Jump to content

freakstyle

Honorary Members
 View Profile  See their activity

  • Posts

    58

  • Joined

  • Last visited

 Content Type 

Everything posted by freakstyle

  1. freakstyle
    You can close it as of the moment. I'll PM you back when im ready. I'm having issues.
  2. freakstyle
    ok. please dont close this topic. as of the moment im having a hard time of finding my flashdrive.
  3. freakstyle
    or a bootable USB?
  4. freakstyle
    i mean virtual clone drive?
  5. freakstyle
    can i use a virtual disk instead?
  6. freakstyle
    yes I ran fixdamage and yes I rebooted MiniToolBox by Farbar Version: 06-07-2014Ran by asus (administrator) on 19-07-2014 at 12:37:05Running from "C:\Users\asus\Downloads"Microsoft Windows 7 Ultimate Service Pack 1 (X64)Boot Mode: Normal*************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled.No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset.========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Atheros AR9002WB-1NG Wireless Network Adapter = Wireless Network Connection (Connected)VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected) # ----------------------------------# IPv4 Configuration# ----------------------------------pushd interface ipv4 resetset global icmpredirects=enabledadd address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0 popd# End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : asus-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : domain.name Ethernet adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter #2 Physical Address. . . . . . . . . : 00-FF-71-33-12-CC DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter Physical Address. . . . . . . . . : 00-FF-E3-F8-EC-DC DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : 74-2F-68-A0-54-21 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : domain.name Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter Physical Address. . . . . . . . . : 74-2F-68-9F-B9-C9 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::bc17:7caf:a59e:2c1a%12(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Saturday, July 19, 2014 12:32:30 PM Lease Expires . . . . . . . . . . : Sunday, July 20, 2014 12:32:30 PM Default Gateway . . . . . . . . . : fe80::9261:cff:fe19:823d%12 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 309604200 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-08-B5-42-50-46-5D-E7-0F-90 DNS Servers . . . . . . . . . . . : 8.8.8.8 8.8.4.4 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 50-46-5D-E7-0F-90 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter VirtualBox Host-Only Network: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter Physical Address. . . . . . . . . : 08-00-27-00-80-D5 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::6854:9ccb:178a:7a54%18(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 638058535 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-08-B5-42-50-46-5D-E7-0F-90 DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{2DE387AB-5002-4B7B-9E5F-E6379D2A5211}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.domain.name: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : domain.name Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{E3F8ECDC-7CB3-443B-822C-F521EC1CCEF6}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{7D5E7FC1-3AC5-4FF8-B022-9445B871EA1F}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{713312CC-7852-4F17-9C7F-4B1400CDC434}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{FDC214AC-C951-4BC8-BC41-140DF442D7C1}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : YesServer: google-public-dns-a.google.comAddress: 8.8.8.8 Name: google.comAddresses: 2404:6800:4004:800::1006 173.194.126.163 173.194.126.168 173.194.126.165 173.194.126.167 173.194.126.169 173.194.126.160 173.194.126.174 173.194.126.161 173.194.126.162 173.194.126.166 173.194.126.164 Pinging google.com [173.194.38.78] with 32 bytes of data:Request timed out.Request timed out. Ping statistics for 173.194.38.78: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),DNS request timed out. timeout was 2 seconds.Server: UnKnownAddress: 8.8.8.8 Name: yahoo.comAddresses: 98.139.183.24 98.138.253.109 206.190.36.45 Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=432ms TTL=50Reply from 98.139.183.24: bytes=32 time=1306ms TTL=50 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 432ms, Maximum = 1306ms, Average = 869ms Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================Interface List 17...00 ff 71 33 12 cc ......Anchorfree HSS VPN Adapter #2 16...00 ff e3 f8 ec dc ......Anchorfree HSS VPN Adapter 13...74 2f 68 a0 54 21 ......Bluetooth Device (Personal Area Network) 12...74 2f 68 9f b9 c9 ......Atheros AR9002WB-1NG Wireless Network Adapter 11...50 46 5d e7 0f 90 ......Realtek PCIe GBE Family Controller 18...08 00 27 00 80 d5 ......VirtualBox Host-Only Ethernet Adapter 1...........................Software Loopback Interface 1 28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6=========================================================================== IPv4 Route Table===========================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.8 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 169.254.0.0 255.255.0.0 On-link 192.168.56.1 30 169.254.255.255 255.255.255.255 On-link 192.168.56.1 276 192.168.1.0 255.255.255.0 On-link 192.168.1.8 281 192.168.1.8 255.255.255.255 On-link 192.168.1.8 281 192.168.1.255 255.255.255.255 On-link 192.168.1.8 281 192.168.56.0 255.255.255.0 On-link 192.168.56.1 276 192.168.56.1 255.255.255.255 On-link 192.168.56.1 276 192.168.56.255 255.255.255.255 On-link 192.168.56.1 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.56.1 276 224.0.0.0 240.0.0.0 On-link 192.168.1.8 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.56.1 276 255.255.255.255 255.255.255.255 On-link 192.168.1.8 281===========================================================================Persistent Routes: None IPv6 Route Table===========================================================================Active Routes: If Metric Network Destination Gateway 12 281 ::/0 fe80::9261:cff:fe19:823d 1 306 ::1/128 On-link 18 276 fe80::/64 On-link 12 281 fe80::/64 On-link 18 276 fe80::6854:9ccb:178a:7a54/128 On-link 12 281 fe80::bc17:7caf:a59e:2c1a/128 On-link 1 306 ff00::/8 On-link 18 276 ff00::/8 On-link 12 281 ff00::/8 On-link===========================================================================Persistent Routes: None========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors:==================Error: (07/19/2014 00:34:05 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/19/2014 00:32:47 PM) (Source: Winlogon) (User: )Description: Windows license activation failed. Error 0x80070005. Error: (07/18/2014 09:06:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: 12029 (0x2efd). Error: (07/18/2014 08:41:39 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2014 08:40:19 PM) (Source: Winlogon) (User: )Description: Windows license activation failed. Error 0x80070005. Error: (07/18/2014 08:25:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: This network connection does not exist. . Error: (07/18/2014 08:25:11 PM) (Source: Microsoft-Windows-CAPI2) (User: )Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: 12029 (0x2efd). Error: (07/18/2014 05:43:23 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2014 05:41:56 PM) (Source: Winlogon) (User: )Description: Windows license activation failed. Error 0x80070005. Error: (07/18/2014 04:00:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: 12029 (0x2efd). System errors:=============Error: (07/18/2014 09:00:31 PM) (Source: Service Control Manager) (User: )Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (07/18/2014 09:00:31 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (07/18/2014 05:53:21 PM) (Source: DCOM) (User: )Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} Error: (07/18/2014 05:41:43 PM) (Source: EventLog) (User: )Description: The previous system shutdown at 5:39:22 PM on ‎7/‎18/‎2014 was unexpected. Error: (07/18/2014 03:58:35 PM) (Source: Microsoft-Windows-Eventlog) (User: NT AUTHORITY)Description: The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-LanguagePackSetup/Operational. Error: (07/17/2014 08:27:08 PM) (Source: DCOM) (User: asus-PC)Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}asus-PCGuestS-1-5-21-1210325367-195732664-3179361299-501LocalHost (Using LRPC) Error: (07/17/2014 00:54:24 PM) (Source: DCOM) (User: )Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} Error: (07/17/2014 00:41:07 PM) (Source: Service Control Manager) (User: )Description: The Network List Service service failed to start due to the following error: %%1069 Error: (07/17/2014 00:41:07 PM) (Source: Service Control Manager) (User: )Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (07/17/2014 00:41:07 PM) (Source: Service Control Manager) (User: )Description: The Human Interface Device Access service failed to start due to the following error: %%1115 Microsoft Office Sessions:=========================Error: (07/19/2014 00:34:05 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/19/2014 00:32:47 PM) (Source: Winlogon)(User: )Description: 0x800700050x00000000 Error: (07/18/2014 09:06:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12029 (0x2efd) Error: (07/18/2014 08:41:39 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2014 08:40:19 PM) (Source: Winlogon)(User: )Description: 0x800700050x00000000 Error: (07/18/2014 08:25:20 PM) (Source: Microsoft-Windows-CAPI2)(User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist. Error: (07/18/2014 08:25:11 PM) (Source: Microsoft-Windows-CAPI2)(User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12029 (0x2efd) Error: (07/18/2014 05:43:23 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2014 05:41:56 PM) (Source: Winlogon)(User: )Description: 0x800700050x00000000 Error: (07/18/2014 04:00:55 PM) (Source: Microsoft-Windows-CAPI2)(User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12029 (0x2efd) CodeIntegrity Errors:=================================== Date: 2014-07-10 19:20:57.012 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-10 19:20:56.996 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31227 - BitTorrent Inc.)Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) HiddenAdobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) HiddenAdobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) HiddenAdobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) HiddenAdobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) HiddenAdobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) HiddenAdobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) HiddenAdobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) HiddenAdobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) HiddenAdobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) HiddenAdobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdvertising Center (x32 Version: 0.0.0.1 - Nero AG) HiddenAsmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)Cisco Packet Tracer 5.3.3 (HKLM-x32\...\Cisco Packet Tracer 5.3.3_is1) (Version: - Cisco Systems, Inc.)CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Common (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - EN (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.661 - Corel Corporation)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)CyberLink YouCam 5 (x32 Version: 5.0.0909 - CyberLink Corp.) HiddenDolbyFiles (x32 Version: 0.1 - Nero AG) HiddenDota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) HiddenGreenshot 1.1.9.13 (HKLM\...\Greenshot_is1) (Version: 1.1.9.13 - Greenshot)ImagXpress (x32 Version: 7.0.74.0 - Nero AG) HiddenIntel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)K-Lite Mega Codec Pack 10.4.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.5 - )Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)Movie Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) HiddenMozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) HiddenNero 9 Essentials (HKLM-x32\...\{1d54a3c6-3b28-4cbc-bec7-cd67fe438563}) (Version: - Nero AG)Nero BurnRights (x32 Version: 3.4.11.100 - Nero AG) HiddenNero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) HiddenNero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) HiddenNero CoverDesigner (x32 Version: 4.4.9.100 - Nero AG) HiddenNero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) HiddenNero DiscSpeed (x32 Version: 5.4.11.100 - Nero AG) HiddenNero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) HiddenNero DriveSpeed (x32 Version: 4.4.11.100 - Nero AG) HiddenNero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) HiddenNero Express Help (x32 Version: 9.6.2.101 - Nero AG) HiddenNero InfoTool (x32 Version: 6.4.11.100 - Nero AG) HiddenNero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) HiddenNero Installer (x32 Version: 4.4.9.0 - Nero AG) HiddenNero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) HiddenNero ShowTime (x32 Version: 5.4.0.100 - Nero AG) HiddenNero ShowTime (x32 Version: 5.4.13.100 - Nero AG) HiddenNero StartSmart (x32 Version: 9.4.12.100 - Nero AG) HiddenNero StartSmart Help (x32 Version: 9.4.12.100 - Nero AG) HiddenNero Vision (x32 Version: 6.4.12.100 - Nero AG) HiddenNero Vision Help (x32 Version: 6.4.8.100 - Nero AG) HiddenNeroExpress (x32 Version: 9.4.17.100 - Nero AG) Hiddenneroxml (x32 Version: 1.0.0 - Nero AG) HiddenNotepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) HiddenNVIDIA Optimus 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) HiddenNVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) HiddenOracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenproDAD Mercalli 3.0 (64bit) (HKLM\...\proDAD-Mercalli-3.0) (Version: 3.0.215.1 - proDAD GmbH)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)Recover My Files (HKLM-x32\...\Recover My Files v5_is1) (Version: 5.2.1.1964 - GetData Pty Ltd)RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044.14 - Samsung Electronics Co., Ltd.)Samsung Kies (x32 Version: 2.6.3.14044.14 - Samsung Electronics Co., Ltd.) HiddenSAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)Skype™ 6.7 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.1 - Synaptics Incorporated)System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)TP-LINK Wireless Client Utility (HKLM-x32\...\{C1EB6825-9339-4B18-99B0-C455B2288FF9}) (Version: 1.00.4323 - TP-LINK TECHNOLOGIES CO., LTD.)USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version: - Zbshareware Lab)Vegas Pro 10.0 (64-bit) (HKLM\...\{C616FD4F-11F5-11E0-A38F-0013D3D69929}) (Version: 10.0.470 - Sony)VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)Visual Basic for Applications ® Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) HiddenVisual Basic for Applications ® Core (x32 Version: 6.4.99.69 - Microsoft Corporation) HiddenVLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)WinRAR 5.10 beta 3 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)YTD Video Downloader 4.4 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.4 - GreenTree Applications SRL) ========================= Devices: ================================ Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ========================= Memory info: =================================== Percentage of memory in use: 48%Total physical RAM: 6054.63 MBAvailable physical RAM: 3118.67 MBTotal Pagefile: 12107.46 MBAvailable Pagefile: 8760.46 MBTotal Virtual: 4095.88 MBAvailable Virtual: 3976.32 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:195.21 GB) (Free:48.43 GB) NTFS2 Drive d: () (Fixed) (Total:270.45 GB) (Free:182.01 GB) NTFS ========================= Users: ======================================== User accounts for \\ASUS-PC Administrator asus Guest UpdatusUser ========================= Minidump Files ================================== No minidump file found **** End of log ****
  7. freakstyle
    no rootkits detected: Malwarebytes Anti-Rootkit BETA 1.07.0.1012www.malwarebytes.org Database version: v2014.07.18.04 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514asus :: ASUS-PC [administrator] 7/18/2014 8:19:21 PMmbar-log-2014-07-18 (20-19-21).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 371589Time elapsed: 12 minute(s), 13 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1012 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.195000 GHzMemory total: 6348742656, free: 3530526720 Downloaded database version: v2014.07.18.04Downloaded database version: v2014.07.17.01=======================================Initializing...Done!Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...Done!Drive 0This is a System driveScanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: F5BE972F Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 409395200 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409602048 Numsec = 567169024 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finished
  8. freakstyle
    but I always use the most updated java. I wont install java just yet. aaand. Taskmanager and Regedit is still disabled. it still only works every scan of combofix. but comes back to being disabled after every reboot.
  9. freakstyle
    by the way. can I redownload java now?
  10. freakstyle
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01 Ran by asus at 2014-07-17 12:46:22 Running from C:\Users\asus\Documents Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31227 - BitTorrent Inc.) Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated) Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications) CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform) Cisco Packet Tracer 5.3.3 (HKLM-x32\...\Cisco Packet Tracer 5.3.3_is1) (Version: - Cisco Systems, Inc.) CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.661 - Corel Corporation) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.) CyberLink YouCam 5 (x32 Version: 5.0.0909 - CyberLink Corp.) Hidden DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden Greenshot 1.1.9.13 (HKLM\...\Greenshot_is1) (Version: 1.1.9.13 - Greenshot) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation) K-Lite Mega Codec Pack 10.4.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.5 - ) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) Movie Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden Nero 9 Essentials (HKLM-x32\...\{1d54a3c6-3b28-4cbc-bec7-cd67fe438563}) (Version: - Nero AG) Nero BurnRights (x32 Version: 3.4.11.100 - Nero AG) Hidden Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden Nero CoverDesigner (x32 Version: 4.4.9.100 - Nero AG) Hidden Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden Nero DiscSpeed (x32 Version: 5.4.11.100 - Nero AG) Hidden Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden Nero DriveSpeed (x32 Version: 4.4.11.100 - Nero AG) Hidden Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden Nero InfoTool (x32 Version: 6.4.11.100 - Nero AG) Hidden Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.13.100 - Nero AG) Hidden Nero StartSmart (x32 Version: 9.4.12.100 - Nero AG) Hidden Nero StartSmart Help (x32 Version: 9.4.12.100 - Nero AG) Hidden Nero Vision (x32 Version: 6.4.12.100 - Nero AG) Hidden Nero Vision Help (x32 Version: 6.4.8.100 - Nero AG) Hidden NeroExpress (x32 Version: 9.4.17.100 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team) NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden NVIDIA Optimus 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation) PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden proDAD Mercalli 3.0 (64bit) (HKLM\...\proDAD-Mercalli-3.0) (Version: 3.0.215.1 - proDAD GmbH) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.) Recover My Files (HKLM-x32\...\Recover My Files v5_is1) (Version: 5.2.1.1964 - GetData Pty Ltd) RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044.14 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.14044.14 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.) Skype™ 6.7 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.) Spotify (HKCU\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.1 - Synaptics Incorporated) System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC) System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer) TP-LINK Wireless Client Utility (HKLM-x32\...\{C1EB6825-9339-4B18-99B0-C455B2288FF9}) (Version: 1.00.4323 - TP-LINK TECHNOLOGIES CO., LTD.) USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version: - Zbshareware Lab) Vegas Pro 10.0 (64-bit) (HKLM\...\{C616FD4F-11F5-11E0-A38F-0013D3D69929}) (Version: 10.0.470 - Sony) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) Visual Basic for Applications ® Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden Visual Basic for Applications ® Core (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation) WinRAR 5.10 beta 3 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) YTD Video Downloader 4.4 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.4 - GreenTree Applications SRL) ==================== Restore Points ========================= 06-07-2014 04:57:32 Installed DirectX 09-07-2014 23:57:38 Windows Update 13-07-2014 03:27:35 Removed BlueStacks Notification Center 13-07-2014 03:27:54 Removed BlueStacks Notification Center 13-07-2014 09:06:20 Windows Update 15-07-2014 09:26:26 Removed BlueStacks Notification Center 15-07-2014 09:45:51 Installed BlueStacks App Player 15-07-2014 10:17:23 Removed BlueStacks App Player 16-07-2014 08:13:25 Removed Java 7 Update 55 ==================== Hosts content: ========================== 2009-07-14 10:34 - 2014-07-10 19:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {DE58F856-F4A7-4F4A-9625-A9BBB0CC21D0} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS) Task: {EEB2D0C5-1880-469D-B779-A670B1146D6C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-18] (Piriform Ltd) ==================== Loaded Modules (whitelisted) ============= 2014-05-17 15:40 - 2013-11-11 23:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-05-12 17:49 - 2014-05-12 17:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2014-05-17 14:16 - 2011-03-04 17:40 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll 2014-05-17 14:13 - 2011-10-22 00:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-05-20 18:22 - 2014-06-27 22:47 - 00598072 _____ () C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyHelper.exe 2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-05-20 18:22 - 2014-06-27 22:47 - 36966968 _____ () C:\Users\asus\AppData\Roaming\Spotify\Data\libcef.dll 2014-06-03 18:39 - 2011-02-04 08:47 - 00522752 _____ () C:\Users\asus\AppData\Roaming\PhrozenSoft\PKLL\sqlite3.dll 2014-05-17 15:46 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll 2014-06-13 11:22 - 2014-06-05 21:58 - 00716616 _____ () C:\Users\asus\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll 2014-06-13 11:22 - 2014-06-05 21:58 - 00126280 _____ () C:\Users\asus\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll 2014-06-13 11:22 - 2014-06-05 21:58 - 04217672 _____ () C:\Users\asus\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-06-13 11:22 - 2014-06-05 21:58 - 00414536 _____ () C:\Users\asus\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-06-13 11:22 - 2014-06-05 21:58 - 01732424 _____ () C:\Users\asus\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll 2014-06-20 11:11 - 2009-01-05 14:54 - 00212992 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Client Utility\dot1x_dll.dll 2014-06-20 11:11 - 2009-01-05 14:54 - 00045056 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Client Utility\ZDWLAN.dll 2014-05-20 18:22 - 2014-06-27 22:47 - 00886840 _____ () C:\Users\asus\AppData\Roaming\Spotify\Data\libglesv2.dll 2014-05-20 18:22 - 2014-06-27 22:46 - 00108600 _____ () C:\Users\asus\AppData\Roaming\Spotify\Data\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/17/2014 00:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: 12029 (0x2efd). Error: (07/17/2014 00:46:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: 12029 (0x2efd). Error: (07/17/2014 00:43:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2014 00:42:15 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (07/17/2014 00:38:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: 12029 (0x2efd). Error: (07/17/2014 00:25:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: 12029 (0x2efd). Error: (07/17/2014 11:24:52 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2014 11:23:22 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (07/16/2014 09:06:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/16/2014 09:05:58 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. System errors: ============= Error: (07/17/2014 00:41:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Network List Service service failed to start due to the following error: %%1069 Error: (07/17/2014 00:41:07 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (07/17/2014 00:41:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Human Interface Device Access service failed to start due to the following error: %%1115 Error: (07/17/2014 00:41:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Portable Device Enumerator Service service failed to start due to the following error: %%1115 Error: (07/17/2014 00:41:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Diagnostic Service Host service failed to start due to the following error: %%1069 Error: (07/17/2014 00:41:07 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (07/17/2014 00:41:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Server service terminated with the following error: %%13 Error: (07/17/2014 00:41:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Network List Service service failed to start due to the following error: %%1069 Error: (07/17/2014 00:41:04 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: %%1352 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (07/17/2014 00:41:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: %%1069 Microsoft Office Sessions: ========================= Error: (07/17/2014 00:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12029 (0x2efd) Error: (07/17/2014 00:46:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12029 (0x2efd) Error: (07/17/2014 00:43:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2014 00:42:15 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (07/17/2014 00:38:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12029 (0x2efd) Error: (07/17/2014 00:25:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12029 (0x2efd) Error: (07/17/2014 11:24:52 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2014 11:23:22 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (07/16/2014 09:06:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/16/2014 09:05:58 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 CodeIntegrity Errors: =================================== Date: 2014-07-10 19:20:57.012 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-10 19:20:56.996 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 6054.63 MB Available physical RAM: 3041.48 MB Total Pagefile: 12107.46 MB Available Pagefile: 8721.52 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.21 GB) (Free:48.69 GB) NTFS Drive d: () (Fixed) (Total:270.45 GB) (Free:182.01 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F5BE972F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=270 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  11. freakstyle
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01 Ran by asus (administrator) on ASUS-PC on 17-07-2014 12:45:02 Running from C:\Users\asus\Documents Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Greenshot) C:\Program Files\Greenshot\Greenshot.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (Spotify Ltd) C:\Users\asus\AppData\Roaming\Spotify\spotify.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Spotify Ltd) C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (PhrozenSoft) C:\Users\asus\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe (Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe (Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe (Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (TP-LINK TECHNOLOGIES CO., LTD.) C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-04] (Synaptics Incorporated) HKLM\...\Run: [synAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-04] (Synaptics Incorporated) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor) HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2014-05-12] (Greenshot) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [uSB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [687336 2013-06-20] (Zbshareware Lab) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [ZDWlan.EXE] => C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE [491520 2009-01-14] (TP-LINK TECHNOLOGIES CO., LTD.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.) HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [spotify] => C:\Users\asus\AppData\Roaming\Spotify\Spotify.exe [6189624 2014-06-27] (Spotify Ltd) HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [spotify Web Helper] => C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-27] (Spotify Ltd) HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [Phrozen Mon_KP] => C:\Users\asus\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe [3282952 2013-09-14] (PhrozenSoft) HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D] => C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Policies\system: [DisableTaskMgr] 1 HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.) HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [spotify] => C:\Users\asus\AppData\Roaming\Spotify\Spotify.exe [6189624 2014-06-27] (Spotify Ltd) HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [spotify Web Helper] => C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-27] (Spotify Ltd) HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [Phrozen Keylogger Lite] => [X] AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{286E8104-AF52-4A20-B140-126F536CB219}: [NameServer]8.8.8.8,8.8.4.4 FireFox: ======== FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\asus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\asus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR HomePage: hxxp://google.com/ CHR StartupUrls: "hxxp://www.linkzb.com" CHR Extension: (Google Docs) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17] CHR Extension: (Google Drive) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (YouTube) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-17] CHR Extension: (Google Search) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-17] CHR Extension: (Rescroller) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod [2014-05-20] CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2014-05-20] CHR Extension: (AdBlock) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-20] CHR Extension: (Google Keep - notes and lists) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-05-20] CHR Extension: (Web Navigation) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja [2014-05-19] CHR Extension: (Twitch Now) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2014-05-20] CHR Extension: (Google Wallet) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-19] CHR Extension: (Gmail) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-17] CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2014-05-17] ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed] R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-06-11] (Macrovision Europe Ltd.) [File not signed] S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-05-17] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 AR5416; C:\Windows\System32\DRIVERS\athwx.sys [2716768 2010-11-06] (Atheros Communications, Inc.) S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43104 2013-10-10] (IVT Corporation.) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-07] (AnchorFree Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-07] (Anchorfree Inc.) S3 ZD1211BU(TP-LINK); C:\Windows\System32\DRIVERS\zd1211Bu.sys [602880 2009-01-05] (Atheros Technology Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-17 12:42 - 2014-07-17 12:42 - 00000000 ___RD () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-07-17 12:42 - 2014-07-17 12:42 - 00000000 ____H () C:\ProgramData\cm-lock 2014-07-16 17:42 - 2014-07-16 17:42 - 00448512 _____ (OldTimer Tools) C:\Users\asus\Downloads\TFC.exe 2014-07-16 17:41 - 2014-07-16 17:41 - 00004454 _____ () C:\JavaRa.log 2014-07-16 17:40 - 2014-07-16 17:40 - 00000000 ____D () C:\Users\asus\Desktop\RemoveJava 2014-07-16 17:39 - 2014-07-16 17:39 - 00165483 _____ () C:\Users\asus\Downloads\JavaRa-1.16-28-5-13.zip 2014-07-16 12:50 - 2014-07-16 12:50 - 00115209 _____ () C:\Users\asus\Desktop\AutoRuns.zip 2014-07-16 12:49 - 2014-07-16 12:49 - 02820792 _____ () C:\Users\asus\Desktop\AutoRuns.arn 2014-07-16 12:42 - 2014-07-16 12:42 - 00591040 _____ (Sysinternals - www.sysinternals.com) C:\Users\asus\Desktop\autoruns.exe 2014-07-16 12:41 - 2014-07-16 12:42 - 00030936 _____ () C:\Users\asus\Documents\Addition.txt 2014-07-16 12:38 - 2014-07-17 12:45 - 00016377 _____ () C:\Users\asus\Documents\FRST.txt 2014-07-15 21:51 - 2014-07-15 21:51 - 00019744 _____ () C:\ComboFix.txt 2014-07-15 21:34 - 2014-07-15 21:34 - 00020271 _____ () C:\Users\asus\Desktop\combofixhahaha.txt 2014-07-15 17:33 - 2014-07-15 17:33 - 00013701 _____ () C:\Users\asus\Downloads\[kickass.to]bluestacks.app.player.0.8.7.3066.android.4.0.4.mod.torrent 2014-07-15 13:01 - 2014-07-15 13:01 - 00064657 _____ () C:\Users\asus\Downloads\[kickass.to]the.woman.2011.bluray.720p.800mb.ganool.torrent 2014-07-15 12:58 - 2014-07-15 12:58 - 00014807 _____ () C:\Users\asus\Downloads\[kickass.to]the.silent.house.2010.dvd.rip.xvid.stb.torrent 2014-07-15 12:41 - 2014-07-15 12:41 - 00153206 _____ () C:\Users\asus\Downloads\[kickass.to]the.innkeepers.2011.ita.eng.bluray.720p.x264.trl.torrent 2014-07-15 12:31 - 2014-07-15 12:31 - 00057106 _____ () C:\Users\asus\Downloads\[kickass.to]the.orphanage.el.orfanato.2007.dvdrip.eng.hard.subs.axxo.torrent 2014-07-15 12:08 - 2014-07-15 12:08 - 00097618 _____ () C:\Users\asus\Downloads\[kickass.to]harry.potter.series.1.7.1080p.bluray.qebs.aac.ps3.mp4.fasm.torrent 2014-07-15 12:07 - 2014-07-15 12:07 - 00000812 _____ () C:\Users\asus\Desktop\µTorrent.lnk 2014-07-15 12:07 - 2014-07-15 12:07 - 00000792 _____ () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-07-14 22:12 - 2014-07-14 22:12 - 00086819 _____ () C:\Users\asus\Downloads\[kickass.to]brett.manning.s.singing.success.torrent 2014-07-13 22:20 - 2014-07-13 22:20 - 00002242 _____ () C:\Users\asus\Desktop\aswMBR.txt 2014-07-13 22:20 - 2014-07-13 22:20 - 00000512 _____ () C:\Users\asus\Desktop\MBR.dat 2014-07-13 21:26 - 2014-07-13 21:27 - 05185536 _____ (AVAST Software) C:\Users\asus\Downloads\aswmbr.exe 2014-07-11 13:01 - 2014-07-11 13:02 - 00275608 _____ () C:\Users\asus\Downloads\photo (2).htm 2014-07-11 13:01 - 2014-07-11 13:01 - 00275742 _____ () C:\Users\asus\Downloads\photo (1).htm 2014-07-10 19:13 - 2014-07-15 21:51 - 00000000 ____D () C:\Qoobox 2014-07-10 19:13 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-07-10 19:13 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-07-10 19:13 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-07-10 19:13 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-07-10 19:13 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-07-10 19:13 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe 2014-07-10 19:13 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe 2014-07-10 19:13 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe 2014-07-10 19:12 - 2014-07-10 19:23 - 00000000 ____D () C:\Windows\erdnt 2014-07-10 18:08 - 2014-07-15 20:11 - 05220800 ____R (Swearware) C:\Users\asus\Desktop\ComboFix.exe 2014-07-09 19:45 - 2014-07-16 12:37 - 00000000 ____D () C:\Users\asus\Downloads\FRST-OlderVersion 2014-07-09 13:19 - 2014-07-09 13:19 - 02347384 _____ (ESET) C:\Users\asus\Downloads\esetsmartinstaller_enu.exe 2014-07-09 13:19 - 2014-07-09 13:19 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-09 12:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-07-09 12:37 - 2014-07-09 12:52 - 00000000 ____D () C:\AdwCleaner 2014-07-09 12:36 - 2014-07-09 12:36 - 01348263 _____ () C:\Users\asus\Downloads\AdwCleaner.exe 2014-07-09 12:35 - 2014-07-15 20:40 - 00000000 ____D () C:\Users\asus\Desktop\scans 2014-07-09 12:35 - 2014-07-09 12:35 - 00001756 _____ () C:\Users\asus\Desktop\JRT.txt 2014-07-09 12:23 - 2014-07-09 12:23 - 00000000 ____D () C:\Windows\ERUNT 2014-07-09 12:20 - 2014-07-09 12:21 - 01016261 _____ (Thisisu) C:\Users\asus\Downloads\JRT.exe 2014-07-07 06:18 - 2014-07-07 06:18 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-07-05 21:29 - 2014-07-05 21:29 - 00000000 ____D () C:\Users\Guest\Documents\My Games 2014-07-05 20:47 - 2014-07-05 20:47 - 00000284 _____ () C:\Users\Guest\Desktop\SDE Final.m2ts.sfl 2014-07-05 20:33 - 2014-07-05 20:47 - 375570432 _____ () C:\Users\Guest\Desktop\SDE Final.m2ts 2014-07-05 20:01 - 2014-07-05 20:01 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\NVIDIA 2014-07-05 19:57 - 2014-07-05 19:57 - 00000028 _____ () C:\Users\Guest\Desktop\SDE.avi.sfl 2014-07-05 19:41 - 2014-07-05 19:41 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\MPC-HC 2014-07-05 19:39 - 2014-07-05 19:39 - 00000036 _____ () C:\Users\Guest\Desktop\Martha SDE.avi.sfl 2014-07-05 17:31 - 2014-07-05 17:31 - 00000000 ____D () C:\Users\Guest\AppData\Local\proDAD_GmbH 2014-07-05 10:16 - 2014-07-05 10:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps 2014-07-05 09:57 - 2014-07-06 01:05 - 00000158 _____ () C:\Users\Guest\AppData\Roaming\default.rss 2014-07-05 09:56 - 2014-07-05 19:59 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\vlc 2014-07-05 09:56 - 2014-07-05 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Nero 2014-07-05 09:56 - 2014-07-05 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Nero 2014-07-05 09:55 - 2014-07-05 20:53 - 00000000 ____D () C:\Users\Guest\Desktop\Martha 2014-07-04 22:28 - 2014-07-04 22:28 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Publish Providers 2014-07-04 22:27 - 2014-07-04 22:27 - 00001062 _____ () C:\Users\Guest\Desktop\Vegas Pro 10.0 (64-bit).lnk 2014-07-04 22:27 - 2014-07-04 22:27 - 00000000 ____D () C:\Users\Guest\AppData\Local\Sony 2014-07-04 21:59 - 2014-07-04 21:59 - 00000000 ____D () C:\Users\asus\Documents\fkl-setup 2014-07-04 21:58 - 2014-07-04 21:58 - 00275888 _____ () C:\Users\asus\Documents\fkl-setup.zip 2014-07-04 12:53 - 2014-07-04 12:53 - 00006730 _____ () C:\Users\asus\Desktop\RKreport_SCN_07042014_125245.log 2014-07-04 12:46 - 2014-07-04 12:46 - 05283416 _____ () C:\Users\asus\Downloads\RogueKillerX64.exe 2014-07-04 12:41 - 2014-07-04 12:41 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-04 12:40 - 2014-07-04 12:41 - 04721240 _____ () C:\Users\asus\Downloads\RogueKiller.exe 2014-07-04 12:16 - 2014-07-04 12:17 - 00031049 _____ () C:\Users\asus\Downloads\Addition.txt 2014-07-04 12:15 - 2014-07-09 20:05 - 00060112 _____ () C:\Users\asus\Downloads\FRST.txt 2014-07-04 12:12 - 2014-07-17 12:45 - 00000000 ____D () C:\FRST 2014-07-04 12:09 - 2014-07-16 12:37 - 02086912 _____ (Farbar) C:\Users\asus\Documents\FRST64.exe 2014-07-04 11:43 - 2014-07-04 11:43 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla 2014-07-04 11:43 - 2014-07-04 11:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla 2014-07-03 22:44 - 2014-07-03 22:44 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Publish Providers 2014-07-03 22:41 - 2014-07-03 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-07-03 22:40 - 2014-07-03 22:40 - 00000000 ____D () C:\ProgramData\Sony 2014-07-03 22:40 - 2014-07-03 22:40 - 00000000 ____D () C:\Program Files (x86)\Sony 2014-07-03 22:29 - 2014-07-03 22:40 - 00000000 ____D () C:\Program Files\Sony 2014-07-03 22:20 - 2014-07-03 22:44 - 00002696 _____ () C:\Users\asus\Documents\Register Vegas Pro.htm 2014-07-03 22:15 - 2014-07-03 22:15 - 00000000 ____D () C:\Users\asus\AppData\Local\Sony 2014-07-03 22:13 - 2014-07-03 22:13 - 00000000 ____D () C:\Users\asus\AppData\Local\proDAD_GmbH 2014-07-03 22:13 - 2014-07-03 22:13 - 00000000 ____D () C:\ProgramData\proDAD 2014-07-03 22:11 - 2014-07-03 22:44 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Sony 2014-07-03 22:10 - 2014-07-03 22:10 - 00001110 _____ () C:\Users\Public\Desktop\Mercalli 3.0.lnk 2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\Users\asus\AppData\Roaming\proDAD 2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD 2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\Program Files\proDAD 2014-07-03 22:09 - 2014-07-03 22:22 - 00000000 ____D () C:\Users\asus\Documents\New folder (2) 2014-07-03 22:08 - 2014-07-04 22:28 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Sony 2014-07-03 22:08 - 2014-07-04 11:16 - 00000000 ____D () C:\Users\Guest\Desktop\x64 2014-07-03 22:08 - 2011-01-27 02:57 - 00002844 _____ () C:\Users\Guest\Desktop\INSTRUCTIONS.txt 2014-07-03 22:07 - 2014-07-03 22:07 - 00000000 ____D () C:\Users\Guest\Desktop\proDAD Mercalli 3.0.215.1 Standalone (Win32-64) Serial [ChingLiu] 2014-07-03 22:07 - 2014-07-03 22:07 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\WinRAR 2014-07-03 22:07 - 2011-01-27 03:01 - 00000000 ____D () C:\Users\Guest\Desktop\x32 2014-07-03 20:39 - 2014-07-05 23:06 - 00000000 ____D () C:\Users\Guest\Documents\Youcam 2014-07-03 20:39 - 2014-07-03 20:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\CyberLink 2014-07-03 20:38 - 2014-07-04 22:27 - 00000000 ____D () C:\Users\Guest\Documents\Bluetooth Folder 2014-07-03 20:38 - 2014-07-03 20:39 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Greenshot 2014-07-03 20:38 - 2014-07-03 20:38 - 00117592 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-03 20:38 - 2014-07-03 20:38 - 00001443 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-03 20:38 - 2014-07-03 20:38 - 00001409 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Zbshareware Lab 2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Local\Greenshot 2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Local\BMExplorer 2014-07-03 20:37 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest 2014-07-03 20:37 - 2014-07-03 20:37 - 00000020 ___SH () C:\Users\Guest\ntuser.ini 2014-07-03 20:37 - 2009-07-14 12:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-03 20:37 - 2009-07-14 12:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-02 11:25 - 2014-07-02 11:25 - 00016500 _____ () C:\Users\asus\Downloads\[kickass.to]super.8.2011.720p.brrip.x264.mp4.multisubs.aac.cc.torrent 2014-06-30 11:43 - 2014-06-30 11:43 - 00013780 _____ () C:\Users\asus\Desktop\com.supercell.clashofclans.cfg - Shortcut.lnk 2014-06-30 07:57 - 2014-06-30 07:57 - 00000000 ____D () C:\Users\asus\AppData\Roaming\NVIDIA 2014-06-29 21:51 - 2014-06-29 21:55 - 12851944 _____ (BlueStack Systems Inc.) C:\Users\asus\Downloads\BlueStacks-SplitInstaller_native_b.exe 2014-06-28 13:00 - 2014-06-28 13:00 - 00056797 _____ () C:\Users\asus\Downloads\[kickass.to]the.haunting.in.connecticut.2.ghosts.of.georgia.2013.french.dvdrip.xvid.tmb.torrent 2014-06-27 20:47 - 2014-06-27 20:47 - 00003467 _____ () C:\Windows\SysWOW64\collectionCache.bnk 2014-06-27 13:21 - 2014-07-10 20:02 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-06-27 13:21 - 2014-07-10 19:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-06-27 13:21 - 2014-06-27 13:21 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-06-27 13:00 - 2014-06-27 13:03 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\asus\Downloads\spybot-2.3.exe 2014-06-27 12:45 - 2014-06-27 12:45 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-06-27 12:45 - 2014-06-27 12:45 - 00000000 ____D () C:\Windows\system32\NV 2014-06-27 07:50 - 2014-06-27 07:50 - 00000967 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2014-06-27 07:50 - 2014-06-27 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-06-27 07:50 - 2014-06-27 07:50 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-06-27 07:43 - 2014-06-27 07:46 - 29256752 _____ (TeamSpeak Systems GmbH) C:\Users\asus\Downloads\TeamSpeak3-Client-win64-3.0.15.exe 2014-06-26 20:43 - 2014-06-26 20:44 - 00002046 _____ () C:\Users\asus\Desktop\OSRS.lnk 2014-06-26 20:41 - 2014-06-26 20:41 - 00002076 _____ () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk 2014-06-26 20:41 - 2014-06-26 20:41 - 00002046 _____ () C:\Users\asus\Desktop\RuneScape.lnk 2014-06-26 20:41 - 2014-06-26 20:41 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape 2014-06-26 20:39 - 2014-06-29 20:11 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-06-26 20:39 - 2014-06-26 20:40 - 23805952 _____ () C:\Users\asus\Downloads\RuneScape (1).msi 2014-06-26 20:28 - 2014-07-13 11:33 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-06-26 20:24 - 2014-06-26 20:28 - 12851944 _____ (BlueStack Systems Inc.) C:\Users\asus\Downloads\BlueStacks-SplitInstaller_native.exe 2014-06-26 19:15 - 2014-06-26 19:16 - 01653168 _____ () C:\Users\asus\Desktop\Orion.exe 2014-06-26 19:13 - 2014-06-30 21:06 - 00000000 ____D () C:\Users\asus\jagexcache 2014-06-26 19:06 - 2014-06-26 19:11 - 00000000 ____D () C:\Users\asus\Orion 2014-06-23 19:35 - 2014-06-23 19:35 - 00002984 _____ () C:\Windows\System32\Tasks\ATKOSD2 2014-06-23 19:35 - 2014-06-23 19:35 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-06-23 19:30 - 2014-06-23 19:30 - 00001250 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2014-06-23 19:29 - 2014-06-23 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2014-06-23 19:29 - 2014-06-23 19:29 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2014-06-23 19:28 - 2014-06-23 19:29 - 01640984 _____ () C:\Users\asus\Downloads\SetupVirtualCloneDrive5470.exe 2014-06-23 15:08 - 2014-06-23 15:08 - 00000290 _____ () C:\Users\asus\Documents\vpn kali.txt 2014-06-23 13:30 - 2014-06-23 13:30 - 10432166 _____ () C:\Users\asus\Downloads\Oracle_VM_VirtualBox_Extension_Pack-4.3.10-93012.vbox-extpack 2014-06-23 13:25 - 2014-06-23 13:25 - 00000000 ____D () C:\Users\asus\VirtualBox VMs 2014-06-22 11:05 - 2014-06-22 11:05 - 00025017 _____ () C:\Users\asus\Downloads\[kickass.to]farcry.3.black.box.silvertorrent.torrent 2014-06-21 04:46 - 2014-06-21 04:46 - 00020122 _____ () C:\Users\asus\Downloads\[kickass.to]game.of.thrones.the.complete.season.4.hdtv.torrent 2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\asus\Documents\Square Enix 2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\asus\AppData\Local\SKIDROW 2014-06-20 11:11 - 2014-06-20 11:11 - 00002088 _____ () C:\Users\Public\Desktop\TP-LINK Wireless Client Utility.lnk 2014-06-20 11:11 - 2014-06-20 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK 2014-06-20 11:11 - 2014-06-20 11:11 - 00000000 ____D () C:\Program Files (x86)\TP-LINK 2014-06-20 11:11 - 2009-01-05 14:54 - 00602880 _____ (Atheros Technology Corporation) C:\Windows\system32\Drivers\ZD1211BU.sys 2014-06-20 11:11 - 2009-01-05 14:54 - 00499712 _____ (Atheros Technology Corporation) C:\Windows\SysWOW64\ZD11BUME.SYS 2014-06-20 11:11 - 2009-01-05 14:54 - 00499712 _____ (Atheros Technology Corporation) C:\Windows\SysWOW64\ZD11BU98.SYS 2014-06-20 11:11 - 2009-01-05 14:54 - 00081920 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\ZDPN50.DLL 2014-06-20 11:11 - 2009-01-05 14:54 - 00031744 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\ZDPSp50a64.sys 2014-06-20 11:11 - 2009-01-05 14:54 - 00031744 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\ZDPSp50a64.sys 2014-06-20 11:11 - 2009-01-05 14:54 - 00029184 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\BRGSp50a64.sys 2014-06-20 11:11 - 2009-01-05 14:54 - 00029184 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\BRGSp50a64.sys 2014-06-20 11:11 - 2009-01-05 14:54 - 00028672 _____ () C:\Windows\SysWOW64\InsDrvZD.dll 2014-06-20 11:11 - 2009-01-05 14:54 - 00024576 _____ () C:\Windows\SysWOW64\ZyDelReg.exe 2014-06-20 11:11 - 2009-01-05 14:54 - 00020608 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\BRGSp50.sys 2014-06-20 11:11 - 2009-01-05 14:54 - 00019524 _____ () C:\Windows\SysWOW64\BRGSp31.VXD 2014-06-20 11:11 - 2009-01-05 14:54 - 00017664 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\ZDPSp50.sys 2014-06-20 11:11 - 2009-01-05 14:54 - 00017151 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\ZDPNDIS5.SYS 2014-06-20 11:11 - 2009-01-05 14:54 - 00015941 _____ () C:\Windows\SysWOW64\ZDPNDIS3.VXD 2014-06-20 11:11 - 2009-01-05 14:54 - 00015872 _____ () C:\Windows\SysWOW64\InsDrvZD64.DLL 2014-06-20 11:11 - 2009-01-05 14:54 - 00015872 _____ () C:\Windows\system32\InsDrvZD64.dll 2014-06-20 11:11 - 2009-01-05 14:54 - 00015428 _____ () C:\Windows\SysWOW64\ZDPSp31.VXD 2014-06-20 11:11 - 2007-06-25 20:29 - 00499712 _____ (Atheros Technology Corporation) C:\Windows\SysWOW64\ZD11BU.SYS 2014-06-20 11:10 - 2009-03-18 15:34 - 00000000 ____D () C:\Users\asus\Documents\Win98_ME_2K_XP_X64 2014-06-20 11:10 - 2009-03-18 15:34 - 00000000 ____D () C:\Users\asus\Documents\Vista 2014-06-20 11:09 - 2014-06-20 11:10 - 06876733 _____ () C:\Users\asus\Documents\2009319153528.zip 2014-06-20 11:00 - 2014-06-20 11:00 - 00225888 _____ (NirSoft) C:\Users\asus\Desktop\c.exe 2014-06-20 11:00 - 2014-06-20 11:00 - 00090720 _____ (NirSoft) C:\Users\asus\Desktop\f.exe 2014-06-20 11:00 - 2014-06-20 11:00 - 00051200 _____ (NirSoft) C:\Users\asus\Desktop\i.exe 2014-06-20 11:00 - 2014-06-20 11:00 - 00000136 _____ () C:\Users\asus\Desktop\launch.bat 2014-06-19 14:05 - 2014-06-19 14:11 - 00000000 ____D () C:\Users\asus\Documents\USB files 2014-06-19 13:52 - 2014-06-20 12:11 - 00000000 ____D () C:\Users\asus\Desktop\POW ==================== One Month Modified Files and Folders ======= 2014-07-17 12:45 - 2014-07-16 12:38 - 00016377 _____ () C:\Users\asus\Documents\FRST.txt 2014-07-17 12:45 - 2014-07-04 12:12 - 00000000 ____D () C:\FRST 2014-07-17 12:45 - 2014-05-18 04:37 - 01773819 _____ () C:\Windows\WindowsUpdate.log 2014-07-17 12:43 - 2014-06-01 16:32 - 00000000 ____D () C:\Users\asus\Documents\Youcam 2014-07-17 12:43 - 2014-05-20 18:16 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Spotify 2014-07-17 12:42 - 2014-07-17 12:42 - 00000000 ___RD () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-07-17 12:42 - 2014-07-17 12:42 - 00000000 ____H () C:\ProgramData\cm-lock 2014-07-17 12:42 - 2014-05-20 09:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-17 12:41 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-17 12:41 - 2009-07-14 12:51 - 00064487 _____ () C:\Windows\setupact.log 2014-07-17 11:47 - 2014-06-03 17:43 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-07-16 17:51 - 2014-05-17 13:42 - 00000000 ____D () C:\Users\asus 2014-07-16 17:48 - 2014-05-19 18:45 - 00000000 ____D () C:\Users\asus\AppData\Roaming\uTorrent 2014-07-16 17:46 - 2010-11-21 11:47 - 00052016 _____ () C:\Windows\PFRO.log 2014-07-16 17:42 - 2014-07-16 17:42 - 00448512 _____ (OldTimer Tools) C:\Users\asus\Downloads\TFC.exe 2014-07-16 17:41 - 2014-07-16 17:41 - 00004454 _____ () C:\JavaRa.log 2014-07-16 17:40 - 2014-07-16 17:40 - 00000000 ____D () C:\Users\asus\Desktop\RemoveJava 2014-07-16 17:39 - 2014-07-16 17:39 - 00165483 _____ () C:\Users\asus\Downloads\JavaRa-1.16-28-5-13.zip 2014-07-16 12:50 - 2014-07-16 12:50 - 00115209 _____ () C:\Users\asus\Desktop\AutoRuns.zip 2014-07-16 12:49 - 2014-07-16 12:49 - 02820792 _____ () C:\Users\asus\Desktop\AutoRuns.arn 2014-07-16 12:42 - 2014-07-16 12:42 - 00591040 _____ (Sysinternals - www.sysinternals.com) C:\Users\asus\Desktop\autoruns.exe 2014-07-16 12:42 - 2014-07-16 12:41 - 00030936 _____ () C:\Users\asus\Documents\Addition.txt 2014-07-16 12:37 - 2014-07-09 19:45 - 00000000 ____D () C:\Users\asus\Downloads\FRST-OlderVersion 2014-07-16 12:37 - 2014-07-04 12:09 - 02086912 _____ (Farbar) C:\Users\asus\Documents\FRST64.exe 2014-07-15 22:15 - 2014-05-21 22:35 - 00000023 _____ () C:\Users\asus\jagexappletviewer.preferences 2014-07-15 21:51 - 2014-07-15 21:51 - 00019744 _____ () C:\ComboFix.txt 2014-07-15 21:51 - 2014-07-10 19:13 - 00000000 ____D () C:\Qoobox 2014-07-15 21:50 - 2009-07-14 10:34 - 00000250 _____ () C:\Windows\system.ini 2014-07-15 21:34 - 2014-07-15 21:34 - 00020271 _____ () C:\Users\asus\Desktop\combofixhahaha.txt 2014-07-15 21:19 - 2014-05-17 15:13 - 00000000 ____D () C:\Users\asus\AppData\Local\CrashDumps 2014-07-15 20:40 - 2014-07-09 12:35 - 00000000 ____D () C:\Users\asus\Desktop\scans 2014-07-15 20:22 - 2009-07-14 12:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-15 20:22 - 2009-07-14 12:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-15 20:11 - 2014-07-10 18:08 - 05220800 ____R (Swearware) C:\Users\asus\Desktop\ComboFix.exe 2014-07-15 18:18 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-07-15 17:33 - 2014-07-15 17:33 - 00013701 _____ () C:\Users\asus\Downloads\[kickass.to]bluestacks.app.player.0.8.7.3066.android.4.0.4.mod.torrent 2014-07-15 13:01 - 2014-07-15 13:01 - 00064657 _____ () C:\Users\asus\Downloads\[kickass.to]the.woman.2011.bluray.720p.800mb.ganool.torrent 2014-07-15 12:58 - 2014-07-15 12:58 - 00014807 _____ () C:\Users\asus\Downloads\[kickass.to]the.silent.house.2010.dvd.rip.xvid.stb.torrent 2014-07-15 12:41 - 2014-07-15 12:41 - 00153206 _____ () C:\Users\asus\Downloads\[kickass.to]the.innkeepers.2011.ita.eng.bluray.720p.x264.trl.torrent 2014-07-15 12:31 - 2014-07-15 12:31 - 00057106 _____ () C:\Users\asus\Downloads\[kickass.to]the.orphanage.el.orfanato.2007.dvdrip.eng.hard.subs.axxo.torrent 2014-07-15 12:08 - 2014-07-15 12:08 - 00097618 _____ () C:\Users\asus\Downloads\[kickass.to]harry.potter.series.1.7.1080p.bluray.qebs.aac.ps3.mp4.fasm.torrent 2014-07-15 12:07 - 2014-07-15 12:07 - 00000812 _____ () C:\Users\asus\Desktop\µTorrent.lnk 2014-07-15 12:07 - 2014-07-15 12:07 - 00000792 _____ () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-07-15 10:13 - 2014-05-20 18:23 - 00000000 ____D () C:\Users\asus\AppData\Local\Spotify 2014-07-15 10:10 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Vss 2014-07-14 22:12 - 2014-07-14 22:12 - 00086819 _____ () C:\Users\asus\Downloads\[kickass.to]brett.manning.s.singing.success.torrent 2014-07-13 22:20 - 2014-07-13 22:20 - 00002242 _____ () C:\Users\asus\Desktop\aswMBR.txt 2014-07-13 22:20 - 2014-07-13 22:20 - 00000512 _____ () C:\Users\asus\Desktop\MBR.dat 2014-07-13 21:27 - 2014-07-13 21:26 - 05185536 _____ (AVAST Software) C:\Users\asus\Downloads\aswmbr.exe 2014-07-13 11:33 - 2014-06-26 20:28 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-07-11 13:02 - 2014-07-11 13:01 - 00275608 _____ () C:\Users\asus\Downloads\photo (2).htm 2014-07-11 13:01 - 2014-07-11 13:01 - 00275742 _____ () C:\Users\asus\Downloads\photo (1).htm 2014-07-10 20:02 - 2014-06-27 13:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-07-10 19:24 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default 2014-07-10 19:23 - 2014-07-10 19:12 - 00000000 ____D () C:\Windows\erdnt 2014-07-10 19:14 - 2014-06-27 13:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-07-09 20:05 - 2014-07-04 12:15 - 00060112 _____ () C:\Users\asus\Downloads\FRST.txt 2014-07-09 15:48 - 2014-06-06 19:30 - 00000000 ____D () C:\Users\asus\Documents\Greenshot 2014-07-09 13:19 - 2014-07-09 13:19 - 02347384 _____ (ESET) C:\Users\asus\Downloads\esetsmartinstaller_enu.exe 2014-07-09 13:19 - 2014-07-09 13:19 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-09 12:52 - 2014-07-09 12:37 - 00000000 ____D () C:\AdwCleaner 2014-07-09 12:36 - 2014-07-09 12:36 - 01348263 _____ () C:\Users\asus\Downloads\AdwCleaner.exe 2014-07-09 12:35 - 2014-07-09 12:35 - 00001756 _____ () C:\Users\asus\Desktop\JRT.txt 2014-07-09 12:23 - 2014-07-09 12:23 - 00000000 ____D () C:\Windows\ERUNT 2014-07-09 12:21 - 2014-07-09 12:20 - 01016261 _____ (Thisisu) C:\Users\asus\Downloads\JRT.exe 2014-07-07 06:46 - 2014-05-24 15:54 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-07-07 06:46 - 2014-05-24 15:54 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-07-07 06:18 - 2014-07-07 06:18 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-07-06 20:06 - 2014-05-20 03:43 - 00000000 ____D () C:\Users\asus\AppData\Roaming\vlc 2014-07-06 12:59 - 2014-05-17 15:58 - 00052843 _____ () C:\Windows\DirectX.log 2014-07-06 11:48 - 2014-05-17 15:08 - 00000000 ____D () C:\Users\asus\Documents\Bluetooth Folder 2014-07-06 01:05 - 2014-07-05 09:57 - 00000158 _____ () C:\Users\Guest\AppData\Roaming\default.rss 2014-07-05 23:16 - 2009-07-14 13:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-05 23:06 - 2014-07-03 20:39 - 00000000 ____D () C:\Users\Guest\Documents\Youcam 2014-07-05 21:29 - 2014-07-05 21:29 - 00000000 ____D () C:\Users\Guest\Documents\My Games 2014-07-05 20:53 - 2014-07-05 09:55 - 00000000 ____D () C:\Users\Guest\Desktop\Martha 2014-07-05 20:47 - 2014-07-05 20:47 - 00000284 _____ () C:\Users\Guest\Desktop\SDE Final.m2ts.sfl 2014-07-05 20:47 - 2014-07-05 20:33 - 375570432 _____ () C:\Users\Guest\Desktop\SDE Final.m2ts 2014-07-05 20:01 - 2014-07-05 20:01 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\NVIDIA 2014-07-05 19:59 - 2014-07-05 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\vlc 2014-07-05 19:57 - 2014-07-05 19:57 - 00000028 _____ () C:\Users\Guest\Desktop\SDE.avi.sfl 2014-07-05 19:41 - 2014-07-05 19:41 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\MPC-HC 2014-07-05 19:39 - 2014-07-05 19:39 - 00000036 _____ () C:\Users\Guest\Desktop\Martha SDE.avi.sfl 2014-07-05 17:31 - 2014-07-05 17:31 - 00000000 ____D () C:\Users\Guest\AppData\Local\proDAD_GmbH 2014-07-05 10:16 - 2014-07-05 10:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps 2014-07-05 09:56 - 2014-07-05 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Nero 2014-07-05 09:56 - 2014-07-05 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Nero 2014-07-04 22:28 - 2014-07-04 22:28 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Publish Providers 2014-07-04 22:28 - 2014-07-03 22:08 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Sony 2014-07-04 22:27 - 2014-07-04 22:27 - 00001062 _____ () C:\Users\Guest\Desktop\Vegas Pro 10.0 (64-bit).lnk 2014-07-04 22:27 - 2014-07-04 22:27 - 00000000 ____D () C:\Users\Guest\AppData\Local\Sony 2014-07-04 22:27 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\Documents\Bluetooth Folder 2014-07-04 21:59 - 2014-07-04 21:59 - 00000000 ____D () C:\Users\asus\Documents\fkl-setup 2014-07-04 21:58 - 2014-07-04 21:58 - 00275888 _____ () C:\Users\asus\Documents\fkl-setup.zip 2014-07-04 12:53 - 2014-07-04 12:53 - 00006730 _____ () C:\Users\asus\Desktop\RKreport_SCN_07042014_125245.log 2014-07-04 12:46 - 2014-07-04 12:46 - 05283416 _____ () C:\Users\asus\Downloads\RogueKillerX64.exe 2014-07-04 12:41 - 2014-07-04 12:41 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-04 12:41 - 2014-07-04 12:40 - 04721240 _____ () C:\Users\asus\Downloads\RogueKiller.exe 2014-07-04 12:17 - 2014-07-04 12:16 - 00031049 _____ () C:\Users\asus\Downloads\Addition.txt 2014-07-04 11:43 - 2014-07-04 11:43 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla 2014-07-04 11:43 - 2014-07-04 11:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla 2014-07-04 11:24 - 2014-06-03 18:39 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phrozen Keylogger Lite 2014-07-04 11:16 - 2014-07-03 22:08 - 00000000 ____D () C:\Users\Guest\Desktop\x64 2014-07-03 22:44 - 2014-07-03 22:44 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Publish Providers 2014-07-03 22:44 - 2014-07-03 22:20 - 00002696 _____ () C:\Users\asus\Documents\Register Vegas Pro.htm 2014-07-03 22:44 - 2014-07-03 22:11 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Sony 2014-07-03 22:41 - 2014-07-03 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-07-03 22:40 - 2014-07-03 22:40 - 00000000 ____D () C:\ProgramData\Sony 2014-07-03 22:40 - 2014-07-03 22:40 - 00000000 ____D () C:\Program Files (x86)\Sony 2014-07-03 22:40 - 2014-07-03 22:29 - 00000000 ____D () C:\Program Files\Sony 2014-07-03 22:22 - 2014-07-03 22:09 - 00000000 ____D () C:\Users\asus\Documents\New folder (2) 2014-07-03 22:15 - 2014-07-03 22:15 - 00000000 ____D () C:\Users\asus\AppData\Local\Sony 2014-07-03 22:13 - 2014-07-03 22:13 - 00000000 ____D () C:\Users\asus\AppData\Local\proDAD_GmbH 2014-07-03 22:13 - 2014-07-03 22:13 - 00000000 ____D () C:\ProgramData\proDAD 2014-07-03 22:10 - 2014-07-03 22:10 - 00001110 _____ () C:\Users\Public\Desktop\Mercalli 3.0.lnk 2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\Users\asus\AppData\Roaming\proDAD 2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD 2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\Program Files\proDAD 2014-07-03 22:07 - 2014-07-03 22:07 - 00000000 ____D () C:\Users\Guest\Desktop\proDAD Mercalli 3.0.215.1 Standalone (Win32-64) Serial [ChingLiu] 2014-07-03 22:07 - 2014-07-03 22:07 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\WinRAR 2014-07-03 20:39 - 2014-07-03 20:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\CyberLink 2014-07-03 20:39 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Greenshot 2014-07-03 20:38 - 2014-07-03 20:38 - 00117592 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-03 20:38 - 2014-07-03 20:38 - 00001443 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-03 20:38 - 2014-07-03 20:38 - 00001409 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Zbshareware Lab 2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Local\Greenshot 2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Local\BMExplorer 2014-07-03 20:38 - 2014-07-03 20:37 - 00000000 ____D () C:\Users\Guest 2014-07-03 20:38 - 2014-05-17 15:11 - 00000000 ____D () C:\ProgramData\Atheros 2014-07-03 20:37 - 2014-07-03 20:37 - 00000020 ___SH () C:\Users\Guest\ntuser.ini 2014-07-02 11:25 - 2014-07-02 11:25 - 00016500 _____ () C:\Users\asus\Downloads\[kickass.to]super.8.2011.720p.brrip.x264.mp4.multisubs.aac.cc.torrent 2014-06-30 21:06 - 2014-06-26 19:13 - 00000000 ____D () C:\Users\asus\jagexcache 2014-06-30 18:37 - 2014-05-22 09:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-06-30 11:43 - 2014-06-30 11:43 - 00013780 _____ () C:\Users\asus\Desktop\com.supercell.clashofclans.cfg - Shortcut.lnk 2014-06-30 07:57 - 2014-06-30 07:57 - 00000000 ____D () C:\Users\asus\AppData\Roaming\NVIDIA 2014-06-30 04:35 - 2014-06-06 19:28 - 00000000 ____D () C:\Users\asus\AppData\Local\Greenshot 2014-06-29 21:55 - 2014-06-29 21:51 - 12851944 _____ (BlueStack Systems Inc.) C:\Users\asus\Downloads\BlueStacks-SplitInstaller_native_b.exe 2014-06-29 20:11 - 2014-06-26 20:39 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-06-28 13:00 - 2014-06-28 13:00 - 00056797 _____ () C:\Users\asus\Downloads\[kickass.to]the.haunting.in.connecticut.2.ghosts.of.georgia.2013.french.dvdrip.xvid.tmb.torrent 2014-06-27 20:47 - 2014-06-27 20:47 - 00003467 _____ () C:\Windows\SysWOW64\collectionCache.bnk 2014-06-27 13:21 - 2014-06-27 13:21 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-06-27 13:03 - 2014-06-27 13:00 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\asus\Downloads\spybot-2.3.exe 2014-06-27 12:45 - 2014-06-27 12:45 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-06-27 12:45 - 2014-06-27 12:45 - 00000000 ____D () C:\Windows\system32\NV 2014-06-27 12:45 - 2014-05-17 15:41 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-27 12:45 - 2014-05-17 15:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-06-27 12:45 - 2014-05-17 15:38 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-06-27 07:50 - 2014-06-27 07:50 - 00000967 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2014-06-27 07:50 - 2014-06-27 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-06-27 07:50 - 2014-06-27 07:50 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-06-27 07:46 - 2014-06-27 07:43 - 29256752 _____ (TeamSpeak Systems GmbH) C:\Users\asus\Downloads\TeamSpeak3-Client-win64-3.0.15.exe 2014-06-26 20:44 - 2014-06-26 20:43 - 00002046 _____ () C:\Users\asus\Desktop\OSRS.lnk 2014-06-26 20:41 - 2014-06-26 20:41 - 00002076 _____ () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk 2014-06-26 20:41 - 2014-06-26 20:41 - 00002046 _____ () C:\Users\asus\Desktop\RuneScape.lnk 2014-06-26 20:41 - 2014-06-26 20:41 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape 2014-06-26 20:40 - 2014-06-26 20:39 - 23805952 _____ () C:\Users\asus\Downloads\RuneScape (1).msi 2014-06-26 20:37 - 2014-05-20 03:42 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Nero 2014-06-26 20:28 - 2014-06-26 20:24 - 12851944 _____ (BlueStack Systems Inc.) C:\Users\asus\Downloads\BlueStacks-SplitInstaller_native.exe 2014-06-26 20:00 - 2009-07-14 13:08 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-26 19:16 - 2014-06-26 19:15 - 01653168 _____ () C:\Users\asus\Desktop\Orion.exe 2014-06-26 19:11 - 2014-06-26 19:06 - 00000000 ____D () C:\Users\asus\Orion 2014-06-23 19:35 - 2014-06-23 19:35 - 00002984 _____ () C:\Windows\System32\Tasks\ATKOSD2 2014-06-23 19:35 - 2014-06-23 19:35 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-06-23 19:30 - 2014-06-23 19:30 - 00001250 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2014-06-23 19:29 - 2014-06-23 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2014-06-23 19:29 - 2014-06-23 19:29 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2014-06-23 19:29 - 2014-06-23 19:28 - 01640984 _____ () C:\Users\asus\Downloads\SetupVirtualCloneDrive5470.exe 2014-06-23 16:54 - 2014-06-01 18:57 - 00000000 ____D () C:\Users\asus\.VirtualBox 2014-06-23 15:08 - 2014-06-23 15:08 - 00000290 _____ () C:\Users\asus\Documents\vpn kali.txt 2014-06-23 13:30 - 2014-06-23 13:30 - 10432166 _____ () C:\Users\asus\Downloads\Oracle_VM_VirtualBox_Extension_Pack-4.3.10-93012.vbox-extpack 2014-06-23 13:25 - 2014-06-23 13:25 - 00000000 ____D () C:\Users\asus\VirtualBox VMs 2014-06-22 11:05 - 2014-06-22 11:05 - 00025017 _____ () C:\Users\asus\Downloads\[kickass.to]farcry.3.black.box.silvertorrent.torrent 2014-06-21 04:46 - 2014-06-21 04:46 - 00020122 _____ () C:\Users\asus\Downloads\[kickass.to]game.of.thrones.the.complete.season.4.hdtv.torrent 2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\asus\Documents\Square Enix 2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\asus\AppData\Local\SKIDROW 2014-06-20 12:11 - 2014-06-19 13:52 - 00000000 ____D () C:\Users\asus\Desktop\POW 2014-06-20 11:11 - 2014-06-20 11:11 - 00002088 _____ () C:\Users\Public\Desktop\TP-LINK Wireless Client Utility.lnk 2014-06-20 11:11 - 2014-06-20 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK 2014-06-20 11:11 - 2014-06-20 11:11 - 00000000 ____D () C:\Program Files (x86)\TP-LINK 2014-06-20 11:11 - 2014-05-17 15:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-20 11:10 - 2014-06-20 11:09 - 06876733 _____ () C:\Users\asus\Documents\2009319153528.zip 2014-06-20 11:00 - 2014-06-20 11:00 - 00225888 _____ (NirSoft) C:\Users\asus\Desktop\c.exe 2014-06-20 11:00 - 2014-06-20 11:00 - 00090720 _____ (NirSoft) C:\Users\asus\Desktop\f.exe 2014-06-20 11:00 - 2014-06-20 11:00 - 00051200 _____ (NirSoft) C:\Users\asus\Desktop\i.exe 2014-06-20 11:00 - 2014-06-20 11:00 - 00000136 _____ () C:\Users\asus\Desktop\launch.bat 2014-06-19 14:11 - 2014-06-19 14:05 - 00000000 ____D () C:\Users\asus\Documents\USB files ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-15 20:39 ==================== End Of Log ============================
  12. freakstyle
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014 01 Ran by asus at 2014-07-16 17:51:11 Run:1 Running from C:\Users\asus\Documents Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D] => C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [uTorrent] => C:\Users\asus\AppData\Roaming\uTorrent\uTorrent.exe [1270864 2014-07-15] (BitTorrent Inc.) HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Policies\system: [DisableTaskMgr] 1 HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [uTorrent] => C:\Users\asus\Downloads\uTorrent.exe [1270864 2014-05-19] (BitTorrent Inc.) HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [Google Update] => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-19] (Google Inc.) BootExecute: autocheck autochk * sdnclean64.exe HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) C:\Users\asus\jagex_cl_oldschool_LIVE.dat C:\Users\asus\jagex_cl_runescape_LIVE.dat C:\Users\asus\jagex_cl_runescape_LIVE1.dat C:\Users\asus\random.dat Task: {5530E6E8-723E-48C9-97B5-3C84C8011104} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-19] (Google Inc.) Task: {CFC23C2A-C73C-4FF3-BA9E-A8DE7CDE4BF8} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION Task: {D7FBD7B3-77C7-44AC-AF65-D6F96A2D3F16} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION Task: {EA7A300C-6A66-4E70-9F43-DE27BAAE66FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-19] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core.job => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA.job => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found. HKU\S-1-5-21-1210325367-195732664-3179361299-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D => value deleted successfully. HKU\S-1-5-21-1210325367-195732664-3179361299-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully. HKU\S-1-5-21-1210325367-195732664-3179361299-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value deleted successfully. HKU\S-1-5-21-1210325367-195732664-3179361299-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => value deleted successfully. HKU\S-1-5-21-1210325367-195732664-3179361299-1002\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully. HKU\S-1-5-21-1210325367-195732664-3179361299-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found. 'HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}'=> Key not found. 'HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}'=> Key not found. 'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2'=> Key not found. C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found. 'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2'=> Key not found. C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found. C:\Users\asus\jagex_cl_oldschool_LIVE.dat => Moved successfully. C:\Users\asus\jagex_cl_runescape_LIVE.dat => Moved successfully. C:\Users\asus\jagex_cl_runescape_LIVE1.dat => Moved successfully. C:\Users\asus\random.dat => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5530E6E8-723E-48C9-97B5-3C84C8011104}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5530E6E8-723E-48C9-97B5-3C84C8011104}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CFC23C2A-C73C-4FF3-BA9E-A8DE7CDE4BF8}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFC23C2A-C73C-4FF3-BA9E-A8DE7CDE4BF8}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7FBD7B3-77C7-44AC-AF65-D6F96A2D3F16}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7FBD7B3-77C7-44AC-AF65-D6F96A2D3F16}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA7A300C-6A66-4E70-9F43-DE27BAAE66FA}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA7A300C-6A66-4E70-9F43-DE27BAAE66FA}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core' => Key deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA.job => Moved successfully. ==== End of Fixlog ====
  13. freakstyle
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014 01 Ran by asus at 2014-07-16 17:51:11 Run:1 Running from C:\Users\asus\Documents Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D] => C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [uTorrent] => C:\Users\asus\AppData\Roaming\uTorrent\uTorrent.exe [1270864 2014-07-15] (BitTorrent Inc.) HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Policies\system: [DisableTaskMgr] 1 HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [uTorrent] => C:\Users\asus\Downloads\uTorrent.exe [1270864 2014-05-19] (BitTorrent Inc.) HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [Google Update] => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-19] (Google Inc.) BootExecute: autocheck autochk * sdnclean64.exe HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) C:\Users\asus\jagex_cl_oldschool_LIVE.dat C:\Users\asus\jagex_cl_runescape_LIVE.dat C:\Users\asus\jagex_cl_runescape_LIVE1.dat C:\Users\asus\random.dat Task: {5530E6E8-723E-48C9-97B5-3C84C8011104} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-19] (Google Inc.) Task: {CFC23C2A-C73C-4FF3-BA9E-A8DE7CDE4BF8} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION Task: {D7FBD7B3-77C7-44AC-AF65-D6F96A2D3F16} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION Task: {EA7A300C-6A66-4E70-9F43-DE27BAAE66FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-19] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core.job => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA.job => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found. HKU\S-1-5-21-1210325367-195732664-3179361299-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D => value deleted successfully. HKU\S-1-5-21-1210325367-195732664-3179361299-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully. HKU\S-1-5-21-1210325367-195732664-3179361299-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value deleted successfully. HKU\S-1-5-21-1210325367-195732664-3179361299-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => value deleted successfully. HKU\S-1-5-21-1210325367-195732664-3179361299-1002\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully. HKU\S-1-5-21-1210325367-195732664-3179361299-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found. 'HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}'=> Key not found. 'HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}'=> Key not found. 'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2'=> Key not found. C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found. 'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2'=> Key not found. C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found. C:\Users\asus\jagex_cl_oldschool_LIVE.dat => Moved successfully. C:\Users\asus\jagex_cl_runescape_LIVE.dat => Moved successfully. C:\Users\asus\jagex_cl_runescape_LIVE1.dat => Moved successfully. C:\Users\asus\random.dat => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5530E6E8-723E-48C9-97B5-3C84C8011104}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5530E6E8-723E-48C9-97B5-3C84C8011104}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CFC23C2A-C73C-4FF3-BA9E-A8DE7CDE4BF8}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFC23C2A-C73C-4FF3-BA9E-A8DE7CDE4BF8}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7FBD7B3-77C7-44AC-AF65-D6F96A2D3F16}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7FBD7B3-77C7-44AC-AF65-D6F96A2D3F16}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA7A300C-6A66-4E70-9F43-DE27BAAE66FA}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA7A300C-6A66-4E70-9F43-DE27BAAE66FA}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core' => Key deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA.job => Moved successfully. ==== End of Fixlog ====
  14. freakstyle
    JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Jul 16 17:41:39 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting.
  15. freakstyle
    AutoRuns.zip AutoRuns.zip
  16. freakstyle
    Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01Ran by asus at 2014-07-16 12:41:47Running from C:\Users\asus\DocumentsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31227 - BitTorrent Inc.)Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) HiddenAdobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) HiddenAdobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) HiddenAdobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) HiddenAdobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) HiddenAdobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) HiddenAdobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) HiddenAdobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) HiddenAdobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) HiddenAdobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) HiddenAdobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdvertising Center (x32 Version: 0.0.0.1 - Nero AG) HiddenAsmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)Cisco Packet Tracer 5.3.3 (HKLM-x32\...\Cisco Packet Tracer 5.3.3_is1) (Version: - Cisco Systems, Inc.)CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Common (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - EN (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1 - Corel Corporation) HiddenCorelDRAW Graphics Suite X5 (x32 Version: 15.2 - Corel Corporation) HiddenCorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.661 - Corel Corporation)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)CyberLink YouCam 5 (x32 Version: 5.0.0909 - CyberLink Corp.) HiddenDolbyFiles (x32 Version: 0.1 - Nero AG) HiddenDota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) HiddenGreenshot 1.1.9.13 (HKLM\...\Greenshot_is1) (Version: 1.1.9.13 - Greenshot)ImagXpress (x32 Version: 7.0.74.0 - Nero AG) HiddenIntel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenK-Lite Mega Codec Pack 10.4.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.5 - )Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)Movie Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) HiddenMozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) HiddenNero 9 Essentials (HKLM-x32\...\{1d54a3c6-3b28-4cbc-bec7-cd67fe438563}) (Version: - Nero AG)Nero BurnRights (x32 Version: 3.4.11.100 - Nero AG) HiddenNero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) HiddenNero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) HiddenNero CoverDesigner (x32 Version: 4.4.9.100 - Nero AG) HiddenNero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) HiddenNero DiscSpeed (x32 Version: 5.4.11.100 - Nero AG) HiddenNero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) HiddenNero DriveSpeed (x32 Version: 4.4.11.100 - Nero AG) HiddenNero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) HiddenNero Express Help (x32 Version: 9.6.2.101 - Nero AG) HiddenNero InfoTool (x32 Version: 6.4.11.100 - Nero AG) HiddenNero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) HiddenNero Installer (x32 Version: 4.4.9.0 - Nero AG) HiddenNero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) HiddenNero ShowTime (x32 Version: 5.4.0.100 - Nero AG) HiddenNero ShowTime (x32 Version: 5.4.13.100 - Nero AG) HiddenNero StartSmart (x32 Version: 9.4.12.100 - Nero AG) HiddenNero StartSmart Help (x32 Version: 9.4.12.100 - Nero AG) HiddenNero Vision (x32 Version: 6.4.12.100 - Nero AG) HiddenNero Vision Help (x32 Version: 6.4.8.100 - Nero AG) HiddenNeroExpress (x32 Version: 9.4.17.100 - Nero AG) Hiddenneroxml (x32 Version: 1.0.0 - Nero AG) HiddenNotepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) HiddenNVIDIA Optimus 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) HiddenNVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) HiddenOracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenproDAD Mercalli 3.0 (64bit) (HKLM\...\proDAD-Mercalli-3.0) (Version: 3.0.215.1 - proDAD GmbH)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)Recover My Files (HKLM-x32\...\Recover My Files v5_is1) (Version: 5.2.1.1964 - GetData Pty Ltd)RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044.14 - Samsung Electronics Co., Ltd.)Samsung Kies (x32 Version: 2.6.3.14044.14 - Samsung Electronics Co., Ltd.) HiddenSAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)Skype™ 6.7 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)Spotify (HKCU\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.1 - Synaptics Incorporated)System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)TP-LINK Wireless Client Utility (HKLM-x32\...\{C1EB6825-9339-4B18-99B0-C455B2288FF9}) (Version: 1.00.4323 - TP-LINK TECHNOLOGIES CO., LTD.)USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version: - Zbshareware Lab)Vegas Pro 10.0 (64-bit) (HKLM\...\{C616FD4F-11F5-11E0-A38F-0013D3D69929}) (Version: 10.0.470 - Sony)VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)Visual Basic for Applications ® Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) HiddenVisual Basic for Applications ® Core (x32 Version: 6.4.99.69 - Microsoft Corporation) HiddenVLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)WinRAR 5.10 beta 3 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)YTD Video Downloader 4.4 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.4 - GreenTree Applications SRL) ==================== Restore Points ========================= 06-07-2014 04:57:32 Installed DirectX09-07-2014 23:57:38 Windows Update13-07-2014 03:27:35 Removed BlueStacks Notification Center13-07-2014 03:27:54 Removed BlueStacks Notification Center13-07-2014 09:06:20 Windows Update15-07-2014 09:26:26 Removed BlueStacks Notification Center15-07-2014 09:45:51 Installed BlueStacks App Player15-07-2014 10:17:23 Removed BlueStacks App Player ==================== Hosts content: ========================== 2009-07-14 10:34 - 2014-07-10 19:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {5530E6E8-723E-48C9-97B5-3C84C8011104} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-19] (Google Inc.)Task: {CFC23C2A-C73C-4FF3-BA9E-A8DE7CDE4BF8} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTIONTask: {D7FBD7B3-77C7-44AC-AF65-D6F96A2D3F16} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTIONTask: {DE58F856-F4A7-4F4A-9625-A9BBB0CC21D0} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)Task: {EA7A300C-6A66-4E70-9F43-DE27BAAE66FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-19] (Google Inc.)Task: {EEB2D0C5-1880-469D-B779-A670B1146D6C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-18] (Piriform Ltd)Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core.job => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA.job => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-05-17 15:40 - 2013-11-11 23:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-05-12 17:49 - 2014-05-12 17:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll2014-05-17 14:16 - 2011-03-04 17:40 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll2014-05-17 14:13 - 2011-10-22 00:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-05-20 18:22 - 2014-06-27 22:47 - 00598072 _____ () C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyHelper.exe2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-05-20 18:22 - 2014-06-27 22:47 - 36966968 _____ () C:\Users\asus\AppData\Roaming\Spotify\Data\libcef.dll2014-06-13 11:22 - 2014-06-05 21:58 - 00716616 _____ () C:\Users\asus\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll2014-06-13 11:22 - 2014-06-05 21:58 - 00126280 _____ () C:\Users\asus\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll2014-06-13 11:22 - 2014-06-05 21:58 - 04217672 _____ () C:\Users\asus\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll2014-06-13 11:22 - 2014-06-05 21:58 - 00414536 _____ () C:\Users\asus\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll2014-06-13 11:22 - 2014-06-05 21:58 - 01732424 _____ () C:\Users\asus\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll2014-05-17 15:46 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll2014-06-20 11:11 - 2009-01-05 14:54 - 00212992 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Client Utility\dot1x_dll.dll2014-06-20 11:11 - 2009-01-05 14:54 - 00045056 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Client Utility\ZDWLAN.dll2014-05-20 18:22 - 2014-06-27 22:47 - 00886840 _____ () C:\Users\asus\AppData\Roaming\Spotify\Data\libglesv2.dll2014-05-20 18:22 - 2014-06-27 22:46 - 00108600 _____ () C:\Users\asus\AppData\Roaming\Spotify\Data\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (07/16/2014 00:40:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: This network connection does not exist. . Error: (07/16/2014 00:40:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: 12029 (0x2efd). Error: (07/16/2014 00:39:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: This network connection does not exist. . Error: (07/16/2014 00:39:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: 12029 (0x2efd). Error: (07/16/2014 00:36:46 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/16/2014 00:36:05 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program pkllagent.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1364 Start Time: 01cfa0af68dcfbb2 Termination Time: 1 Application Path: C:\Users\asus\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe Report Id: b11ddf24-0ca2-11e4-8d29-742f68a05421 Error: (07/16/2014 00:35:29 PM) (Source: Winlogon) (EventID: 4103) (User: )Description: Windows license activation failed. Error 0x80070005. Error: (07/16/2014 10:25:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: This network connection does not exist. . Error: (07/16/2014 10:25:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt> with error: 12029 (0x2efd). Error: (07/16/2014 09:45:12 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (07/16/2014 09:43:28 AM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 11:38:32 PM on ‎7/‎15/‎2014 was unexpected. Error: (07/15/2014 09:49:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (07/15/2014 09:47:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (07/15/2014 09:25:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (07/15/2014 09:23:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (07/15/2014 08:19:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (07/15/2014 08:16:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (07/15/2014 06:18:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The BlueStacks Updater Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/15/2014 05:30:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The BlueStacks Updater Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/15/2014 04:21:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Steam Client Service service failed to start due to the following error: %%1053 Microsoft Office Sessions:=========================Error: (07/16/2014 00:40:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist. Error: (07/16/2014 00:40:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12029 (0x2efd) Error: (07/16/2014 00:39:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist. Error: (07/16/2014 00:39:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12029 (0x2efd) Error: (07/16/2014 00:36:46 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/16/2014 00:36:05 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: pkllagent.exe1.0.0.0136401cfa0af68dcfbb21C:\Users\asus\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exeb11ddf24-0ca2-11e4-8d29-742f68a05421 Error: (07/16/2014 00:35:29 PM) (Source: Winlogon) (EventID: 4103) (User: )Description: 0x800700050x00000000 Error: (07/16/2014 10:25:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist. Error: (07/16/2014 10:25:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12029 (0x2efd) Error: (07/16/2014 09:45:12 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors:=================================== Date: 2014-07-10 19:20:57.012 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-10 19:20:56.996 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 49%Total physical RAM: 6054.63 MBAvailable physical RAM: 3081.34 MBTotal Pagefile: 12107.46 MBAvailable Pagefile: 8713.14 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.21 GB) (Free:49.7 GB) NTFSDrive d: () (Fixed) (Total:270.45 GB) (Free:182.01 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F5BE972F)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=270 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  17. freakstyle
    FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01Ran by asus (administrator) on ASUS-PC on 16-07-2014 12:41:23Running from C:\Users\asus\DocumentsPlatform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Greenshot) C:\Program Files\Greenshot\Greenshot.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe(Spotify Ltd) C:\Users\asus\AppData\Roaming\Spotify\spotify.exe(Spotify Ltd) C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe(TP-LINK TECHNOLOGIES CO., LTD.) C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.exe(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe() C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyHelper.exe() C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyHelper.exe() C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyHelper.exe() C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyHelper.exe(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe() C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyHelper.exe(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-04] (Synaptics Incorporated)HKLM\...\Run: [synAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-04] (Synaptics Incorporated)HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2014-05-12] (Greenshot)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [uSB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [687336 2013-06-20] (Zbshareware Lab)HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)HKLM-x32\...\Run: [ZDWlan.EXE] => C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE [491520 2009-01-14] (TP-LINK TECHNOLOGIES CO., LTD.)HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [spotify] => C:\Users\asus\AppData\Roaming\Spotify\Spotify.exe [6189624 2014-06-27] (Spotify Ltd)HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [spotify Web Helper] => C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-27] (Spotify Ltd)HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D] => C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [Phrozen Mon_KP] => C:\Users\asus\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe [3282952 2013-09-14] (PhrozenSoft)HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [uTorrent] => C:\Users\asus\AppData\Roaming\uTorrent\uTorrent.exe [1270864 2014-07-15] (BitTorrent Inc.)HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Policies\system: [DisableRegistryTools] 1HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Policies\system: [DisableTaskMgr] 1HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [uTorrent] => C:\Users\asus\Downloads\uTorrent.exe [1270864 2014-05-19] (BitTorrent Inc.)HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [Google Update] => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-19] (Google Inc.)HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [spotify] => C:\Users\asus\AppData\Roaming\Spotify\Spotify.exe [6189624 2014-06-27] (Spotify Ltd)HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [spotify Web Helper] => C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-27] (Spotify Ltd)HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [Phrozen Keylogger Lite] => [X]AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.comStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM-x32 - DefaultScope value is missing.BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No FileHandler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{286E8104-AF52-4A20-B140-126F536CB219}: [NameServer]8.8.8.8,8.8.4.4 FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\asus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\asus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR HomePage: hxxp://google.com/CHR StartupUrls: "hxxp://www.linkzb.com"CHR Extension: (Google Docs) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17]CHR Extension: (Google Drive) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-17]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]CHR Extension: (YouTube) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-17]CHR Extension: (Google Search) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-17]CHR Extension: (Rescroller) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod [2014-05-20]CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2014-05-20]CHR Extension: (AdBlock) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-20]CHR Extension: (Google Keep - notes and lists) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-05-20]CHR Extension: (Web Navigation) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja [2014-05-19]CHR Extension: (Twitch Now) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2014-05-20]CHR Extension: (Google Wallet) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-19]CHR Extension: (Gmail) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-17]CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2014-05-17] ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-06-11] (Macrovision Europe Ltd.) [File not signed]S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-05-17] () [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 AR5416; C:\Windows\System32\DRIVERS\athwx.sys [2716768 2010-11-06] (Atheros Communications, Inc.)S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43104 2013-10-10] (IVT Corporation.)R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-07] (AnchorFree Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-16] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-07] (Anchorfree Inc.)S3 ZD1211BU(TP-LINK); C:\Windows\System32\DRIVERS\zd1211Bu.sys [602880 2009-01-05] (Atheros Technology Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-16 12:38 - 2014-07-16 12:41 - 00019051 _____ () C:\Users\asus\Documents\FRST.txt2014-07-16 12:35 - 2014-07-16 12:35 - 00000000 ___RD () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2014-07-16 12:35 - 2014-07-16 12:35 - 00000000 ____H () C:\ProgramData\cm-lock2014-07-15 21:51 - 2014-07-15 21:51 - 00019744 _____ () C:\ComboFix.txt2014-07-15 21:34 - 2014-07-15 21:34 - 00020271 _____ () C:\Users\asus\Desktop\combofixhahaha.txt2014-07-15 17:33 - 2014-07-15 17:33 - 00013701 _____ () C:\Users\asus\Downloads\[kickass.to]bluestacks.app.player.0.8.7.3066.android.4.0.4.mod.torrent2014-07-15 13:01 - 2014-07-15 13:01 - 00064657 _____ () C:\Users\asus\Downloads\[kickass.to]the.woman.2011.bluray.720p.800mb.ganool.torrent2014-07-15 12:58 - 2014-07-15 12:58 - 00014807 _____ () C:\Users\asus\Downloads\[kickass.to]the.silent.house.2010.dvd.rip.xvid.stb.torrent2014-07-15 12:41 - 2014-07-15 12:41 - 00153206 _____ () C:\Users\asus\Downloads\[kickass.to]the.innkeepers.2011.ita.eng.bluray.720p.x264.trl.torrent2014-07-15 12:31 - 2014-07-15 12:31 - 00057106 _____ () C:\Users\asus\Downloads\[kickass.to]the.orphanage.el.orfanato.2007.dvdrip.eng.hard.subs.axxo.torrent2014-07-15 12:08 - 2014-07-15 12:08 - 00097618 _____ () C:\Users\asus\Downloads\[kickass.to]harry.potter.series.1.7.1080p.bluray.qebs.aac.ps3.mp4.fasm.torrent2014-07-15 12:07 - 2014-07-15 12:07 - 00000812 _____ () C:\Users\asus\Desktop\µTorrent.lnk2014-07-15 12:07 - 2014-07-15 12:07 - 00000792 _____ () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk2014-07-14 22:12 - 2014-07-14 22:12 - 00086819 _____ () C:\Users\asus\Downloads\[kickass.to]brett.manning.s.singing.success.torrent2014-07-13 22:20 - 2014-07-13 22:20 - 00002242 _____ () C:\Users\asus\Desktop\aswMBR.txt2014-07-13 22:20 - 2014-07-13 22:20 - 00000512 _____ () C:\Users\asus\Desktop\MBR.dat2014-07-13 21:26 - 2014-07-13 21:27 - 05185536 _____ (AVAST Software) C:\Users\asus\Downloads\aswmbr.exe2014-07-11 13:01 - 2014-07-11 13:02 - 00275608 _____ () C:\Users\asus\Downloads\photo (2).htm2014-07-11 13:01 - 2014-07-11 13:01 - 00275742 _____ () C:\Users\asus\Downloads\photo (1).htm2014-07-10 19:13 - 2014-07-15 21:51 - 00000000 ____D () C:\Qoobox2014-07-10 19:13 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe2014-07-10 19:13 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe2014-07-10 19:13 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-07-10 19:13 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-07-10 19:13 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-07-10 19:13 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe2014-07-10 19:13 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe2014-07-10 19:13 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe2014-07-10 19:12 - 2014-07-10 19:23 - 00000000 ____D () C:\Windows\erdnt2014-07-10 18:08 - 2014-07-15 20:11 - 05220800 ____R (Swearware) C:\Users\asus\Desktop\ComboFix.exe2014-07-09 19:45 - 2014-07-16 12:37 - 00000000 ____D () C:\Users\asus\Downloads\FRST-OlderVersion2014-07-09 13:19 - 2014-07-09 13:19 - 02347384 _____ (ESET) C:\Users\asus\Downloads\esetsmartinstaller_enu.exe2014-07-09 13:19 - 2014-07-09 13:19 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-09 12:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-07-09 12:37 - 2014-07-09 12:52 - 00000000 ____D () C:\AdwCleaner2014-07-09 12:36 - 2014-07-09 12:36 - 01348263 _____ () C:\Users\asus\Downloads\AdwCleaner.exe2014-07-09 12:35 - 2014-07-15 20:40 - 00000000 ____D () C:\Users\asus\Desktop\scans2014-07-09 12:35 - 2014-07-09 12:35 - 00001756 _____ () C:\Users\asus\Desktop\JRT.txt2014-07-09 12:23 - 2014-07-09 12:23 - 00000000 ____D () C:\Windows\ERUNT2014-07-09 12:20 - 2014-07-09 12:21 - 01016261 _____ (Thisisu) C:\Users\asus\Downloads\JRT.exe2014-07-07 06:18 - 2014-07-07 06:18 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2014-07-05 21:29 - 2014-07-05 21:29 - 00000000 ____D () C:\Users\Guest\Documents\My Games2014-07-05 20:47 - 2014-07-05 20:47 - 00000284 _____ () C:\Users\Guest\Desktop\SDE Final.m2ts.sfl2014-07-05 20:33 - 2014-07-05 20:47 - 375570432 _____ () C:\Users\Guest\Desktop\SDE Final.m2ts2014-07-05 20:01 - 2014-07-05 20:01 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\NVIDIA2014-07-05 19:57 - 2014-07-05 19:57 - 00000028 _____ () C:\Users\Guest\Desktop\SDE.avi.sfl2014-07-05 19:41 - 2014-07-05 19:41 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\MPC-HC2014-07-05 19:39 - 2014-07-05 19:39 - 00000036 _____ () C:\Users\Guest\Desktop\Martha SDE.avi.sfl2014-07-05 17:31 - 2014-07-05 17:31 - 00000000 ____D () C:\Users\Guest\AppData\Local\proDAD_GmbH2014-07-05 10:16 - 2014-07-05 10:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps2014-07-05 09:57 - 2014-07-06 01:05 - 00000158 _____ () C:\Users\Guest\AppData\Roaming\default.rss2014-07-05 09:56 - 2014-07-05 19:59 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\vlc2014-07-05 09:56 - 2014-07-05 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Nero2014-07-05 09:56 - 2014-07-05 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Nero2014-07-05 09:55 - 2014-07-05 20:53 - 00000000 ____D () C:\Users\Guest\Desktop\Martha2014-07-04 22:28 - 2014-07-04 22:28 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Publish Providers2014-07-04 22:27 - 2014-07-04 22:27 - 00001062 _____ () C:\Users\Guest\Desktop\Vegas Pro 10.0 (64-bit).lnk2014-07-04 22:27 - 2014-07-04 22:27 - 00000000 ____D () C:\Users\Guest\AppData\Local\Sony2014-07-04 21:59 - 2014-07-04 21:59 - 00000000 ____D () C:\Users\asus\Documents\fkl-setup2014-07-04 21:58 - 2014-07-04 21:58 - 00275888 _____ () C:\Users\asus\Documents\fkl-setup.zip2014-07-04 12:53 - 2014-07-04 12:53 - 00006730 _____ () C:\Users\asus\Desktop\RKreport_SCN_07042014_125245.log2014-07-04 12:46 - 2014-07-04 12:46 - 05283416 _____ () C:\Users\asus\Downloads\RogueKillerX64.exe2014-07-04 12:41 - 2014-07-04 12:41 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-04 12:40 - 2014-07-04 12:41 - 04721240 _____ () C:\Users\asus\Downloads\RogueKiller.exe2014-07-04 12:16 - 2014-07-04 12:17 - 00031049 _____ () C:\Users\asus\Downloads\Addition.txt2014-07-04 12:15 - 2014-07-09 20:05 - 00060112 _____ () C:\Users\asus\Downloads\FRST.txt2014-07-04 12:12 - 2014-07-16 12:41 - 00000000 ____D () C:\FRST2014-07-04 12:09 - 2014-07-16 12:37 - 02086912 _____ (Farbar) C:\Users\asus\Documents\FRST64.exe2014-07-04 11:43 - 2014-07-04 11:43 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla2014-07-04 11:43 - 2014-07-04 11:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla2014-07-03 22:44 - 2014-07-03 22:44 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Publish Providers2014-07-03 22:41 - 2014-07-03 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony2014-07-03 22:40 - 2014-07-03 22:40 - 00000000 ____D () C:\ProgramData\Sony2014-07-03 22:40 - 2014-07-03 22:40 - 00000000 ____D () C:\Program Files (x86)\Sony2014-07-03 22:29 - 2014-07-03 22:40 - 00000000 ____D () C:\Program Files\Sony2014-07-03 22:20 - 2014-07-03 22:44 - 00002696 _____ () C:\Users\asus\Documents\Register Vegas Pro.htm2014-07-03 22:15 - 2014-07-03 22:15 - 00000000 ____D () C:\Users\asus\AppData\Local\Sony2014-07-03 22:13 - 2014-07-03 22:13 - 00000000 ____D () C:\Users\asus\AppData\Local\proDAD_GmbH2014-07-03 22:13 - 2014-07-03 22:13 - 00000000 ____D () C:\ProgramData\proDAD2014-07-03 22:11 - 2014-07-03 22:44 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Sony2014-07-03 22:10 - 2014-07-03 22:10 - 00001110 _____ () C:\Users\Public\Desktop\Mercalli 3.0.lnk2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\Users\asus\AppData\Roaming\proDAD2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\Program Files\proDAD2014-07-03 22:09 - 2014-07-03 22:22 - 00000000 ____D () C:\Users\asus\Documents\New folder (2)2014-07-03 22:08 - 2014-07-04 22:28 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Sony2014-07-03 22:08 - 2014-07-04 11:16 - 00000000 ____D () C:\Users\Guest\Desktop\x642014-07-03 22:08 - 2011-01-27 02:57 - 00002844 _____ () C:\Users\Guest\Desktop\INSTRUCTIONS.txt2014-07-03 22:07 - 2014-07-03 22:07 - 00000000 ____D () C:\Users\Guest\Desktop\proDAD Mercalli 3.0.215.1 Standalone (Win32-64) Serial [ChingLiu]2014-07-03 22:07 - 2014-07-03 22:07 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\WinRAR2014-07-03 22:07 - 2014-07-03 21:08 - 396390718 ____R () C:\Users\Guest\Desktop\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ].rar2014-07-03 22:07 - 2011-01-27 03:01 - 00000000 ____D () C:\Users\Guest\Desktop\x322014-07-03 20:39 - 2014-07-05 23:06 - 00000000 ____D () C:\Users\Guest\Documents\Youcam2014-07-03 20:39 - 2014-07-03 20:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\CyberLink2014-07-03 20:38 - 2014-07-04 22:27 - 00000000 ____D () C:\Users\Guest\Documents\Bluetooth Folder2014-07-03 20:38 - 2014-07-03 20:39 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Greenshot2014-07-03 20:38 - 2014-07-03 20:38 - 00117592 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT2014-07-03 20:38 - 2014-07-03 20:38 - 00001443 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-07-03 20:38 - 2014-07-03 20:38 - 00001409 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Zbshareware Lab2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Local\Greenshot2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Local\BMExplorer2014-07-03 20:37 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest2014-07-03 20:37 - 2014-07-03 20:37 - 00000020 ___SH () C:\Users\Guest\ntuser.ini2014-07-03 20:37 - 2009-07-14 12:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-07-03 20:37 - 2009-07-14 12:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-07-02 11:25 - 2014-07-02 11:25 - 00016500 _____ () C:\Users\asus\Downloads\[kickass.to]super.8.2011.720p.brrip.x264.mp4.multisubs.aac.cc.torrent2014-06-30 11:43 - 2014-06-30 11:43 - 00013780 _____ () C:\Users\asus\Desktop\com.supercell.clashofclans.cfg - Shortcut.lnk2014-06-30 07:57 - 2014-06-30 07:57 - 00000000 ____D () C:\Users\asus\AppData\Roaming\NVIDIA2014-06-29 21:51 - 2014-06-29 21:55 - 12851944 _____ (BlueStack Systems Inc.) C:\Users\asus\Downloads\BlueStacks-SplitInstaller_native_b.exe2014-06-28 13:00 - 2014-06-28 13:00 - 00056797 _____ () C:\Users\asus\Downloads\[kickass.to]the.haunting.in.connecticut.2.ghosts.of.georgia.2013.french.dvdrip.xvid.tmb.torrent2014-06-27 20:47 - 2014-06-27 20:47 - 00003467 _____ () C:\Windows\SysWOW64\collectionCache.bnk2014-06-27 13:21 - 2014-07-10 20:02 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-06-27 13:21 - 2014-07-10 19:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-06-27 13:21 - 2014-06-27 13:21 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-06-27 13:00 - 2014-06-27 13:03 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\asus\Downloads\spybot-2.3.exe2014-06-27 12:45 - 2014-06-27 12:45 - 00000000 ____D () C:\Windows\SysWOW64\NV2014-06-27 12:45 - 2014-06-27 12:45 - 00000000 ____D () C:\Windows\system32\NV2014-06-27 07:50 - 2014-06-27 07:50 - 00000967 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk2014-06-27 07:50 - 2014-06-27 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client2014-06-27 07:50 - 2014-06-27 07:50 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client2014-06-27 07:43 - 2014-06-27 07:46 - 29256752 _____ (TeamSpeak Systems GmbH) C:\Users\asus\Downloads\TeamSpeak3-Client-win64-3.0.15.exe2014-06-26 20:43 - 2014-06-26 20:44 - 00002046 _____ () C:\Users\asus\Desktop\OSRS.lnk2014-06-26 20:41 - 2014-06-26 20:41 - 00002076 _____ () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk2014-06-26 20:41 - 2014-06-26 20:41 - 00002046 _____ () C:\Users\asus\Desktop\RuneScape.lnk2014-06-26 20:41 - 2014-06-26 20:41 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape2014-06-26 20:39 - 2014-06-29 20:11 - 00000000 ____D () C:\Windows\system32\appmgmt2014-06-26 20:39 - 2014-06-26 20:40 - 23805952 _____ () C:\Users\asus\Downloads\RuneScape (1).msi2014-06-26 20:28 - 2014-07-13 11:33 - 00000000 ____D () C:\ProgramData\BlueStacksSetup2014-06-26 20:24 - 2014-06-26 20:28 - 12851944 _____ (BlueStack Systems Inc.) C:\Users\asus\Downloads\BlueStacks-SplitInstaller_native.exe2014-06-26 19:15 - 2014-06-26 19:16 - 01653168 _____ () C:\Users\asus\Desktop\Orion.exe2014-06-26 19:13 - 2014-06-30 21:06 - 00000000 ____D () C:\Users\asus\jagexcache2014-06-26 19:06 - 2014-06-26 19:11 - 00000000 ____D () C:\Users\asus\Orion2014-06-23 19:35 - 2014-06-23 19:35 - 00002984 _____ () C:\Windows\System32\Tasks\ATKOSD22014-06-23 19:35 - 2014-06-23 19:35 - 00000000 ____D () C:\Program Files (x86)\ASUS2014-06-23 19:30 - 2014-06-23 19:30 - 00001250 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk2014-06-23 19:29 - 2014-06-23 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes2014-06-23 19:29 - 2014-06-23 19:29 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes2014-06-23 19:28 - 2014-06-23 19:29 - 01640984 _____ () C:\Users\asus\Downloads\SetupVirtualCloneDrive5470.exe2014-06-23 15:08 - 2014-06-23 15:08 - 00000290 _____ () C:\Users\asus\Documents\vpn kali.txt2014-06-23 13:30 - 2014-06-23 13:30 - 10432166 _____ () C:\Users\asus\Downloads\Oracle_VM_VirtualBox_Extension_Pack-4.3.10-93012.vbox-extpack2014-06-23 13:25 - 2014-06-23 13:25 - 00000000 ____D () C:\Users\asus\VirtualBox VMs2014-06-22 11:05 - 2014-06-22 11:05 - 00025017 _____ () C:\Users\asus\Downloads\[kickass.to]farcry.3.black.box.silvertorrent.torrent2014-06-21 04:46 - 2014-06-21 04:46 - 00020122 _____ () C:\Users\asus\Downloads\[kickass.to]game.of.thrones.the.complete.season.4.hdtv.torrent2014-06-20 20:13 - 2014-06-20 20:13 - 00004292 _____ () C:\STF711D.tmp2014-06-20 20:00 - 2014-06-20 20:00 - 00004292 _____ () C:\STF9465.tmp2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\asus\Documents\Square Enix2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\asus\AppData\Local\SKIDROW2014-06-20 11:11 - 2014-06-20 11:11 - 00002088 _____ () C:\Users\Public\Desktop\TP-LINK Wireless Client Utility.lnk2014-06-20 11:11 - 2014-06-20 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK2014-06-20 11:11 - 2014-06-20 11:11 - 00000000 ____D () C:\Program Files (x86)\TP-LINK2014-06-20 11:11 - 2009-01-05 14:54 - 00602880 _____ (Atheros Technology Corporation) C:\Windows\system32\Drivers\ZD1211BU.sys2014-06-20 11:11 - 2009-01-05 14:54 - 00499712 _____ (Atheros Technology Corporation) C:\Windows\SysWOW64\ZD11BUME.SYS2014-06-20 11:11 - 2009-01-05 14:54 - 00499712 _____ (Atheros Technology Corporation) C:\Windows\SysWOW64\ZD11BU98.SYS2014-06-20 11:11 - 2009-01-05 14:54 - 00081920 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\ZDPN50.DLL2014-06-20 11:11 - 2009-01-05 14:54 - 00031744 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\ZDPSp50a64.sys2014-06-20 11:11 - 2009-01-05 14:54 - 00031744 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\ZDPSp50a64.sys2014-06-20 11:11 - 2009-01-05 14:54 - 00029184 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\BRGSp50a64.sys2014-06-20 11:11 - 2009-01-05 14:54 - 00029184 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\BRGSp50a64.sys2014-06-20 11:11 - 2009-01-05 14:54 - 00028672 _____ () C:\Windows\SysWOW64\InsDrvZD.dll2014-06-20 11:11 - 2009-01-05 14:54 - 00024576 _____ () C:\Windows\SysWOW64\ZyDelReg.exe2014-06-20 11:11 - 2009-01-05 14:54 - 00020608 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\BRGSp50.sys2014-06-20 11:11 - 2009-01-05 14:54 - 00019524 _____ () C:\Windows\SysWOW64\BRGSp31.VXD2014-06-20 11:11 - 2009-01-05 14:54 - 00017664 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\ZDPSp50.sys2014-06-20 11:11 - 2009-01-05 14:54 - 00017151 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\ZDPNDIS5.SYS2014-06-20 11:11 - 2009-01-05 14:54 - 00015941 _____ () C:\Windows\SysWOW64\ZDPNDIS3.VXD2014-06-20 11:11 - 2009-01-05 14:54 - 00015872 _____ () C:\Windows\SysWOW64\InsDrvZD64.DLL2014-06-20 11:11 - 2009-01-05 14:54 - 00015872 _____ () C:\Windows\system32\InsDrvZD64.dll2014-06-20 11:11 - 2009-01-05 14:54 - 00015428 _____ () C:\Windows\SysWOW64\ZDPSp31.VXD2014-06-20 11:11 - 2007-06-25 20:29 - 00499712 _____ (Atheros Technology Corporation) C:\Windows\SysWOW64\ZD11BU.SYS2014-06-20 11:10 - 2009-03-18 15:34 - 00000000 ____D () C:\Users\asus\Documents\Win98_ME_2K_XP_X642014-06-20 11:10 - 2009-03-18 15:34 - 00000000 ____D () C:\Users\asus\Documents\Vista2014-06-20 11:09 - 2014-06-20 11:10 - 06876733 _____ () C:\Users\asus\Documents\2009319153528.zip2014-06-20 11:00 - 2014-06-20 11:00 - 00225888 _____ (NirSoft) C:\Users\asus\Desktop\c.exe2014-06-20 11:00 - 2014-06-20 11:00 - 00090720 _____ (NirSoft) C:\Users\asus\Desktop\f.exe2014-06-20 11:00 - 2014-06-20 11:00 - 00051200 _____ (NirSoft) C:\Users\asus\Desktop\i.exe2014-06-20 11:00 - 2014-06-20 11:00 - 00000136 _____ () C:\Users\asus\Desktop\launch.bat2014-06-19 14:05 - 2014-06-19 14:11 - 00000000 ____D () C:\Users\asus\Documents\USB files2014-06-19 13:52 - 2014-06-20 12:11 - 00000000 ____D () C:\Users\asus\Desktop\POW ==================== One Month Modified Files and Folders ======= 2014-07-16 12:41 - 2014-07-16 12:38 - 00019051 _____ () C:\Users\asus\Documents\FRST.txt2014-07-16 12:41 - 2014-07-04 12:12 - 00000000 ____D () C:\FRST2014-07-16 12:40 - 2014-05-20 09:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-16 12:38 - 2014-05-18 04:37 - 01742617 _____ () C:\Windows\WindowsUpdate.log2014-07-16 12:37 - 2014-07-09 19:45 - 00000000 ____D () C:\Users\asus\Downloads\FRST-OlderVersion2014-07-16 12:37 - 2014-07-04 12:09 - 02086912 _____ (Farbar) C:\Users\asus\Documents\FRST64.exe2014-07-16 12:37 - 2014-05-20 18:16 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Spotify2014-07-16 12:36 - 2014-06-01 16:32 - 00000000 ____D () C:\Users\asus\Documents\Youcam2014-07-16 12:36 - 2014-05-19 18:45 - 00000000 ____D () C:\Users\asus\AppData\Roaming\uTorrent2014-07-16 12:35 - 2014-07-16 12:35 - 00000000 ___RD () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2014-07-16 12:35 - 2014-07-16 12:35 - 00000000 ____H () C:\ProgramData\cm-lock2014-07-16 12:35 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-16 12:35 - 2009-07-14 12:51 - 00064207 _____ () C:\Windows\setupact.log2014-07-16 12:05 - 2014-06-03 17:43 - 00000000 ____D () C:\Program Files (x86)\Steam2014-07-16 11:22 - 2014-05-19 20:47 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA.job2014-07-16 09:58 - 2014-05-20 18:13 - 00000043 _____ () C:\Users\asus\jagex_cl_oldschool_LIVE.dat2014-07-15 22:15 - 2014-05-21 22:35 - 00000023 _____ () C:\Users\asus\jagexappletviewer.preferences2014-07-15 22:13 - 2014-05-21 22:26 - 00000043 _____ () C:\Users\asus\jagex_cl_runescape_LIVE.dat2014-07-15 21:53 - 2010-11-21 11:47 - 00051076 _____ () C:\Windows\PFRO.log2014-07-15 21:51 - 2014-07-15 21:51 - 00019744 _____ () C:\ComboFix.txt2014-07-15 21:51 - 2014-07-10 19:13 - 00000000 ____D () C:\Qoobox2014-07-15 21:50 - 2009-07-14 10:34 - 00000250 _____ () C:\Windows\system.ini2014-07-15 21:34 - 2014-07-15 21:34 - 00020271 _____ () C:\Users\asus\Desktop\combofixhahaha.txt2014-07-15 21:19 - 2014-05-17 15:13 - 00000000 ____D () C:\Users\asus\AppData\Local\CrashDumps2014-07-15 20:40 - 2014-07-09 12:35 - 00000000 ____D () C:\Users\asus\Desktop\scans2014-07-15 20:22 - 2009-07-14 12:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-15 20:22 - 2009-07-14 12:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-15 20:11 - 2014-07-10 18:08 - 05220800 ____R (Swearware) C:\Users\asus\Desktop\ComboFix.exe2014-07-15 19:22 - 2014-05-19 20:47 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core.job2014-07-15 18:18 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Public\Libraries2014-07-15 17:33 - 2014-07-15 17:33 - 00013701 _____ () C:\Users\asus\Downloads\[kickass.to]bluestacks.app.player.0.8.7.3066.android.4.0.4.mod.torrent2014-07-15 13:01 - 2014-07-15 13:01 - 00064657 _____ () C:\Users\asus\Downloads\[kickass.to]the.woman.2011.bluray.720p.800mb.ganool.torrent2014-07-15 12:58 - 2014-07-15 12:58 - 00014807 _____ () C:\Users\asus\Downloads\[kickass.to]the.silent.house.2010.dvd.rip.xvid.stb.torrent2014-07-15 12:41 - 2014-07-15 12:41 - 00153206 _____ () C:\Users\asus\Downloads\[kickass.to]the.innkeepers.2011.ita.eng.bluray.720p.x264.trl.torrent2014-07-15 12:31 - 2014-07-15 12:31 - 00057106 _____ () C:\Users\asus\Downloads\[kickass.to]the.orphanage.el.orfanato.2007.dvdrip.eng.hard.subs.axxo.torrent2014-07-15 12:08 - 2014-07-15 12:08 - 00097618 _____ () C:\Users\asus\Downloads\[kickass.to]harry.potter.series.1.7.1080p.bluray.qebs.aac.ps3.mp4.fasm.torrent2014-07-15 12:07 - 2014-07-15 12:07 - 00000812 _____ () C:\Users\asus\Desktop\µTorrent.lnk2014-07-15 12:07 - 2014-07-15 12:07 - 00000792 _____ () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk2014-07-15 10:13 - 2014-05-20 18:23 - 00000000 ____D () C:\Users\asus\AppData\Local\Spotify2014-07-15 10:10 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Vss2014-07-14 22:12 - 2014-07-14 22:12 - 00086819 _____ () C:\Users\asus\Downloads\[kickass.to]brett.manning.s.singing.success.torrent2014-07-13 22:20 - 2014-07-13 22:20 - 00002242 _____ () C:\Users\asus\Desktop\aswMBR.txt2014-07-13 22:20 - 2014-07-13 22:20 - 00000512 _____ () C:\Users\asus\Desktop\MBR.dat2014-07-13 21:27 - 2014-07-13 21:26 - 05185536 _____ (AVAST Software) C:\Users\asus\Downloads\aswmbr.exe2014-07-13 11:33 - 2014-06-26 20:28 - 00000000 ____D () C:\ProgramData\BlueStacksSetup2014-07-11 13:02 - 2014-07-11 13:01 - 00275608 _____ () C:\Users\asus\Downloads\photo (2).htm2014-07-11 13:01 - 2014-07-11 13:01 - 00275742 _____ () C:\Users\asus\Downloads\photo (1).htm2014-07-10 20:02 - 2014-06-27 13:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-07-10 19:24 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default2014-07-10 19:23 - 2014-07-10 19:12 - 00000000 ____D () C:\Windows\erdnt2014-07-10 19:14 - 2014-06-27 13:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-07-09 20:05 - 2014-07-04 12:15 - 00060112 _____ () C:\Users\asus\Downloads\FRST.txt2014-07-09 15:48 - 2014-06-06 19:30 - 00000000 ____D () C:\Users\asus\Documents\Greenshot2014-07-09 13:19 - 2014-07-09 13:19 - 02347384 _____ (ESET) C:\Users\asus\Downloads\esetsmartinstaller_enu.exe2014-07-09 13:19 - 2014-07-09 13:19 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-09 12:52 - 2014-07-09 12:37 - 00000000 ____D () C:\AdwCleaner2014-07-09 12:36 - 2014-07-09 12:36 - 01348263 _____ () C:\Users\asus\Downloads\AdwCleaner.exe2014-07-09 12:35 - 2014-07-09 12:35 - 00001756 _____ () C:\Users\asus\Desktop\JRT.txt2014-07-09 12:23 - 2014-07-09 12:23 - 00000000 ____D () C:\Windows\ERUNT2014-07-09 12:21 - 2014-07-09 12:20 - 01016261 _____ (Thisisu) C:\Users\asus\Downloads\JRT.exe2014-07-07 06:46 - 2014-05-24 15:54 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk2014-07-07 06:46 - 2014-05-24 15:54 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk2014-07-07 06:18 - 2014-07-07 06:18 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2014-07-06 20:06 - 2014-05-20 03:43 - 00000000 ____D () C:\Users\asus\AppData\Roaming\vlc2014-07-06 12:59 - 2014-05-17 15:58 - 00052843 _____ () C:\Windows\DirectX.log2014-07-06 11:48 - 2014-05-17 15:08 - 00000000 ____D () C:\Users\asus\Documents\Bluetooth Folder2014-07-06 01:05 - 2014-07-05 09:57 - 00000158 _____ () C:\Users\Guest\AppData\Roaming\default.rss2014-07-05 23:16 - 2009-07-14 13:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-05 23:06 - 2014-07-03 20:39 - 00000000 ____D () C:\Users\Guest\Documents\Youcam2014-07-05 21:29 - 2014-07-05 21:29 - 00000000 ____D () C:\Users\Guest\Documents\My Games2014-07-05 20:53 - 2014-07-05 09:55 - 00000000 ____D () C:\Users\Guest\Desktop\Martha2014-07-05 20:47 - 2014-07-05 20:47 - 00000284 _____ () C:\Users\Guest\Desktop\SDE Final.m2ts.sfl2014-07-05 20:47 - 2014-07-05 20:33 - 375570432 _____ () C:\Users\Guest\Desktop\SDE Final.m2ts2014-07-05 20:01 - 2014-07-05 20:01 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\NVIDIA2014-07-05 19:59 - 2014-07-05 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\vlc2014-07-05 19:57 - 2014-07-05 19:57 - 00000028 _____ () C:\Users\Guest\Desktop\SDE.avi.sfl2014-07-05 19:41 - 2014-07-05 19:41 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\MPC-HC2014-07-05 19:39 - 2014-07-05 19:39 - 00000036 _____ () C:\Users\Guest\Desktop\Martha SDE.avi.sfl2014-07-05 17:31 - 2014-07-05 17:31 - 00000000 ____D () C:\Users\Guest\AppData\Local\proDAD_GmbH2014-07-05 10:16 - 2014-07-05 10:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps2014-07-05 09:56 - 2014-07-05 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Nero2014-07-05 09:56 - 2014-07-05 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Nero2014-07-04 22:28 - 2014-07-04 22:28 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Publish Providers2014-07-04 22:28 - 2014-07-03 22:08 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Sony2014-07-04 22:27 - 2014-07-04 22:27 - 00001062 _____ () C:\Users\Guest\Desktop\Vegas Pro 10.0 (64-bit).lnk2014-07-04 22:27 - 2014-07-04 22:27 - 00000000 ____D () C:\Users\Guest\AppData\Local\Sony2014-07-04 22:27 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\Documents\Bluetooth Folder2014-07-04 21:59 - 2014-07-04 21:59 - 00000000 ____D () C:\Users\asus\Documents\fkl-setup2014-07-04 21:58 - 2014-07-04 21:58 - 00275888 _____ () C:\Users\asus\Documents\fkl-setup.zip2014-07-04 12:53 - 2014-07-04 12:53 - 00006730 _____ () C:\Users\asus\Desktop\RKreport_SCN_07042014_125245.log2014-07-04 12:46 - 2014-07-04 12:46 - 05283416 _____ () C:\Users\asus\Downloads\RogueKillerX64.exe2014-07-04 12:41 - 2014-07-04 12:41 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-04 12:41 - 2014-07-04 12:40 - 04721240 _____ () C:\Users\asus\Downloads\RogueKiller.exe2014-07-04 12:17 - 2014-07-04 12:16 - 00031049 _____ () C:\Users\asus\Downloads\Addition.txt2014-07-04 11:43 - 2014-07-04 11:43 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla2014-07-04 11:43 - 2014-07-04 11:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla2014-07-04 11:24 - 2014-06-03 18:39 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phrozen Keylogger Lite2014-07-04 11:16 - 2014-07-03 22:08 - 00000000 ____D () C:\Users\Guest\Desktop\x642014-07-03 22:44 - 2014-07-03 22:44 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Publish Providers2014-07-03 22:44 - 2014-07-03 22:20 - 00002696 _____ () C:\Users\asus\Documents\Register Vegas Pro.htm2014-07-03 22:44 - 2014-07-03 22:11 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Sony2014-07-03 22:41 - 2014-07-03 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony2014-07-03 22:40 - 2014-07-03 22:40 - 00000000 ____D () C:\ProgramData\Sony2014-07-03 22:40 - 2014-07-03 22:40 - 00000000 ____D () C:\Program Files (x86)\Sony2014-07-03 22:40 - 2014-07-03 22:29 - 00000000 ____D () C:\Program Files\Sony2014-07-03 22:22 - 2014-07-03 22:09 - 00000000 ____D () C:\Users\asus\Documents\New folder (2)2014-07-03 22:15 - 2014-07-03 22:15 - 00000000 ____D () C:\Users\asus\AppData\Local\Sony2014-07-03 22:13 - 2014-07-03 22:13 - 00000000 ____D () C:\Users\asus\AppData\Local\proDAD_GmbH2014-07-03 22:13 - 2014-07-03 22:13 - 00000000 ____D () C:\ProgramData\proDAD2014-07-03 22:10 - 2014-07-03 22:10 - 00001110 _____ () C:\Users\Public\Desktop\Mercalli 3.0.lnk2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\Users\asus\AppData\Roaming\proDAD2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\Program Files\proDAD2014-07-03 22:07 - 2014-07-03 22:07 - 00000000 ____D () C:\Users\Guest\Desktop\proDAD Mercalli 3.0.215.1 Standalone (Win32-64) Serial [ChingLiu]2014-07-03 22:07 - 2014-07-03 22:07 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\WinRAR2014-07-03 21:08 - 2014-07-03 22:07 - 396390718 ____R () C:\Users\Guest\Desktop\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ].rar2014-07-03 20:39 - 2014-07-03 20:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\CyberLink2014-07-03 20:39 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Greenshot2014-07-03 20:38 - 2014-07-03 20:38 - 00117592 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT2014-07-03 20:38 - 2014-07-03 20:38 - 00001443 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-07-03 20:38 - 2014-07-03 20:38 - 00001409 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Zbshareware Lab2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Local\Greenshot2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Local\BMExplorer2014-07-03 20:38 - 2014-07-03 20:37 - 00000000 ____D () C:\Users\Guest2014-07-03 20:38 - 2014-05-17 15:11 - 00000000 ____D () C:\ProgramData\Atheros2014-07-03 20:37 - 2014-07-03 20:37 - 00000020 ___SH () C:\Users\Guest\ntuser.ini2014-07-02 11:25 - 2014-07-02 11:25 - 00016500 _____ () C:\Users\asus\Downloads\[kickass.to]super.8.2011.720p.brrip.x264.mp4.multisubs.aac.cc.torrent2014-06-30 21:06 - 2014-06-26 19:13 - 00000000 ____D () C:\Users\asus\jagexcache2014-06-30 18:37 - 2014-05-22 09:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys2014-06-30 11:43 - 2014-06-30 11:43 - 00013780 _____ () C:\Users\asus\Desktop\com.supercell.clashofclans.cfg - Shortcut.lnk2014-06-30 07:57 - 2014-06-30 07:57 - 00000000 ____D () C:\Users\asus\AppData\Roaming\NVIDIA2014-06-30 04:35 - 2014-06-06 19:28 - 00000000 ____D () C:\Users\asus\AppData\Local\Greenshot2014-06-29 21:55 - 2014-06-29 21:51 - 12851944 _____ (BlueStack Systems Inc.) C:\Users\asus\Downloads\BlueStacks-SplitInstaller_native_b.exe2014-06-29 20:11 - 2014-06-26 20:39 - 00000000 ____D () C:\Windows\system32\appmgmt2014-06-28 13:00 - 2014-06-28 13:00 - 00056797 _____ () C:\Users\asus\Downloads\[kickass.to]the.haunting.in.connecticut.2.ghosts.of.georgia.2013.french.dvdrip.xvid.tmb.torrent2014-06-27 20:47 - 2014-06-27 20:47 - 00003467 _____ () C:\Windows\SysWOW64\collectionCache.bnk2014-06-27 13:21 - 2014-06-27 13:21 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-06-27 13:03 - 2014-06-27 13:00 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\asus\Downloads\spybot-2.3.exe2014-06-27 12:45 - 2014-06-27 12:45 - 00000000 ____D () C:\Windows\SysWOW64\NV2014-06-27 12:45 - 2014-06-27 12:45 - 00000000 ____D () C:\Windows\system32\NV2014-06-27 12:45 - 2014-05-17 15:41 - 00000000 ____D () C:\ProgramData\NVIDIA2014-06-27 12:45 - 2014-05-17 15:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2014-06-27 12:45 - 2014-05-17 15:38 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2014-06-27 07:50 - 2014-06-27 07:50 - 00000967 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk2014-06-27 07:50 - 2014-06-27 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client2014-06-27 07:50 - 2014-06-27 07:50 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client2014-06-27 07:46 - 2014-06-27 07:43 - 29256752 _____ (TeamSpeak Systems GmbH) C:\Users\asus\Downloads\TeamSpeak3-Client-win64-3.0.15.exe2014-06-26 20:44 - 2014-06-26 20:43 - 00002046 _____ () C:\Users\asus\Desktop\OSRS.lnk2014-06-26 20:41 - 2014-06-26 20:41 - 00002076 _____ () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk2014-06-26 20:41 - 2014-06-26 20:41 - 00002046 _____ () C:\Users\asus\Desktop\RuneScape.lnk2014-06-26 20:41 - 2014-06-26 20:41 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape2014-06-26 20:40 - 2014-06-26 20:39 - 23805952 _____ () C:\Users\asus\Downloads\RuneScape (1).msi2014-06-26 20:37 - 2014-05-20 03:42 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Nero2014-06-26 20:28 - 2014-06-26 20:24 - 12851944 _____ (BlueStack Systems Inc.) C:\Users\asus\Downloads\BlueStacks-SplitInstaller_native.exe2014-06-26 20:00 - 2009-07-14 13:08 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-06-26 19:16 - 2014-06-26 19:15 - 01653168 _____ () C:\Users\asus\Desktop\Orion.exe2014-06-26 19:13 - 2014-05-17 13:42 - 00000000 ____D () C:\Users\asus2014-06-26 19:11 - 2014-06-26 19:06 - 00000000 ____D () C:\Users\asus\Orion2014-06-24 19:17 - 2014-05-19 20:47 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA2014-06-24 19:17 - 2014-05-19 20:47 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core2014-06-23 19:35 - 2014-06-23 19:35 - 00002984 _____ () C:\Windows\System32\Tasks\ATKOSD22014-06-23 19:35 - 2014-06-23 19:35 - 00000000 ____D () C:\Program Files (x86)\ASUS2014-06-23 19:30 - 2014-06-23 19:30 - 00001250 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk2014-06-23 19:29 - 2014-06-23 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes2014-06-23 19:29 - 2014-06-23 19:29 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes2014-06-23 19:29 - 2014-06-23 19:28 - 01640984 _____ () C:\Users\asus\Downloads\SetupVirtualCloneDrive5470.exe2014-06-23 16:54 - 2014-06-01 18:57 - 00000000 ____D () C:\Users\asus\.VirtualBox2014-06-23 15:08 - 2014-06-23 15:08 - 00000290 _____ () C:\Users\asus\Documents\vpn kali.txt2014-06-23 13:30 - 2014-06-23 13:30 - 10432166 _____ () C:\Users\asus\Downloads\Oracle_VM_VirtualBox_Extension_Pack-4.3.10-93012.vbox-extpack2014-06-23 13:25 - 2014-06-23 13:25 - 00000000 ____D () C:\Users\asus\VirtualBox VMs2014-06-22 11:05 - 2014-06-22 11:05 - 00025017 _____ () C:\Users\asus\Downloads\[kickass.to]farcry.3.black.box.silvertorrent.torrent2014-06-21 04:46 - 2014-06-21 04:46 - 00020122 _____ () C:\Users\asus\Downloads\[kickass.to]game.of.thrones.the.complete.season.4.hdtv.torrent2014-06-20 20:13 - 2014-06-20 20:13 - 00004292 _____ () C:\STF711D.tmp2014-06-20 20:00 - 2014-06-20 20:00 - 00004292 _____ () C:\STF9465.tmp2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\asus\Documents\Square Enix2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\asus\AppData\Local\SKIDROW2014-06-20 12:11 - 2014-06-19 13:52 - 00000000 ____D () C:\Users\asus\Desktop\POW2014-06-20 11:11 - 2014-06-20 11:11 - 00002088 _____ () C:\Users\Public\Desktop\TP-LINK Wireless Client Utility.lnk2014-06-20 11:11 - 2014-06-20 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK2014-06-20 11:11 - 2014-06-20 11:11 - 00000000 ____D () C:\Program Files (x86)\TP-LINK2014-06-20 11:11 - 2014-05-17 15:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-06-20 11:10 - 2014-06-20 11:09 - 06876733 _____ () C:\Users\asus\Documents\2009319153528.zip2014-06-20 11:00 - 2014-06-20 11:00 - 00225888 _____ (NirSoft) C:\Users\asus\Desktop\c.exe2014-06-20 11:00 - 2014-06-20 11:00 - 00090720 _____ (NirSoft) C:\Users\asus\Desktop\f.exe2014-06-20 11:00 - 2014-06-20 11:00 - 00051200 _____ (NirSoft) C:\Users\asus\Desktop\i.exe2014-06-20 11:00 - 2014-06-20 11:00 - 00000136 _____ () C:\Users\asus\Desktop\launch.bat2014-06-19 14:11 - 2014-06-19 14:05 - 00000000 ____D () C:\Users\asus\Documents\USB files Files to move or delete:====================C:\Users\asus\jagex_cl_oldschool_LIVE.datC:\Users\asus\jagex_cl_runescape_LIVE.datC:\Users\asus\jagex_cl_runescape_LIVE1.datC:\Users\asus\random.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-15 20:39 ==================== End Of Log ============================
  18. freakstyle
    By the way, task manager and regedit seems to be working only after scans of combofix. but after I restart my laptop they go back to being disabled. lol. I think the virus/malware has a way of getting back to my computer.
  19. freakstyle
    ComboFix 14-07-15.03 - asus 07/15/2014 21:20:23.3.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6055.4088 [GMT 8:00] Running from: c:\users\asus\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-06-15 to 2014-07-15 ))))))))))))))))))))))))))))))) . . 2014-07-15 13:25 . 2014-07-15 13:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-07-15 13:25 . 2014-07-15 13:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-07-15 13:18 . 2014-07-15 13:18 79064 ----a-w- c:\windows\system32\drivers\tuuvlvwe.sys 2014-07-15 12:42 . 2014-07-15 12:42 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5AE108B-42B7-4E55-B78B-A5A4CE0FE948}\offreg.dll 2014-07-15 02:24 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5AE108B-42B7-4E55-B78B-A5A4CE0FE948}\mpengine.dll 2014-07-13 09:06 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-07-12 05:20 . 2014-05-20 01:24 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4606C05-7992-4100-8716-2CDFF9004F0C}\gapaengine.dll 2014-07-10 22:45 . 2014-07-10 22:45 -------- d-----w- c:\users\asus\AppData\Local\ElevatedDiagnostics 2014-07-09 05:19 . 2014-07-09 05:19 -------- d-----w- c:\program files (x86)\ESET 2014-07-09 04:38 . 2010-08-30 00:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-07-09 04:37 . 2014-07-09 04:52 -------- d-----w- C:\AdwCleaner 2014-07-09 04:23 . 2014-07-09 04:23 -------- d-----w- c:\windows\ERUNT 2014-07-04 04:41 . 2014-07-04 04:41 -------- d-----w- c:\programdata\RogueKiller 2014-07-04 04:12 . 2014-07-09 12:06 -------- d-----w- C:\FRST 2014-07-03 14:44 . 2014-07-03 14:44 -------- d-----w- c:\users\asus\AppData\Roaming\Publish Providers 2014-07-03 14:40 . 2014-07-03 14:40 -------- d-----w- c:\programdata\Sony 2014-07-03 14:40 . 2014-07-03 14:40 -------- d-----w- c:\program files (x86)\Sony 2014-07-03 14:29 . 2014-07-03 14:40 -------- d-----w- c:\program files\Sony 2014-07-03 14:15 . 2014-07-03 14:15 -------- d-----w- c:\users\asus\AppData\Local\Sony 2014-07-03 14:13 . 2014-07-03 14:13 -------- d-----w- c:\users\asus\AppData\Local\proDAD_GmbH 2014-07-03 14:13 . 2014-07-03 14:13 -------- d-----w- c:\programdata\proDAD 2014-07-03 14:11 . 2014-07-03 14:44 -------- d-----w- c:\users\asus\AppData\Roaming\Sony 2014-07-03 14:10 . 2014-07-03 14:10 -------- d-----w- c:\users\asus\AppData\Roaming\proDAD 2014-07-03 14:10 . 2014-07-03 14:10 -------- d-----w- c:\program files\proDAD 2014-07-03 12:37 . 2014-07-03 12:38 -------- d-----w- c:\users\Guest 2014-06-29 23:57 . 2014-06-29 23:57 -------- d-----w- c:\users\asus\AppData\Roaming\NVIDIA 2014-06-27 05:21 . 2014-07-10 11:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2014-06-27 05:21 . 2014-07-10 12:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2014-06-27 04:45 . 2014-06-27 04:45 -------- d-----w- c:\windows\SysWow64\NV 2014-06-27 04:45 . 2014-06-27 04:45 -------- d-----w- c:\windows\system32\NV 2014-06-26 23:50 . 2014-06-26 23:50 -------- d-----w- c:\program files\TeamSpeak 3 Client 2014-06-26 12:39 . 2014-06-29 12:11 -------- d-----w- c:\windows\system32\appmgmt 2014-06-26 12:28 . 2014-07-13 03:33 -------- d-----w- c:\programdata\BlueStacksSetup 2014-06-26 11:13 . 2014-06-30 13:06 -------- d-----w- c:\users\asus\jagexcache 2014-06-26 11:06 . 2014-06-26 11:11 -------- d-----w- c:\users\asus\Orion 2014-06-23 11:35 . 2014-06-23 11:35 -------- d-----w- c:\program files (x86)\ASUS 2014-06-23 11:29 . 2014-06-23 11:29 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2014-06-23 05:25 . 2014-06-23 05:25 -------- d-----w- c:\users\asus\VirtualBox VMs 2014-06-20 12:13 . 2014-06-20 12:13 4292 ----a-w- C:\STF711D.tmp 2014-06-20 12:00 . 2014-06-20 12:00 -------- d-----w- c:\users\asus\AppData\Local\SKIDROW 2014-06-20 12:00 . 2014-06-20 12:00 4292 ----a-w- C:\STF9465.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-15 12:49 . 2014-05-20 01:35 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-06-30 10:37 . 2014-05-22 01:10 122584 ----a-w- c:\windows\system32\drivers\48230029.sys 2014-05-20 06:37 . 2014-05-20 06:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-05-20 01:24 . 2014-05-21 03:04 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-05-17 08:21 . 2014-05-17 08:24 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2014-05-16 06:04 . 2014-06-01 04:08 254240 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2014-05-16 06:03 . 2014-06-01 04:07 128288 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2014-05-16 06:03 . 2014-05-16 06:03 156448 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2014-05-16 06:03 . 2014-05-16 06:03 141600 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2014-05-16 06:01 . 2014-05-16 06:01 204064 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2014-05-14 10:37 . 2014-06-07 08:30 3962840 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2014-05-12 12:11 . 2014-06-07 08:30 60636160 ----a-w- c:\windows\system32\RCoRes64.dat 2014-05-11 23:26 . 2014-05-20 01:34 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-05-11 23:26 . 2014-05-20 01:34 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-11 23:25 . 2014-05-20 01:34 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-05-09 03:17 . 2014-06-07 08:30 628952 ----a-w- c:\windows\system32\RtDataProc64.dll 2014-05-07 03:00 . 2014-05-07 03:00 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys 2014-05-07 02:56 . 2014-05-25 10:17 44744 ----a-w- c:\windows\system32\drivers\hssdrv6.sys 2014-05-02 03:19 . 2014-06-07 08:29 33592 ----a-w- c:\windows\system32\audioLibVc.dll 2014-04-30 03:34 . 2014-06-07 08:30 948952 ----a-w- c:\windows\system32\RCoInstII64.dll 2014-04-28 07:48 . 2014-06-07 08:30 2800344 ----a-w- c:\windows\system32\RltkAPO64.dll 2014-04-25 05:51 . 2014-06-07 08:30 2834648 ----a-w- c:\windows\system32\RtPgEx64.dll 2014-04-25 05:23 . 2014-06-07 08:30 1022168 ----a-w- c:\windows\system32\RtkApi64.dll 2014-04-24 18:00 . 2014-05-17 07:42 127488 ----a-w- c:\windows\system32\ff_vfw.dll 2014-04-24 18:00 . 2014-05-17 07:42 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2014-04-23 09:51 . 2014-06-07 08:30 2117424 ----a-w- c:\windows\system32\SStudio.dll 2014-04-17 09:42 . 2014-06-07 08:29 1317976 ----a-w- c:\windows\system32\MaxxAudioAPO6064.dll 2014-04-17 09:42 . 2014-06-07 08:29 1168472 ----a-w- c:\windows\system32\MaxxAudioAPO5064.dll 2014-04-17 09:42 . 2014-06-07 08:29 1136728 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928] "Spotify"="c:\users\asus\AppData\Roaming\Spotify\Spotify.exe" [2014-06-27 6189624] "Spotify Web Helper"="c:\users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-06-27 1176632] "GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D"="c:\users\asus\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-06-05 860488] "Phrozen Mon_KP"="c:\users\asus\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe" [2013-09-14 3282952] "uTorrent"="c:\users\asus\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-15 1270864] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] "USB Security"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2013-06-20 687336] "YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2011-09-09 247016] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-04-23 311616] "ZDWlan.EXE"="c:\program files (x86)\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE" [2009-01-14 491520] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2014-05-11 54072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 ZD1211BU(TP-LINK);TP-LINK Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\DRIVERS\zd1211Bu.sys;c:\windows\SYSNATIVE\DRIVERS\zd1211Bu.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . Contents of the 'Scheduled Tasks' folder . 2014-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core.job - c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-19 12:47] . 2014-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA.job - c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-19 12:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [bU] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-05-13 1387376] "Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2014-05-12 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.linkzb.com uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.linkzb.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{286E8104-AF52-4A20-B140-126F536CB219}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-07-15 21:28:06 ComboFix-quarantined-files.txt 2014-07-15 13:28 ComboFix2.txt 2014-07-15 12:20 ComboFix3.txt 2014-07-10 11:24 . Pre-Run: 53,862,268,928 bytes free Post-Run: 53,547,331,584 bytes free . - - End Of File - - 57545C455AFD7DA76DA5351851DAB4E6 A36C5E4F47E84449FF07ED3517B43A31
  20. freakstyle
    task manager is still disabled. also regedit
  21. freakstyle
    ok ty. by the way. fkl-setup is frozen keylogger. the keylogger i am using for family purposes
  22. freakstyle
    Server: Unknown Address: 192.168.1.1 *** UnKnown can't find bluestacks.com: Server failed
  23. freakstyle
    aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software Run date: 2014-07-13 21:27:22 ----------------------------- 21:27:22.809 OS Version: Windows x64 6.1.7601 Service Pack 1 21:27:22.809 Number of processors: 8 586 0x2A07 21:27:22.810 ComputerName: ASUS-PC UserName: asus 21:27:23.447 Initialize success 21:27:23.518 VM: initialized successfully 21:27:23.530 VM: Intel CPU supported 21:27:42.524 VM: supported disk I/O ataport.SYS 21:50:33.927 AVAST engine defs: 14071201 22:00:48.494 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 22:00:48.495 Disk 0 Vendor: HGST_HTS545050A7E380 GG2OAC90 Size: 476940MB BusType: 11 22:00:48.627 VM: Disk 0 MBR read successfully 22:00:48.630 Disk 0 MBR scan 22:00:48.665 Disk 0 Windows 7 default MBR code 22:00:48.668 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 22:00:48.672 Disk 0 default boot code 22:00:48.707 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199900 MB offset 206848 22:00:48.749 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 276938 MB offset 409602048 22:00:48.914 Disk 0 scanning C:\Windows\system32\drivers 22:01:06.366 Service scanning 22:02:11.300 Modules scanning 22:02:11.307 Disk 0 trace - called modules: 22:02:11.328 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 22:02:11.334 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800690f790] 22:02:11.340 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006335060] 22:02:12.045 AVAST engine scan C:\Windows 22:02:17.289 AVAST engine scan C:\Windows\system32 22:07:00.161 AVAST engine scan C:\Windows\system32\drivers 22:07:17.193 AVAST engine scan C:\Users\asus 22:13:20.005 File: C:\Users\asus\Documents\fkl-setup\fkl-setup (password=2013).exe **INFECTED** Win32:Malware-gen 22:15:08.156 AVAST engine scan C:\ProgramData 22:19:08.029 Scan finished successfully 22:20:25.106 Disk 0 MBR has been saved successfully to "C:\Users\asus\Desktop\MBR.dat" 22:20:25.137 The log file has been saved successfully to "C:\Users\asus\Desktop\aswMBR.txt" ----- by the way. for some reason I cant access this site anymore. bluestacks.com I couldnt access that site after some scans I did the other day that you told me to do. can you please help me with this? bluestacks = sort of like a android mobile emulator
  24. freakstyle
    and that sality thing. i dont think i encountered that before. but im not sure
  25. freakstyle
    ComboFix 14-07-08.04 - asus 07/10/2014 19:15:44.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6055.3797 [GMT 8:00] Running from: c:\users\asus\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Java\jre7\bin\jp2ssv.dll c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2014-06-10 to 2014-07-10 ))))))))))))))))))))))))))))))) . . 2014-07-10 11:21 . 2014-07-10 11:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-07-10 11:21 . 2014-07-10 11:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-07-10 04:01 . 2014-07-10 04:01 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BBFF8CD-096A-43C6-95D3-4A0033939E70}\offreg.dll 2014-07-09 23:58 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BBFF8CD-096A-43C6-95D3-4A0033939E70}\mpengine.dll 2014-07-09 12:07 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-07-09 05:19 . 2014-07-09 05:19 -------- d-----w- c:\program files (x86)\ESET 2014-07-09 04:38 . 2010-08-30 00:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-07-09 04:37 . 2014-07-09 04:52 -------- d-----w- C:\AdwCleaner 2014-07-09 04:23 . 2014-07-09 04:23 -------- d-----w- c:\windows\ERUNT 2014-07-04 04:41 . 2014-07-04 04:41 -------- d-----w- c:\programdata\RogueKiller 2014-07-04 04:12 . 2014-07-09 12:06 -------- d-----w- C:\FRST 2014-07-04 03:30 . 2014-05-20 01:24 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EF6B0F8-0F29-4945-8431-726CE8786C26}\gapaengine.dll 2014-07-03 14:44 . 2014-07-03 14:44 -------- d-----w- c:\users\asus\AppData\Roaming\Publish Providers 2014-07-03 14:40 . 2014-07-03 14:40 -------- d-----w- c:\programdata\Sony 2014-07-03 14:40 . 2014-07-03 14:40 -------- d-----w- c:\program files (x86)\Sony 2014-07-03 14:29 . 2014-07-03 14:40 -------- d-----w- c:\program files\Sony 2014-07-03 14:15 . 2014-07-03 14:15 -------- d-----w- c:\users\asus\AppData\Local\Sony 2014-07-03 14:13 . 2014-07-03 14:13 -------- d-----w- c:\users\asus\AppData\Local\proDAD_GmbH 2014-07-03 14:13 . 2014-07-03 14:13 -------- d-----w- c:\programdata\proDAD 2014-07-03 14:11 . 2014-07-03 14:44 -------- d-----w- c:\users\asus\AppData\Roaming\Sony 2014-07-03 14:10 . 2014-07-03 14:10 -------- d-----w- c:\users\asus\AppData\Roaming\proDAD 2014-07-03 14:10 . 2014-07-03 14:10 -------- d-----w- c:\program files\proDAD 2014-07-03 12:37 . 2014-07-03 12:38 -------- d-----w- c:\users\Guest 2014-06-29 23:57 . 2014-06-29 23:57 -------- d-----w- c:\users\asus\AppData\Roaming\NVIDIA 2014-06-29 13:57 . 2014-06-29 13:58 -------- d-----w- c:\programdata\BlueStacks 2014-06-29 13:57 . 2014-06-29 13:57 -------- d-----w- c:\program files (x86)\BlueStacks 2014-06-29 13:56 . 2014-06-29 13:56 -------- d-----w- c:\users\asus\AppData\Local\Bluestacks 2014-06-27 05:21 . 2014-07-10 11:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2014-06-27 05:21 . 2014-07-10 11:14 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2014-06-27 04:45 . 2014-06-27 04:45 -------- d-----w- c:\windows\SysWow64\NV 2014-06-27 04:45 . 2014-06-27 04:45 -------- d-----w- c:\windows\system32\NV 2014-06-26 23:50 . 2014-06-26 23:50 -------- d-----w- c:\program files\TeamSpeak 3 Client 2014-06-26 12:39 . 2014-06-29 12:11 -------- d-----w- c:\windows\system32\appmgmt 2014-06-26 11:13 . 2014-06-30 13:06 -------- d-----w- c:\users\asus\jagexcache 2014-06-26 11:06 . 2014-06-26 11:11 -------- d-----w- c:\users\asus\Orion 2014-06-23 11:35 . 2014-06-23 11:35 -------- d-----w- c:\program files (x86)\ASUS 2014-06-23 11:29 . 2014-06-23 11:29 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2014-06-23 05:25 . 2014-06-23 05:25 -------- d-----w- c:\users\asus\VirtualBox VMs 2014-06-20 12:13 . 2014-06-20 12:13 4292 ----a-w- C:\STF711D.tmp 2014-06-20 12:00 . 2014-06-20 12:00 -------- d-----w- c:\users\asus\AppData\Local\SKIDROW 2014-06-20 12:00 . 2014-06-20 12:00 4292 ----a-w- C:\STF9465.tmp 2014-06-11 13:16 . 2014-06-11 13:16 -------- d-----w- c:\program files (x86)\Bonjour 2014-06-11 13:11 . 2014-06-11 13:11 -------- d-----w- c:\windows\SysWow64\spool 2014-06-11 13:10 . 2014-06-11 13:10 -------- d-----w- c:\windows\SysWow64\Macromed 2014-06-11 13:07 . 2014-06-11 13:07 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-10 08:07 . 2014-05-20 01:35 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-06-30 10:37 . 2014-05-22 01:10 122584 ----a-w- c:\windows\system32\drivers\48230029.sys 2014-05-20 06:37 . 2014-05-20 06:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-05-20 01:24 . 2014-05-21 03:04 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-05-17 08:21 . 2014-05-17 08:24 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2014-05-16 06:04 . 2014-06-01 04:08 254240 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2014-05-16 06:03 . 2014-06-01 04:07 128288 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2014-05-16 06:03 . 2014-05-16 06:03 156448 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2014-05-16 06:03 . 2014-05-16 06:03 141600 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2014-05-16 06:01 . 2014-05-16 06:01 204064 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2014-05-14 10:37 . 2014-06-07 08:30 3962840 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2014-05-12 12:11 . 2014-06-07 08:30 60636160 ----a-w- c:\windows\system32\RCoRes64.dat 2014-05-11 23:26 . 2014-05-20 01:34 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-05-11 23:26 . 2014-05-20 01:34 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-11 23:25 . 2014-05-20 01:34 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-05-09 03:17 . 2014-06-07 08:30 628952 ----a-w- c:\windows\system32\RtDataProc64.dll 2014-05-07 03:00 . 2014-05-07 03:00 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys 2014-05-07 02:56 . 2014-05-25 10:17 44744 ----a-w- c:\windows\system32\drivers\hssdrv6.sys 2014-05-02 03:19 . 2014-06-07 08:29 33592 ----a-w- c:\windows\system32\audioLibVc.dll 2014-04-30 03:34 . 2014-06-07 08:30 948952 ----a-w- c:\windows\system32\RCoInstII64.dll 2014-04-28 07:48 . 2014-06-07 08:30 2800344 ----a-w- c:\windows\system32\RltkAPO64.dll 2014-04-25 05:51 . 2014-06-07 08:30 2834648 ----a-w- c:\windows\system32\RtPgEx64.dll 2014-04-25 05:23 . 2014-06-07 08:30 1022168 ----a-w- c:\windows\system32\RtkApi64.dll 2014-04-24 18:00 . 2014-05-17 07:42 127488 ----a-w- c:\windows\system32\ff_vfw.dll 2014-04-24 18:00 . 2014-05-17 07:42 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2014-04-23 09:51 . 2014-06-07 08:30 2117424 ----a-w- c:\windows\system32\SStudio.dll 2014-04-17 09:42 . 2014-06-07 08:29 1317976 ----a-w- c:\windows\system32\MaxxAudioAPO6064.dll 2014-04-17 09:42 . 2014-06-07 08:29 1168472 ----a-w- c:\windows\system32\MaxxAudioAPO5064.dll 2014-04-17 09:42 . 2014-06-07 08:29 1136728 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928] "Spotify"="c:\users\asus\AppData\Roaming\Spotify\Spotify.exe" [2014-06-27 6189624] "Spotify Web Helper"="c:\users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-06-27 1176632] "GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D"="c:\users\asus\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-06-05 860488] "Phrozen Mon_KP"="c:\users\asus\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe" [2013-09-14 3282952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] "USB Security"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2013-06-20 687336] "YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2011-09-09 247016] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-04-23 311616] "ZDWlan.EXE"="c:\program files (x86)\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE" [2009-01-14 491520] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-06-23 832272] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 ZD1211BU(TP-LINK);TP-LINK Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\DRIVERS\zd1211Bu.sys;c:\windows\SYSNATIVE\DRIVERS\zd1211Bu.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x] S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x] S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x] S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x] S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . Contents of the 'Scheduled Tasks' folder . 2014-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core.job - c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-19 12:47] . 2014-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA.job - c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-19 12:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-05-13 1387376] "Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2014-05-12 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.linkzb.com uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.linkzb.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Phrozen Keylogger Lite - (no file) Wow6432Node-HKLM-Run-kbdsprt - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-07-10 19:24:23 ComboFix-quarantined-files.txt 2014-07-10 11:24 . Pre-Run: 49,820,979,200 bytes free Post-Run: 50,525,626,368 bytes free . - - End Of File - - 4C3C549FDA689D567A9294C4A346D1C2 A36C5E4F47E84449FF07ED3517B43A31
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.