22 - 00000000 ____D C:\Program Files\iTunes
2013-08-07 16:18 - 2012-07-04 02:22 - 00000000 ____D C:\Program Files\iPod
2013-08-07 16:18 - 2012-07-04 02:21 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-07 16:18 - 2012-07-04 02:21 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-07 16:18 - 2012-07-04 01:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-07 16:18 - 2012-07-04 01:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2013-08-07 16:18 - 2012-07-04 01:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-07 16:18 - 2012-07-04 01:50 - 00000000 ___RD C:\MSOCache
2013-08-07 16:18 - 2012-06-22 18:17 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-08-07 16:18 - 2012-06-21 07:01 - 00000000 ____D C:\Program Files\GetASFStream
2013-08-07 16:18 - 2012-06-18 17:12 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-08-07 16:18 - 2012-06-15 04:42 - 00000000 ____D C:\Program Files (x86)\Diablo II
2013-08-07 16:18 - 2012-06-15 04:32 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-08-07 16:18 - 2012-06-15 02:06 - 00000000 ____D C:\Program Files (x86)\IObit
2013-08-07 16:18 - 2012-06-15 01:43 - 00000000 ____D C:\Program Files (x86)\Clarus
2013-08-07 16:18 - 2012-06-15 01:37 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-08-07 16:18 - 2012-06-15 01:25 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-08-07 16:18 - 2011-12-24 23:45 - 00000000 ____D C:\Program Files\DIFX
2013-08-07 16:18 - 2011-12-24 23:41 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-07 16:18 - 2011-12-24 23:41 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-08-07 16:18 - 2011-12-24 23:39 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-08-07 16:18 - 2011-12-24 23:39 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-07 16:18 - 2011-12-24 23:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-07 16:18 - 2011-12-24 23:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-07 16:18 - 2011-12-24 23:30 - 00000000 ____D C:\Program Files\EgisTec IPS
2013-08-07 16:18 - 2011-12-24 23:20 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-08-07 16:18 - 2011-12-24 23:09 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-08-07 16:18 - 2011-12-24 23:05 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-08-07 16:18 - 2011-12-24 23:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-07 16:18 - 2011-12-24 23:03 - 00000000 ____D C:\Program Files (x86)\Intel
2013-08-07 16:18 - 2009-07-14 14:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-08-07 16:18 - 2009-07-14 14:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-08-07 16:18 - 2009-07-14 14:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-07 16:18 - 2009-07-14 14:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-08-07 16:18 - 2009-07-14 14:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-07 16:18 - 2009-07-14 12:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-07 16:18 - 2009-07-14 12:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2013-08-07 16:18 - 2009-07-14 12:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-07 16:18 - 2009-07-14 12:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2013-08-07 14:46 - 2013-08-07 14:45 - 02347384 _____ (ESET) C:\Users\JP\Downloads\esetsmartinstaller_enu.exe
2013-08-07 13:45 - 2011-12-24 23:41 - 00002183 _____ C:\Users\Public\Desktop\Internet Browser.lnk
2013-08-07 12:56 - 2013-08-07 12:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\JP\Desktop\HijackThis.exe
2013-08-07 12:56 - 2013-08-07 12:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\JP\Downloads\HijackThis.exe
2013-08-07 12:55 - 2013-08-07 12:55 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-07 12:55 - 2013-08-05 19:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-07 12:53 - 2013-08-07 12:53 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\JP\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-07 12:49 - 2012-06-15 04:31 - 00000000 ____D C:\Users\JP\AppData\Roaming\DAEMON Tools Lite
2013-08-07 12:48 - 2012-08-06 01:47 - 00000000 ____D C:\windows\Minidump
2013-08-07 12:48 - 2011-02-22 20:19 - 00000000 ____D C:\windows\Panther
2013-08-07 12:44 - 2013-08-07 12:44 - 00002766 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-08-07 12:44 - 2013-08-07 12:44 - 00000000 ____D C:\Program Files\CCleaner
2013-08-07 12:44 - 2013-08-07 12:43 - 04429440 _____ (Piriform Ltd) C:\Users\JP\Downloads\ccsetup404.exe
2013-08-07 12:43 - 2013-08-07 12:42 - 00000000 ____D C:\Users\JP\AppData\Roaming\Foxit Software
2013-08-07 12:42 - 2013-08-07 12:42 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-08-07 12:41 - 2013-08-07 12:41 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-07 12:40 - 2013-08-07 12:41 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-08-07 12:40 - 2013-08-07 12:41 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-08-07 12:40 - 2013-08-07 12:41 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-08-07 12:40 - 2012-07-04 06:29 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2013-08-07 12:40 - 2012-07-04 06:29 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-08-07 12:40 - 2012-06-15 03:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-07 12:39 - 2013-08-07 12:39 - 29966088 _____ (Foxit Corporation                                           ) C:\Users\JP\Downloads\FoxitReader606.0722_enu_Setup.exe
2013-08-07 12:39 - 2013-08-07 12:39 - 00903080 _____ (Oracle Corporation) C:\Users\JP\Downloads\chromeinstall-7u25.exe
2013-08-07 12:30 - 2013-02-26 22:59 - 00000000 ____D C:\ProgramData\eMule
2013-08-07 12:29 - 2012-07-04 01:30 - 00000000 ____D C:\ProgramData\Adobe
2013-08-07 12:28 - 2012-06-15 17:10 - 00000000 ____D C:\Users\JP\AppData\Roaming\uTorrent
2013-08-07 12:21 - 2013-08-07 12:21 - 00001268 _____ C:\Users\JP\Desktop\Revo Uninstaller.lnk
2013-08-07 12:21 - 2013-08-07 12:21 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-07 12:18 - 2013-08-07 12:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JP\Downloads\revosetup.exe
2013-08-07 11:39 - 2009-07-14 11:34 - 00000215 _____ C:\windows\system.ini
2013-08-07 11:28 - 2013-04-16 20:09 - 00000000 ___RD C:\Users\JP\SkyDrive
2013-08-07 10:40 - 2009-07-14 13:45 - 00021296 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-07 10:40 - 2009-07-14 13:45 - 00021296 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-07 10:28 - 2009-07-14 11:34 - 64225280 _____ C:\windows\system32\config\software.bak
2013-08-07 10:28 - 2009-07-14 11:34 - 26738688 _____ C:\windows\system32\config\system.bak
2013-08-07 10:28 - 2009-07-14 11:34 - 00524288 _____ C:\windows\system32\config\default.bak
2013-08-07 10:28 - 2009-07-14 11:34 - 00262144 _____ C:\windows\system32\config\security.bak
2013-08-07 10:28 - 2009-07-14 11:34 - 00262144 _____ C:\windows\system32\config\sam.bak
2013-08-07 08:54 - 2013-08-07 08:54 - 00000000 ____D C:\ProgramData\LockHunter
2013-08-07 08:54 - 2013-08-07 08:53 - 01563024 _____ (Crystal Rich, Ltd                                           ) C:\Users\JP\Downloads\lockhuntersetup64_2-0-beta2.exe
2013-08-07 08:54 - 2013-08-03 13:23 - 00000000 ____D C:\Program Files\LockHunter
2013-08-07 08:47 - 2013-08-07 08:47 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\JP\Downloads\JRT (1).exe
2013-08-07 08:42 - 2013-06-09 10:08 - 00001904 _____ C:\Users\JP\Desktop\Dashlane.lnk
2013-08-07 08:42 - 2013-06-09 10:02 - 00000000 ____D C:\Users\JP\AppData\Roaming\Dashlane
2013-08-07 08:40 - 2013-08-07 08:40 - 00000000 ____D C:\windows\ERUNT
2013-08-07 08:39 - 2013-08-07 08:40 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\JP\Desktop\JRT.exe
2013-08-07 08:39 - 2013-08-07 08:39 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\JP\Downloads\JRT.exe
2013-08-07 08:36 - 2013-08-07 08:35 - 00003315 _____ C:\AdwCleaner[S1].txt
2013-08-07 08:34 - 2013-08-07 08:35 - 00666633 _____ C:\Users\JP\Desktop\AdwCleaner.exe
2013-08-07 08:34 - 2013-08-07 08:34 - 00666633 _____ C:\Users\JP\Downloads\AdwCleaner.exe
2013-08-07 01:51 - 2013-08-05 21:54 - 00000000 ____D C:\ProgramData\MFAData
2013-08-06 23:31 - 2012-06-15 00:30 - 00000000 ____D C:\Users\JP
2013-08-06 19:09 - 2013-08-06 17:08 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 14:26 - 2013-08-06 12:38 - 00000000 ____D C:\Users\JP\AppData\Local\NPE
2013-08-06 12:38 - 2013-08-06 12:38 - 00000000 ____D C:\ProgramData\Norton
2013-08-06 11:19 - 2013-08-06 11:19 - 00000000 ____D C:\Program Files\Bitdefender
2013-08-06 11:19 - 2013-08-06 11:18 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-06 11:18 - 2013-08-06 11:17 - 00000000 ____D C:\Users\JP\AppData\Roaming\QuickScan
2013-08-06 07:31 - 2013-08-05 21:54 - 00000000 ____D C:\Users\JP\AppData\Local\Avg2013
2013-08-05 22:00 - 2013-08-05 22:00 - 00000000 ____D C:\Users\JP\AppData\Roaming\TuneUp Software
2013-08-05 22:00 - 2013-08-05 22:00 - 00000000 ____D C:\Users\JP\AppData\Roaming\AVG2013
2013-08-05 21:54 - 2013-08-05 21:54 - 00000000 ____D C:\Users\JP\AppData\Local\MFAData
2013-08-05 21:35 - 2013-08-05 21:35 - 00000745 _____ C:\Users\JP\Downloads\xp_exe_fix.zip
2013-08-05 21:19 - 2013-08-03 17:37 - 00000000 ____D C:\Users\JP\AppData\Local\Flvto Youtube Downloader
2013-08-05 19:37 - 2013-08-05 19:37 - 00000000 ____D C:\Users\JP\AppData\Roaming\Malwarebytes
2013-08-05 19:37 - 2013-08-05 19:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-03 13:23 - 2013-08-03 13:23 - 00000000 ____D C:\Users\JP\AppData\Roaming\LockHunter
2013-07-20 09:13 - 2009-07-14 14:38 - 00067584 ____S C:\windows\bootstat(550).dat
2013-07-16 11:38 - 2011-12-24 23:41 - 00003908 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 11:38 - 2011-12-24 23:41 - 00003656 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-11 19:38 - 2013-02-22 18:18 - 00000000 ____D C:\Users\JP\Documents\Calibre Library
2013-07-11 19:07 - 2013-07-11 19:07 - 02351064 _____ C:\Users\JP\Downloads\Churchill-Iii.TheAgeOfRevolution_.epub
2013-07-11 19:07 - 2013-07-11 19:07 - 01954055 _____ C:\Users\JP\Downloads\Churchill-I.Birth_of_britain.epub
2013-07-11 19:07 - 2013-07-11 19:07 - 01744492 _____ C:\Users\JP\Downloads\Churchill-Iv.The_great_democracies.epub
2013-07-11 19:07 - 2013-07-11 19:07 - 01406978 _____ C:\Users\JP\Downloads\Churchill-Ii.The_new_world.epub
2013-07-11 18:59 - 2013-07-11 18:59 - 04843323 _____ C:\Users\JP\Downloads\pg3090.mobi
2013-07-11 18:25 - 2013-07-11 18:25 - 00000000 ____D C:\Users\JP\Downloads\JK
2013-07-11 18:24 - 2013-07-11 18:24 - 00982512 _____ C:\Users\JP\Downloads\JK.zip
 
Files to move or delete:
====================
C:\ProgramData\QuickTimeInstaller.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-02 19:58
 
==================== End Of Log ============================

 

Attached Files



#18 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 AM

Posted 07 August 2013 - 10:08 PM

Hello Cetadon



I need you to download this script I have made for you --> Attached File  fixlist.txt   29bytes   3 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#19 Cetadon

Cetadon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 07 August 2013 - 10:17 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-08-2013
Ran by JP at 2013-08-08 12:16:27 Run:1
Running from C:\Users\JP\Downloads
Boot Mode: Safe Mode (with Networking)
==============================================
 
Error: The restore operation should be done in the recovery mode.
 
==== End of Fixlog ====


#20 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 AM

Posted 07 August 2013 - 10:46 PM


Hello Cetadon

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First Press the Scan button.
  • It will make a log (FRST.txt)
I want you to poste the FRST.txt report into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#21 Cetadon

Cetadon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 07 August 2013 - 11:08 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013
Ran by SYSTEM on 08-08-2013 13:01:09
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2011-02-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-12-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-12-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-12-24] (Lenovo)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [CheckNDISPort_df] - C:\Program Files (x86)\Hostless Modem\CheckNDISPort_df.exe [440648 2012-07-09] ()
HKU\JP\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKU\JP\...\Run: [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3541008 2012-12-14] (Tonec Inc.)
HKU\JP\...\Run: [GoogleChromeAutoLaunch_D485D20C06BDCDEB626207281C5C94F7] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288 2013-07-24] (Google Inc.)
HKU\UpdatusUser\...\Run: [Power2GoExpress] - NA [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [226920 2011-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [192616 2011-03-04] (NVIDIA Corporation)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk
ShortcutTarget: Samsung Auto Backup Guage.lnk -> C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk
ShortcutTarget: Samsung Auto Backup Real-Time Daemon.lnk -> C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk
ShortcutTarget: Samsung Auto Backup Scheduler.lnk -> C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} -  No File
 
==================== Services (Whitelisted) =================
 
S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-03] (Malwarebytes Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-10-12] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-08] (EldoS Corporation)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-06-14] (DT Soft Ltd)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-10-31] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-10-31] (OpenLibSys.org)
S3 BcmSqlStartupSvc; 
S2 CLKMSVC10_3A60B698; 
S2 CLKMSVC10_C3B3B687; 
S2 DriverService; 
S2 IAStorDataMgrSvc; 
S2 iATAgentService; 
S2 idealife Update Service; 
S3 IGRS; 
S2 IviRegMgr; 
S2 Oasis2Service; 
S2 PCCarerService; 
S2 ReadyComm.DirectRouter; 
S2 RichVideo; 
S2 RtLedService; 
S2 SeaPort; 
S2 SoftwareService; 
S3 SQLWriter; 
S2 Stereo Service; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-07 19:23 - 2013-08-07 19:23 - 00000029 _____ C:\Users\JP\Downloads\fixlist.txt
2013-08-07 19:23 - 2013-08-07 18:49 - 01790059 _____ (Farbar) C:\Users\JP\Desktop\FRST64.exe
2013-08-07 18:51 - 2013-08-07 18:51 - 00049788 _____ C:\Users\JP\Downloads\FRST.txt
2013-08-07 18:51 - 2013-08-07 18:51 - 00021701 _____ C:\Users\JP\Downloads\Addition.txt
2013-08-07 18:50 - 2013-08-07 18:50 - 00000000 ____D C:\FRST
2013-08-07 18:49 - 2013-08-07 18:49 - 01790059 _____ (Farbar) C:\Users\JP\Downloads\FRST64.exe
2013-08-07 16:17 - 2013-08-07 16:17 - 00201728 _____ (OldTimer Tools) C:\Users\JP\Downloads\OTC.exe
2013-08-07 15:47 - 2013-08-07 16:07 - 00002920 _____ C:\Windows\PFRO.log
2013-08-07 15:36 - 2013-08-07 18:30 - 00000336 _____ C:\Windows\setupact.log
2013-08-07 15:36 - 2013-08-07 15:36 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 21:45 - 2013-08-06 21:46 - 02347384 _____ (ESET) C:\Users\JP\Downloads\esetsmartinstaller_enu.exe
2013-08-06 19:57 - 2013-08-06 19:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\JP\Desktop\HijackThis.exe
2013-08-06 19:56 - 2013-08-06 19:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\JP\Downloads\HijackThis.exe
2013-08-06 19:55 - 2013-08-06 19:55 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-06 19:55 - 2013-04-03 21:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-08-06 19:53 - 2013-08-06 19:53 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\JP\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-06 19:44 - 2013-08-06 19:44 - 00002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-06 19:44 - 2013-08-06 19:44 - 00000000 ____D C:\Program Files\CCleaner
2013-08-06 19:43 - 2013-08-06 19:44 - 04429440 _____ (Piriform Ltd) C:\Users\JP\Downloads\ccsetup404.exe
2013-08-06 19:42 - 2013-08-06 19:43 - 00000000 ____D C:\Users\JP\AppData\Roaming\Foxit Software
2013-08-06 19:42 - 2013-08-06 19:42 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-08-06 19:42 - 2013-06-09 04:59 - 00216064 _____ C:\Windows\SysWOW64\gcapi_dll.dll
2013-08-06 19:41 - 2013-08-06 19:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-06 19:41 - 2013-08-06 19:40 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-06 19:41 - 2013-08-06 19:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-06 19:41 - 2013-08-06 19:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-06 19:39 - 2013-08-06 19:39 - 29966088 _____ (Foxit Corporation                                           ) C:\Users\JP\Downloads\FoxitReader606.0722_enu_Setup.exe
2013-08-06 19:39 - 2013-08-06 19:39 - 00903080 _____ (Oracle Corporation) C:\Users\JP\Downloads\chromeinstall-7u25.exe
2013-08-06 19:21 - 2013-08-06 19:21 - 00001268 _____ C:\Users\JP\Desktop\Revo Uninstaller.lnk
2013-08-06 19:21 - 2013-08-06 19:21 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-06 19:18 - 2013-08-06 19:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JP\Downloads\revosetup.exe
2013-08-06 15:54 - 2013-08-06 15:54 - 00000000 ____D C:\ProgramData\LockHunter
2013-08-06 15:53 - 2013-08-06 15:54 - 01563024 _____ (Crystal Rich, Ltd                                           ) C:\Users\JP\Downloads\lockhuntersetup64_2-0-beta2.exe
2013-08-06 15:47 - 2013-08-06 15:47 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\JP\Downloads\JRT (1).exe
2013-08-06 15:40 - 2013-08-06 15:40 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 15:40 - 2013-08-06 15:39 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\JP\Desktop\JRT.exe
2013-08-06 15:39 - 2013-08-06 15:39 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\JP\Downloads\JRT.exe
2013-08-06 15:35 - 2013-08-06 15:36 - 00003315 _____ C:\AdwCleaner[S1].txt
2013-08-06 15:35 - 2013-08-06 15:34 - 00666633 _____ C:\Users\JP\Desktop\AdwCleaner.exe
2013-08-06 15:34 - 2013-08-06 15:34 - 00666633 _____ C:\Users\JP\Downloads\AdwCleaner.exe
2013-08-06 03:56 - 2013-08-07 15:46 - 00000000 ____D C:\Windows\erdnt
2013-08-06 00:08 - 2013-08-06 23:23 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:08 - 2013-08-06 02:09 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-05 19:38 - 2013-08-05 21:26 - 00000000 ____D C:\Users\JP\AppData\Local\NPE
2013-08-05 19:38 - 2013-08-05 19:38 - 00000000 ____D C:\ProgramData\Norton
2013-08-05 18:19 - 2013-08-05 18:19 - 00000000 ____D C:\Program Files\Bitdefender
2013-08-05 18:18 - 2013-08-05 18:19 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-05 18:17 - 2013-08-05 18:18 - 00000000 ____D C:\Users\JP\AppData\Roaming\QuickScan
2013-08-05 05:00 - 2013-08-05 05:00 - 00000000 ____D C:\Users\JP\AppData\Roaming\TuneUp Software
2013-08-05 05:00 - 2013-08-05 05:00 - 00000000 ____D C:\Users\JP\AppData\Roaming\AVG2013
2013-08-05 04:58 - 2013-08-06 23:23 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-05 04:54 - 2013-08-06 08:51 - 00000000 ____D C:\ProgramData\MFAData
2013-08-05 04:54 - 2013-08-05 14:31 - 00000000 ____D C:\Users\JP\AppData\Local\Avg2013
2013-08-05 04:54 - 2013-08-05 04:54 - 00000000 ____D C:\Users\JP\AppData\Local\MFAData
2013-08-05 04:35 - 2013-08-05 04:35 - 00000745 _____ C:\Users\JP\Downloads\xp_exe_fix.zip
2013-08-05 02:37 - 2013-08-06 19:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 02:37 - 2013-08-05 02:37 - 00000000 ____D C:\Users\JP\AppData\Roaming\Malwarebytes
2013-08-05 02:37 - 2013-08-05 02:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-03 00:37 - 2013-08-05 04:19 - 00000000 ____D C:\Users\JP\AppData\Local\Flvto Youtube Downloader
2013-08-02 20:23 - 2013-08-06 15:54 - 00000000 ____D C:\Program Files\LockHunter
2013-08-02 20:23 - 2013-08-02 20:23 - 00000000 ____D C:\Users\JP\AppData\Roaming\LockHunter
2013-07-11 02:07 - 2013-07-11 02:07 - 02351064 _____ C:\Users\JP\Downloads\Churchill-Iii.TheAgeOfRevolution_.epub
2013-07-11 02:07 - 2013-07-11 02:07 - 01954055 _____ C:\Users\JP\Downloads\Churchill-I.Birth_of_britain.epub
2013-07-11 02:07 - 2013-07-11 02:07 - 01744492 _____ C:\Users\JP\Downloads\Churchill-Iv.The_great_democracies.epub
2013-07-11 02:07 - 2013-07-11 02:07 - 01406978 _____ C:\Users\JP\Downloads\Churchill-Ii.The_new_world.epub
2013-07-11 01:59 - 2013-07-11 01:59 - 04843323 _____ C:\Users\JP\Downloads\pg3090.mobi
2013-07-11 01:25 - 2013-07-11 01:25 - 00000000 ____D C:\Users\JP\Downloads\JK
2013-07-11 01:24 - 2013-07-11 01:24 - 00982512 _____ C:\Users\JP\Downloads\JK.zip
121
 
==================== One Month Modified Files and Folders =======
 
2013-08-07 19:55 - 2013-08-07 19:54 - 01790059 _____ (Farbar) C:\Users\JP\Downloads\FRST64 (1).exe
2013-08-07 19:55 - 2013-02-13 01:10 - 00327680 _____ C:\Windows\System32\Ikeext.etl
2013-08-07 19:54 - 2009-07-13 21:13 - 00782154 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-07 19:23 - 2013-08-07 19:23 - 00000029 _____ C:\Users\JP\Downloads\fixlist.txt
2013-08-07 18:51 - 2013-08-07 18:51 - 00049788 _____ C:\Users\JP\Downloads\FRST.txt
2013-08-07 18:51 - 2013-08-07 18:51 - 00021701 _____ C:\Users\JP\Downloads\Addition.txt
2013-08-07 18:50 - 2013-08-07 18:50 - 00000000 ____D C:\FRST
2013-08-07 18:49 - 2013-08-07 19:23 - 01790059 _____ (Farbar) C:\Users\JP\Desktop\FRST64.exe
2013-08-07 18:49 - 2013-08-07 18:49 - 01790059 _____ (Farbar) C:\Users\JP\Downloads\FRST64.exe
2013-08-07 18:39 - 2011-12-24 06:46 - 00279089 _____ C:\Windows\System32\fastboot.set
2013-08-07 18:30 - 2013-08-07 15:36 - 00000336 _____ C:\Windows\setupact.log
2013-08-07 18:30 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-07 18:28 - 2011-12-24 05:55 - 01183631 _____ C:\Windows\WindowsUpdate.log
2013-08-07 16:17 - 2013-08-07 16:17 - 00201728 _____ (OldTimer Tools) C:\Users\JP\Downloads\OTC.exe
2013-08-07 16:07 - 2013-08-07 15:47 - 00002920 _____ C:\Windows\PFRO.log
2013-08-07 15:48 - 2011-12-24 06:41 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-07 15:47 - 2012-06-14 08:20 - 00000000 ____D C:\Users\JP\AppData\Roaming\DMCache
2013-08-07 15:46 - 2013-08-06 03:56 - 00000000 ____D C:\Windows\erdnt
2013-08-07 15:43 - 2011-12-24 06:41 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-07 15:36 - 2013-08-07 15:36 - 00000000 _____ C:\Windows\setuperr.log
2013-08-07 15:36 - 2013-02-09 23:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-07 15:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-08-07 05:57 - 2012-06-14 08:38 - 00000000 ____D C:\Users\JP\AppData\Roaming\vlc
2013-08-07 04:17 - 2012-06-14 08:20 - 00000000 ____D C:\Users\JP\Downloads\Video
2013-08-07 04:17 - 2012-06-14 08:20 - 00000000 ____D C:\Users\JP\AppData\Roaming\IDM
2013-08-07 00:30 - 2012-08-19 03:29 - 00000000 ____D C:\Users\JP\AppData\Roaming\Media Player Classic
2013-08-06 23:25 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-08-06 23:23 - 2013-08-06 00:08 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 23:23 - 2013-08-05 04:58 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-06 23:23 - 2013-04-03 15:47 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2013-08-06 23:23 - 2013-03-25 05:10 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-06 23:23 - 2013-03-08 04:45 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-06 23:23 - 2013-02-10 07:53 - 00000000 ____D C:\Users\JP\AppData\Local\FlvtoConverter
2013-08-06 23:23 - 2012-12-06 04:24 - 00000000 ____D C:\Program Files (x86)\Hostless Modem
2013-08-06 23:23 - 2012-08-06 01:55 - 00000000 ____D C:\ProgramData\Energy Management
2013-08-06 23:23 - 2012-07-17 09:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-06 23:23 - 2012-07-03 09:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-06 23:23 - 2012-07-03 09:21 - 00000000 ____D C:\Program Files\Bonjour
2013-08-06 23:23 - 2012-07-03 09:21 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-06 23:23 - 2012-06-14 10:18 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2013-08-06 23:23 - 2012-06-14 08:20 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-08-06 23:23 - 2012-06-14 07:32 - 00000000 ____D C:\Users\JP\AppData\Local\BioExcess
2013-08-06 23:23 - 2011-12-24 06:35 - 00000000 ____D C:\ProgramData\Port Locker
2013-08-06 23:23 - 2011-12-24 06:34 - 00000000 ____D C:\Program Files (x86)\EgisTec Port Locker
2013-08-06 23:23 - 2011-12-24 06:30 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-08-06 23:23 - 2011-12-24 06:30 - 00000000 ____D C:\Program Files (x86)\EgisTec BioExcess
2013-08-06 23:23 - 2011-12-24 06:24 - 00000000 ____D C:\Program Files (x86)\USB Camera
2013-08-06 23:23 - 2011-12-24 06:13 - 00000000 ____D C:\Program Files\Elantech
2013-08-06 23:23 - 2011-12-24 06:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-06 23:23 - 2011-12-24 06:06 - 00000000 ____D C:\ProgramData\Intel
2013-08-06 23:23 - 2011-12-24 06:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-06 23:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-06 23:22 - 2010-11-20 23:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-08-06 23:22 - 2010-11-20 23:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-08-06 23:22 - 2010-11-20 23:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-08-06 23:22 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2013-08-06 23:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Web
2013-08-06 23:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Vss
2013-08-06 23:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2013-08-06 23:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2013-08-06 23:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-08-06 23:21 - 2012-06-14 08:58 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-08-06 23:21 - 2012-06-14 08:58 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-08-06 23:21 - 2010-11-20 23:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-08-06 23:21 - 2010-11-20 23:06 - 00000000 ____D C:\Windows\System32\winrm
2013-08-06 23:21 - 2010-11-20 23:06 - 00000000 ____D C:\Windows\System32\WCN
2013-08-06 23:21 - 2010-11-20 23:06 - 00000000 ____D C:\Windows\System32\slmgr
2013-08-06 23:21 - 2010-11-20 23:06 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-08-06 23:21 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2013-08-06 23:21 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spool
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Speech
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\SMI
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NetworkList
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\MUI
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Msdtc
2013-08-06 23:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-08-06 23:20 - 2013-02-09 23:19 - 00000000 ____D C:\Windows\System32\Macromed
2013-08-06 23:20 - 2013-02-09 03:15 - 00000000 ____D C:\Users\JP\Downloads\Antichamber
2013-08-06 23:20 - 2012-10-12 18:41 - 00000000 ____D C:\Users\JP\AppData\Roaming\PunkBuster
2013-08-06 23:20 - 2012-08-23 02:12 - 00000000 ____D C:\Users\JP\Documents\iPhone backups
2013-08-06 23:20 - 2012-07-20 00:02 - 00000000 ____D C:\Users\JP\AppData\Roaming\Skype
2013-08-06 23:20 - 2012-07-17 09:16 - 00000000 ____D C:\Users\JP\AppData\Roaming\Mozilla
2013-08-06 23:20 - 2012-07-03 03:36 - 00000000 ____D C:\Users\JP\Documents\TRANSFER
2013-08-06 23:20 - 2012-06-22 01:35 - 00000000 ____D C:\Users\JP\AppData\Roaming\Ubisoft
2013-08-06 23:20 - 2012-06-18 00:12 - 00000000 ____D C:\Users\JP\Documents\My Games
2013-08-06 23:20 - 2012-06-14 12:08 - 00000000 ____D C:\Users\JP\AppData\Roaming\Red Alert 3
2013-08-06 23:20 - 2012-06-14 10:24 - 00000000 ____D C:\Users\JP\AppData\Roaming\Sun
2013-08-06 23:20 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Performance
2013-08-06 23:20 - 2009-07-13 20:45 - 00000000 ____D C:\Windows\Setup
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\IME
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Speech
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\schemas
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PLA
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Globalization
2013-08-06 23:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2013-08-06 23:19 - 2013-04-11 03:33 - 00000000 ____D C:\Users\JP\AppData\Local\OLYMPUS
2013-08-06 23:19 - 2013-03-08 04:45 - 00000000 ____D C:\ProgramData\DivX
2013-08-06 23:19 - 2013-02-10 07:52 - 00000000 ____D C:\Users\JP\AppData\Local\Flvto Converter
2013-08-06 23:19 - 2013-01-28 19:29 - 00000000 ____D C:\Users\JP\AppData\Local\Zachtronics Industries
2013-08-06 23:19 - 2012-12-18 08:02 - 00000000 ____D C:\sn0wbreeze
2013-08-06 23:19 - 2012-12-18 04:04 - 00000000 ____D C:\Users\JP\AppData\Local\Cranium_Consulting_and_Cu
2013-08-06 23:19 - 2012-10-07 07:46 - 00000000 ____D C:\Users\JP\AppData\Local\Macroplant_LLC
2013-08-06 23:19 - 2012-08-19 03:29 - 00000000 ____D C:\Program Files\MPC-HC
2013-08-06 23:19 - 2012-07-20 00:01 - 00000000 ____D C:\ProgramData\Skype
2013-08-06 23:19 - 2012-07-17 09:16 - 00000000 ____D C:\Users\JP\AppData\Local\Mozilla
2013-08-06 23:19 - 2012-07-03 09:22 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-06 23:19 - 2012-07-03 09:22 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2013-08-06 23:19 - 2012-07-03 09:21 - 00000000 ____D C:\ProgramData\Apple
2013-08-06 23:19 - 2012-07-03 08:51 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-06 23:19 - 2012-06-14 09:06 - 00000000 ____D C:\ProgramData\IObit
2013-08-06 23:19 - 2012-06-14 07:42 - 00000000 ____D C:\Users\JP\AppData\Roaming\Adobe
2013-08-06 23:19 - 2012-06-14 07:41 - 00000000 ____D C:\Users\JP\AppData\Local\Google
2013-08-06 23:19 - 2012-06-14 07:41 - 00000000 ____D C:\Users\JP\AppData\Local\CyberLink
2013-08-06 23:19 - 2012-06-14 07:41 - 00000000 ____D C:\ProgramData\CyberLink
2013-08-06 23:19 - 2011-12-24 06:44 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-08-06 23:19 - 2011-12-24 06:38 - 00000000 ____D C:\Program Files\Windows Live
2013-08-06 23:19 - 2011-12-24 06:31 - 00000000 ____D C:\ProgramData\McAfee
2013-08-06 23:19 - 2011-12-24 06:21 - 00000000 ____D C:\Program Files\Lenovo
2013-08-06 23:19 - 2011-12-24 06:12 - 00000000 ____D C:\Program Files\Realtek
2013-08-06 23:19 - 2011-12-24 06:07 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-06 23:19 - 2011-02-22 03:42 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-06 23:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-08-06 23:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-08-06 23:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-06 23:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-08-06 23:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\MSBuild
2013-08-06 23:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Microsoft Games
2013-08-06 23:19 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-08-06 23:19 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Windows NT
2013-08-06 23:18 - 2013-05-30 01:17 - 00000000 ____D C:\Program Files (x86)\Evernote
2013-08-06 23:18 - 2013-04-15 00:03 - 00000000 ____D C:\Program Files (x86)\Foldit
2013-08-06 23:18 - 2013-04-11 03:33 - 00000000 ____D C:\Program Files (x86)\OLYMPUS
2013-08-06 23:18 - 2013-03-30 09:38 - 00000000 ____D C:\Program Files\Adobe
2013-08-06 23:18 - 2013-03-08 04:46 - 00000000 ____D C:\Program Files\DivX
2013-08-06 23:18 - 2013-02-22 01:17 - 00000000 ____D C:\Program Files (x86)\Calibre2
2013-08-06 23:18 - 2013-01-28 19:28 - 00000000 ____D C:\Program Files (x86)\Zachtronics Industries
2013-08-06 23:18 - 2012-10-16 06:30 - 00000000 ____D C:\Program Files (x86)\Nitro PDF
2013-08-06 23:18 - 2012-08-23 01:58 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-06 23:18 - 2012-07-20 00:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-06 23:18 - 2012-07-03 09:22 - 00000000 ____D C:\Program Files\iTunes
2013-08-06 23:18 - 2012-07-03 09:22 - 00000000 ____D C:\Program Files\iPod
2013-08-06 23:18 - 2012-07-03 09:21 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-06 23:18 - 2012-07-03 09:21 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-06 23:18 - 2012-07-03 08:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-06 23:18 - 2012-07-03 08:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2013-08-06 23:18 - 2012-07-03 08:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-06 23:18 - 2012-07-03 08:50 - 00000000 ___RD C:\MSOCache
2013-08-06 23:18 - 2012-06-22 01:17 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-08-06 23:18 - 2012-06-20 14:01 - 00000000 ____D C:\Program Files\GetASFStream
2013-08-06 23:18 - 2012-06-18 00:12 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-08-06 23:18 - 2012-06-14 11:42 - 00000000 ____D C:\Program Files (x86)\Diablo II
2013-08-06 23:18 - 2012-06-14 11:32 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-08-06 23:18 - 2012-06-14 09:06 - 00000000 ____D C:\Program Files (x86)\IObit
2013-08-06 23:18 - 2012-06-14 08:43 - 00000000 ____D C:\Program Files (x86)\Clarus
2013-08-06 23:18 - 2012-06-14 08:37 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-08-06 23:18 - 2012-06-14 08:25 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-08-06 23:18 - 2011-12-24 06:45 - 00000000 ____D C:\Program Files\DIFX
2013-08-06 23:18 - 2011-12-24 06:41 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-06 23:18 - 2011-12-24 06:41 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-08-06 23:18 - 2011-12-24 06:39 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-08-06 23:18 - 2011-12-24 06:39 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-06 23:18 - 2011-12-24 06:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 23:18 - 2011-12-24 06:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-06 23:18 - 2011-12-24 06:30 - 00000000 ____D C:\Program Files\EgisTec IPS
2013-08-06 23:18 - 2011-12-24 06:20 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-08-06 23:18 - 2011-12-24 06:09 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-08-06 23:18 - 2011-12-24 06:05 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-08-06 23:18 - 2011-12-24 06:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-06 23:18 - 2011-12-24 06:03 - 00000000 ____D C:\Program Files (x86)\Intel
2013-08-06 23:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-08-06 23:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-08-06 23:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-06 23:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-08-06 23:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-06 23:18 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-06 23:18 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2013-08-06 23:18 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-06 23:18 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2013-08-06 21:46 - 2013-08-06 21:45 - 02347384 _____ (ESET) C:\Users\JP\Downloads\esetsmartinstaller_enu.exe
2013-08-06 20:45 - 2011-12-24 06:41 - 00002183 _____ C:\Users\Public\Desktop\Internet Browser.lnk
2013-08-06 19:56 - 2013-08-06 19:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\JP\Desktop\HijackThis.exe
2013-08-06 19:56 - 2013-08-06 19:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\JP\Downloads\HijackThis.exe
2013-08-06 19:55 - 2013-08-06 19:55 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-06 19:55 - 2013-08-05 02:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-06 19:53 - 2013-08-06 19:53 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\JP\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-06 19:49 - 2012-06-14 11:31 - 00000000 ____D C:\Users\JP\AppData\Roaming\DAEMON Tools Lite
2013-08-06 19:48 - 2012-08-05 08:47 - 00000000 ____D C:\Windows\Minidump
2013-08-06 19:48 - 2011-02-22 03:19 - 00000000 ____D C:\Windows\Panther
2013-08-06 19:44 - 2013-08-06 19:44 - 00002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-06 19:44 - 2013-08-06 19:44 - 00000000 ____D C:\Program Files\CCleaner
2013-08-06 19:44 - 2013-08-06 19:43 - 04429440 _____ (Piriform Ltd) C:\Users\JP\Downloads\ccsetup404.exe
2013-08-06 19:43 - 2013-08-06 19:42 - 00000000 ____D C:\Users\JP\AppData\Roaming\Foxit Software
2013-08-06 19:42 - 2013-08-06 19:42 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-08-06 19:41 - 2013-08-06 19:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-06 19:40 - 2013-08-06 19:41 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-06 19:40 - 2013-08-06 19:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-06 19:40 - 2013-08-06 19:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-06 19:40 - 2012-07-03 13:29 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-06 19:40 - 2012-07-03 13:29 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-06 19:40 - 2012-06-14 10:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-06 19:39 - 2013-08-06 19:39 - 29966088 _____ (Foxit Corporation                                           ) C:\Users\JP\Downloads\FoxitReader606.0722_enu_Setup.exe
2013-08-06 19:39 - 2013-08-06 19:39 - 00903080 _____ (Oracle Corporation) C:\Users\JP\Downloads\chromeinstall-7u25.exe
2013-08-06 19:30 - 2013-02-26 05:59 - 00000000 ____D C:\ProgramData\eMule
2013-08-06 19:29 - 2012-07-03 08:30 - 00000000 ____D C:\ProgramData\Adobe
2013-08-06 19:28 - 2012-06-15 00:10 - 00000000 ____D C:\Users\JP\AppData\Roaming\uTorrent
2013-08-06 19:21 - 2013-08-06 19:21 - 00001268 _____ C:\Users\JP\Desktop\Revo Uninstaller.lnk
2013-08-06 19:21 - 2013-08-06 19:21 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-06 19:18 - 2013-08-06 19:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JP\Downloads\revosetup.exe
2013-08-06 18:39 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-08-06 18:28 - 2013-04-16 03:09 - 00000000 ___RD C:\Users\JP\SkyDrive
2013-08-06 17:40 - 2009-07-13 20:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 17:40 - 2009-07-13 20:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 17:28 - 2009-07-13 18:34 - 64225280 _____ C:\Windows\System32\config\software.bak
2013-08-06 17:28 - 2009-07-13 18:34 - 26738688 _____ C:\Windows\System32\config\system.bak
2013-08-06 17:28 - 2009-07-13 18:34 - 00524288 _____ C:\Windows\System32\config\default.bak
2013-08-06 17:28 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\security.bak
2013-08-06 17:28 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\sam.bak
2013-08-06 15:54 - 2013-08-06 15:54 - 00000000 ____D C:\ProgramData\LockHunter
2013-08-06 15:54 - 2013-08-06 15:53 - 01563024 _____ (Crystal Rich, Ltd                                           ) C:\Users\JP\Downloads\lockhuntersetup64_2-0-beta2.exe
2013-08-06 15:54 - 2013-08-02 20:23 - 00000000 ____D C:\Program Files\LockHunter
2013-08-06 15:47 - 2013-08-06 15:47 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\JP\Downloads\JRT (1).exe
2013-08-06 15:42 - 2013-06-08 17:08 - 00001904 _____ C:\Users\JP\Desktop\Dashlane.lnk
2013-08-06 15:42 - 2013-06-08 17:02 - 00000000 ____D C:\Users\JP\AppData\Roaming\Dashlane
2013-08-06 15:40 - 2013-08-06 15:40 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 15:39 - 2013-08-06 15:40 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\JP\Desktop\JRT.exe
2013-08-06 15:39 - 2013-08-06 15:39 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\JP\Downloads\JRT.exe
2013-08-06 15:36 - 2013-08-06 15:35 - 00003315 _____ C:\AdwCleaner[S1].txt
2013-08-06 15:34 - 2013-08-06 15:35 - 00666633 _____ C:\Users\JP\Desktop\AdwCleaner.exe
2013-08-06 15:34 - 2013-08-06 15:34 - 00666633 _____ C:\Users\JP\Downloads\AdwCleaner.exe
2013-08-06 08:51 - 2013-08-05 04:54 - 00000000 ____D C:\ProgramData\MFAData
2013-08-06 06:31 - 2012-06-14 07:30 - 00000000 ____D C:\users\JP
2013-08-06 02:09 - 2013-08-06 00:08 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-05 21:26 - 2013-08-05 19:38 - 00000000 ____D C:\Users\JP\AppData\Local\NPE
2013-08-05 19:38 - 2013-08-05 19:38 - 00000000 ____D C:\ProgramData\Norton
2013-08-05 18:19 - 2013-08-05 18:19 - 00000000 ____D C:\Program Files\Bitdefender
2013-08-05 18:19 - 2013-08-05 18:18 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-08-05 18:18 - 2013-08-05 18:17 - 00000000 ____D C:\Users\JP\AppData\Roaming\QuickScan
2013-08-05 14:31 - 2013-08-05 04:54 - 00000000 ____D C:\Users\JP\AppData\Local\Avg2013
2013-08-05 05:00 - 2013-08-05 05:00 - 00000000 ____D C:\Users\JP\AppData\Roaming\TuneUp Software
2013-08-05 05:00 - 2013-08-05 05:00 - 00000000 ____D C:\Users\JP\AppData\Roaming\AVG2013
2013-08-05 04:54 - 2013-08-05 04:54 - 00000000 ____D C:\Users\JP\AppData\Local\MFAData
2013-08-05 04:35 - 2013-08-05 04:35 - 00000745 _____ C:\Users\JP\Downloads\xp_exe_fix.zip
2013-08-05 04:19 - 2013-08-03 00:37 - 00000000 ____D C:\Users\JP\AppData\Local\Flvto Youtube Downloader
2013-08-05 02:37 - 2013-08-05 02:37 - 00000000 ____D C:\Users\JP\AppData\Roaming\Malwarebytes
2013-08-05 02:37 - 2013-08-05 02:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-02 20:23 - 2013-08-02 20:23 - 00000000 ____D C:\Users\JP\AppData\Roaming\LockHunter
2013-07-19 16:13 - 2009-07-13 21:38 - 00067584 ____S C:\Windows\bootstat(550).dat
2013-07-15 18:38 - 2011-12-24 06:41 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 18:38 - 2011-12-24 06:41 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-11 02:38 - 2013-02-22 01:18 - 00000000 ____D C:\Users\JP\Documents\Calibre Library
2013-07-11 02:07 - 2013-07-11 02:07 - 02351064 _____ C:\Users\JP\Downloads\Churchill-Iii.TheAgeOfRevolution_.epub
2013-07-11 02:07 - 2013-07-11 02:07 - 01954055 _____ C:\Users\JP\Downloads\Churchill-I.Birth_of_britain.epub
2013-07-11 02:07 - 2013-07-11 02:07 - 01744492 _____ C:\Users\JP\Downloads\Churchill-Iv.The_great_democracies.epub
2013-07-11 02:07 - 2013-07-11 02:07 - 01406978 _____ C:\Users\JP\Downloads\Churchill-Ii.The_new_world.epub
2013-07-11 01:59 - 2013-07-11 01:59 - 04843323 _____ C:\Users\JP\Downloads\pg3090.mobi
2013-07-11 01:25 - 2013-07-11 01:25 - 00000000 ____D C:\Users\JP\Downloads\JK
2013-07-11 01:24 - 2013-07-11 01:24 - 00982512 _____ C:\Users\JP\Downloads\JK.zip
 
Files to move or delete:
====================
C:\ProgramData\QuickTimeInstaller.exe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4010.14 MB
Available physical RAM: 3390.02 MB
Total Pagefile: 4008.34 MB
Available Pagefile: 3386.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:654.69 GB) (Free:275.09 GB) NTFS (Disk=0 Partition=2)
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.69 GB) NTFS (Disk=0 Partition=4)
Drive g: () (Removable) (Total:7.45 GB) (Free:3.72 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.15 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E8393456)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=655 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 682A361C)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)
 
 
LastRegBack: 2013-08-02 02:58
 
==================== End Of Log ============================


#22 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 AM

Posted 07 August 2013 - 11:11 PM



Hello Cetadon



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
LastRegBack: 2013-08-02 02:58
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#23 Cetadon

Cetadon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 07 August 2013 - 11:48 PM

And we're back! All is looking well.

 

Thanks for sticking with me.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-08-2013

Ran by SYSTEM at 2013-08-08 13:41:30 Run:3
Running from G:\
Boot Mode: Recovery
==============================================
 
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
 
==== End of Fixlog ====


#24 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 AM

Posted 08 August 2013 - 12:13 AM

OK check things over for a day and let me know how things are


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#25 Cetadon

Cetadon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 11 August 2013 - 03:47 AM

Hi Gringo,

 

Everything seems to be working perfectly.

 

Thanks again for all your effort. You're awesome.



#26 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 AM

Posted 11 August 2013 - 10:38 AM

You are more than welcome and glad I was able to help


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#27 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 AM

Posted 14 August 2013 - 09:31 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users