Jump to content

higherguy2

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hmm.. Can i delete those things that you asked me to download??
  2. Hi this is the OTM log that you requested! All processes killed ========== FILES ========== C:\ProgramData\InstallMate\{31A1A8D4-BDA4-480A-AAE1-F586EA428A22} folder moved successfully. C:\ProgramData\InstallMate\3250EE1D folder moved successfully. C:\ProgramData\InstallMate folder moved successfully. File/Folder C:\Users\All Users\InstallMate not found. C:\Users\Wesley\Downloads\ccsetup417.exe moved successfully. DllUnregisterServer procedure not found in C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll moved successfully. C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe moved successfully. C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe moved successfully. C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe moved successfully. DllUnregisterServer procedure not found in C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll moved successfully. C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe moved successfully. File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll not found. File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll not found. File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll not found. File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll not found. File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe not found. File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe not found. File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe not found. File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll not found. File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll not found. File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: HomeGroupUser$ User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Wesley ->Temp folder emptied: 9691993 bytes ->Temporary Internet Files folder emptied: 4588376 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 373140557 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 700 bytes %systemdrive% .tmp files removed: 1597847024 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 146013716 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 24144751 bytes Total Files Cleaned = 2,056.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 09272014_230428 Files moved on Reboot... C:\Users\Wesley\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...
  3. Hi these are the list of threats found! C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application C:\FRST\Quarantine\C\Users\Wesley\AppData\Local\Temp\NetCrawlUntemp.exe.xBAD a variant of MSIL/BrowseFox.G potentially unwanted application C:\FRST\Quarantine\C\Users\Wesley\AppData\Local\Temp\NEWDE61.tmp.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application C:\FRST\Quarantine\C\Users\Wesley\AppData\Local\Temp\setup.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application C:\ProgramData\InstallMate\{31A1A8D4-BDA4-480A-AAE1-F586EA428A22}\Custom.dll Win32/InstalleRex.M potentially unwanted application C:\Users\All Users\InstallMate\{31A1A8D4-BDA4-480A-AAE1-F586EA428A22}\Custom.dll Win32/InstalleRex.M potentially unwanted application C:\Users\Wesley\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe Win64/Toolbar.DefaultTab.B potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe Win32/Toolbar.DefaultTab.E potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll Win64/Toolbar.DefaultTab.B potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe Win32/Toolbar.DefaultTab.E potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe Win64/Toolbar.DefaultTab.B potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe Win32/Toolbar.DefaultTab.E potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll Win64/Toolbar.DefaultTab.B potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe Win32/Toolbar.DefaultTab.E potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\Datamngr.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe a variant of Win32/Toolbar.SearchSuite.O potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\Internet Explorer Settings.exe a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application D:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultstb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultstb64.dll a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application D:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\x64\Datamngr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\x64\IEBHO.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\x64\Internet Explorer Settings.exe a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application D:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll a variant of Win64/Toolbar.SearchSuite.C potentially unwanted application
  4. Hi sorry for the late reply Below are the logs that you requested! Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014 Ran by Wesley at 2014-09-25 21:54:39 Run:1 Running from C:\Users\Wesley\Downloads Loaded Profile: Wesley (Available profiles: UpdatusUser & Wesley & Guest) Boot Mode: Normal ============================================== Content of fixlist: ***************** Start ShellIconOverlayIdentifiers: FunOverlay -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\MogulKahn.dll (Funshion) C:\Users\Public\Fundata C:\Users\Public\FunAcce S2 FunshionSvr; C:\Users\Wesley\funshion\funshiontools\FunshionSvr.dll [X] C:\Users\Wesley\funshion S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 GGSAFERDriver; \??\D:\Garena Plus\Room\safedrv.sys [X] U0 msahci; No ImagePath U2 TMAgent; No ImagePath S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] C:\ProgramData\SetStretch.exe C:\Users\Wesley\AppData\Local\Temp\1363615952638_DriverUtils.dll C:\Users\Wesley\AppData\Local\Temp\360AD32.tmp360net.dll C:\Users\Wesley\AppData\Local\Temp\360sd_min_1204C.exe C:\Users\Wesley\AppData\Local\Temp\BackupSetup.exe C:\Users\Wesley\AppData\Local\Temp\bdfilters.dll C:\Users\Wesley\AppData\Local\Temp\BuenoSearchTB.exe C:\Users\Wesley\AppData\Local\Temp\dump.dll C:\Users\Wesley\AppData\Local\Temp\fc9c3d6316da4a5cfdcf4e4f5e662a96.dll C:\Users\Wesley\AppData\Local\Temp\FunshionURLGetFileSize.dll C:\Users\Wesley\AppData\Local\Temp\gma.dll C:\Users\Wesley\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Wesley\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Wesley\AppData\Local\Temp\kuwo_fengxingjm2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130307to130320.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130320to130321.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130321to130325.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130325to130403.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130403to130404.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130404to130411.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130411to130503.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130503to130504.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130504to130513.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130513to130521.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130521to130530.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130530to130619.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130619to130620.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130620to130716.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130716to130717v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130717to130801.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130801to130827.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130827to130911.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130911to130913.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130913to131016.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_131016to131104v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_131104to131114.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_131114to131127v3.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_131127to131217v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_131217to140110.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140110to140121v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140121to140212v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140212to140214.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140214to140220.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140220to140306.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140306to140307.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140307to140325.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140325to140401v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140401to140409.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140409to140410.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140410to140429.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140429to140430.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140430to140513.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140513to140529.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140529to140610v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140610to140624.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140624to140708v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140708to140722.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140722to140805.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140805to140819.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140819to140903.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140903to140916.exe C:\Users\Wesley\AppData\Local\Temp\NetCrawlUntemp.exe C:\Users\Wesley\AppData\Local\Temp\NEWDE61.tmp.exe C:\Users\Wesley\AppData\Local\Temp\NGMDll.dll C:\Users\Wesley\AppData\Local\Temp\NGMResource.dll C:\Users\Wesley\AppData\Local\Temp\NGMSetup.exe C:\Users\Wesley\AppData\Local\Temp\ose00000.exe C:\Users\Wesley\AppData\Local\Temp\setup.exe C:\Users\Wesley\AppData\Local\Temp\setup_7.0.0.1020.exe C:\Users\Wesley\AppData\Local\Temp\Setup_fengxingtg.exe C:\Users\Wesley\AppData\Local\Temp\SkypeSetup.exe C:\Users\Wesley\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Wesley\AppData\Local\Temp\Tmp1402997744_Greenil.dll C:\Users\Wesley\AppData\Local\Temp\Tmp1405430620_Greenil.dll C:\Users\Wesley\AppData\Local\Temp\uhhgwnmv.dll C:\Users\Wesley\AppData\Local\Temp\unicows.dll C:\Users\Wesley\AppData\Local\Temp\update_2_166.exe C:\Users\Wesley\AppData\Local\Temp\update_2_167.exe C:\Users\Wesley\AppData\Local\Temp\update_2_168.exe C:\Users\Wesley\AppData\Local\Temp\update_2_169.exe C:\Users\Wesley\AppData\Local\Temp\update_2_170.exe C:\Users\Wesley\AppData\Local\Temp\update_2_171.exe C:\Users\Wesley\AppData\Local\Temp\update_2_172.exe C:\Users\Wesley\AppData\Local\Temp\update_2_173.exe C:\Users\Wesley\AppData\Local\Temp\update_2_174.exe C:\Users\Wesley\AppData\Local\Temp\update_2_175.exe C:\Users\Wesley\AppData\Local\Temp\update_2_176.exe C:\Users\Wesley\AppData\Local\Temp\update_2_177.exe C:\Users\Wesley\AppData\Local\Temp\update_2_178.exe C:\Users\Wesley\AppData\Local\Temp\update_2_179.exe C:\Users\Wesley\AppData\Local\Temp\update_2_180.exe C:\Users\Wesley\AppData\Local\Temp\update_2_181.exe C:\Users\Wesley\AppData\Local\Temp\update_2_182.exe C:\Users\Wesley\AppData\Local\Temp\update_2_183.exe C:\Users\Wesley\AppData\Local\Temp\update_2_184.exe C:\Users\Wesley\AppData\Local\Temp\update_2_185.exe C:\Users\Wesley\AppData\Local\Temp\update_2_186.exe C:\Users\Wesley\AppData\Local\Temp\update_2_187.exe C:\Users\Wesley\AppData\Local\Temp\update_2_188.exe C:\Users\Wesley\AppData\Local\Temp\update_2_189.exe C:\Users\Wesley\AppData\Local\Temp\update_2_190.exe C:\Users\Wesley\AppData\Local\Temp\update_2_191.exe C:\Users\Wesley\AppData\Local\Temp\update_2_192.exe C:\Users\Wesley\AppData\Local\Temp\update_2_193.exe C:\Users\Wesley\AppData\Local\Temp\update_2_194.exe C:\Users\Wesley\AppData\Local\Temp\update_2_195.exe C:\Users\Wesley\AppData\Local\Temp\update_2_196.exe C:\Users\Wesley\AppData\Local\Temp\update_2_197.exe C:\Users\Wesley\AppData\Local\Temp\update_2_198.exe C:\Users\Wesley\AppData\Local\Temp\update_2_199.exe C:\Users\Wesley\AppData\Local\Temp\update_2_200.exe C:\Users\Wesley\AppData\Local\Temp\update_2_201.exe C:\Users\Wesley\AppData\Local\Temp\update_2_202.exe C:\Users\Wesley\AppData\Local\Temp\update_2_203.exe C:\Users\Wesley\AppData\Local\Temp\update_2_204.exe C:\Users\Wesley\AppData\Local\Temp\update_2_205.exe C:\Users\Wesley\AppData\Local\Temp\update_2_206.exe C:\Users\Wesley\AppData\Local\Temp\update_2_207.exe C:\Users\Wesley\AppData\Local\Temp\update_2_208.exe C:\Users\Wesley\AppData\Local\Temp\update_2_209.exe C:\Users\Wesley\AppData\Local\Temp\update_2_210.exe C:\Users\Wesley\AppData\Local\Temp\update_2_211.exe C:\Users\Wesley\AppData\Local\Temp\update_2_212.exe C:\Users\Wesley\AppData\Local\Temp\update_2_213.exe C:\Users\Wesley\AppData\Local\Temp\update_2_214.exe C:\Users\Wesley\AppData\Local\Temp\update_2_215.exe C:\Users\Wesley\AppData\Local\Temp\vcredist_x64.exe Task: C:\Windows\Tasks\FSPlatform.job => C:\Users\Wesley\funshion\funshiontools\FSPAP.exe Task: C:\Windows\Tasks\FSPlatform1.job => C:\Users\Wesley\funshion\funshiontools\FSPAP.exe Emptytemp: End ***************** "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\FunOverlay" => Key deleted successfully. "HKCR\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}" => Key deleted successfully. C:\Users\Public\Fundata => Moved successfully. "C:\Users\Public\FunAcce" directory move: C:\Users\Public\FunAcce\BaseData\20140919.daw => Moved successfully. C:\Users\Public\FunAcce\BaseData\20140920.daw => Moved successfully. C:\Users\Public\FunAcce\BaseData\20140921.daw => Moved successfully. C:\Users\Public\FunAcce\BaseData\20140923.daw => Moved successfully. C:\Users\Public\FunAcce\BaseData\20140924.daw => Moved successfully. Could not move "C:\Users\Public\FunAcce\BaseData\20140925.daw" => Scheduled to move on reboot. Could not move "C:\Users\Public\FunAcce" directory. => Scheduled to move on reboot. FunshionSvr => Service deleted successfully. "C:\Users\Wesley\funshion" => File/Directory not found. EagleX64 => Service deleted successfully. GGSAFERDriver => Service deleted successfully. msahci => Service deleted successfully. TMAgent => Service deleted successfully. xhunter1 => Service deleted successfully. C:\ProgramData\SetStretch.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\1363615952638_DriverUtils.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\360AD32.tmp360net.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\360sd_min_1204C.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\BackupSetup.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\bdfilters.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\BuenoSearchTB.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\dump.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\fc9c3d6316da4a5cfdcf4e4f5e662a96.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\FunshionURLGetFileSize.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\gma.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\kuwo_fengxingjm2.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130307to130320.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130320to130321.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130321to130325.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130325to130403.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130403to130404.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130404to130411.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130411to130503.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130503to130504.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130504to130513.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130513to130521.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130521to130530.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130530to130619.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130619to130620.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130620to130716.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130716to130717v2.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130717to130801.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130801to130827.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130827to130911.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130911to130913.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_130913to131016.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_131016to131104v2.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_131104to131114.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_131114to131127v3.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_131127to131217v2.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_131217to140110.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140110to140121v2.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140121to140212v2.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140212to140214.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140214to140220.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140220to140306.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140306to140307.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140307to140325.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140325to140401v2.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140401to140409.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140409to140410.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140410to140429.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140429to140430.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140430to140513.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140513to140529.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140529to140610v2.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140610to140624.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140624to140708v2.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140708to140722.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140722to140805.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140805to140819.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140819to140903.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\lol_patch_140903to140916.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\NetCrawlUntemp.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\NEWDE61.tmp.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\NGMDll.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\NGMResource.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\NGMSetup.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\setup.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\setup_7.0.0.1020.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\Setup_fengxingtg.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\Tmp1402997744_Greenil.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\Tmp1405430620_Greenil.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\uhhgwnmv.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\unicows.dll => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_166.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_167.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_168.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_169.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_170.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_171.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_172.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_173.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_174.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_175.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_176.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_177.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_178.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_179.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_180.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_181.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_182.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_183.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_184.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_185.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_186.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_187.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_188.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_189.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_190.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_191.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_192.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_193.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_194.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_195.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_196.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_197.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_198.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_199.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_200.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_201.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_202.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_203.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_204.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_205.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_206.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_207.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_208.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_209.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_210.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_211.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_212.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_213.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_214.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\update_2_215.exe => Moved successfully. C:\Users\Wesley\AppData\Local\Temp\vcredist_x64.exe => Moved successfully. C:\Windows\Tasks\FSPlatform.job => Moved successfully. C:\Windows\Tasks\FSPlatform1.job => Moved successfully. EmptyTemp: => Removed 3.7 GB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-25 22:01:35)<= C:\Users\Public\FunAcce\BaseData\20140925.daw => Is moved successfully. C:\Users\Public\FunAcce => Is moved successfully. ==== End of Fixlog ==== Scanning history Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 25/9/2014 Scan Time: 11:46:09 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.25.08 Rootkit Database: v2014.09.19.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8 CPU: x64 File System: NTFS User: Wesley Scan Type: Threat Scan Result: Completed Objects Scanned: 415234 Time Elapsed: 13 min, 5 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ADWcleaner # AdwCleaner v3.310 - Report created 25/09/2014 at 23:28:25 # Updated 12/09/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : Wesley - WESLEY # Running from : C:\Users\Wesley\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\SNT Folder Deleted : C:\ProgramData\topapp soft Folder Deleted : C:\ProgramData\savve ona Folder Deleted : C:\Program Files (x86)\Movies Toolbar Folder Deleted : C:\Program Files (x86)\NetCrawl Folder Deleted : C:\Program Files (x86)\RegClean Pro Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Administrator\AppData\Local\torch Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Guest\AppData\Local\torch Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch Folder Deleted : C:\Users\Public\Util Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch Folder Deleted : C:\Users\Wesley\AppData\Local\apn Folder Deleted : C:\Users\Wesley\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Wesley\AppData\Local\iLivid Folder Deleted : C:\Users\Wesley\AppData\Local\torch Folder Deleted : C:\Users\Wesley\AppData\Roaming\EZDownloader Folder Deleted : C:\Users\Wesley\AppData\Roaming\SkypEmoticons Folder Deleted : C:\Users\Wesley\AppData\Roaming\Systweak Folder Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\6bneoeyuei@civqdzrqs.net Folder Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\w_yuy@vmkvfcdwl.com Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng [!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng [!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng [!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng File Deleted : C:\Windows\System32\roboot64.exe File Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\invalidprefs.js File Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\searchplugins\bingp.xml File Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\user.js ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASMANCS Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-698646803 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Key Deleted : HKCU\Software\AppDataLow\Software\ilividmoviestoolbar181 Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} Key Deleted : HKLM\SOFTWARE\systweak Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividmoviestoolbar181IE Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages] -\\ Mozilla Firefox v32.0.2 (x86 en-US) [ File : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\prefs.js ] Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.fastosearch.info/?pid=1565&r=2014/05/31&hid=11376473371288606056&lg=EN&cc=SG&unqvl=55&l=1&q="); Line Deleted : user_pref("extensions.E6aJVuoK16yE.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...] Line Deleted : user_pref("extensions.YjEPGB9Uwxe.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...] Line Deleted : user_pref("extensions.p9br549.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...] -\\ Google Chrome v37.0.2062.120 [ File : C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [11313 octets] - [25/09/2014 23:14:26] AdwCleaner[s0].txt - [10996 octets] - [25/09/2014 23:28:25] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11057 octets] ########## JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.2.0 (09.22.2014:1) OS: Windows 8 x64 Ran by Wesley on Thu 25/09/2014 at 23:36:44.59 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawlUntemp_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawlUntemp_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawl_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawl_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateNetCrawl_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateNetCrawl_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilNetCrawl_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilNetCrawl_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\NetCrawlUntemp_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\NetCrawlUntemp_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\NetCrawl_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\NetCrawl_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilNetCrawl_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilNetCrawl_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{31B33E44-F140-4F30-9509-A7F1285C9BCB} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Successfully deleted the following from C:\Users\Wesley\AppData\Roaming\mozilla\firefox\profiles\7zmqo0hs.default\prefs.js user_pref("extensions.p9br549.url", "hxxp://toolkitsetusa.info/sync2/?q=hfZ9ofV9CShEAen0rjk7qihTB6lKDzt4olqztNtVh7n0rjnEqjrFrjrHqjs5tMFHhd9Fqda4rTkFrHkEqdkMDMlGojUMAe4Uojk5rTk Emptied folder: C:\Users\Wesley\AppData\Roaming\mozilla\firefox\profiles\7zmqo0hs.default\minidumps [9 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 25/09/2014 at 23:42:10.20 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5. Thank you!! This is the FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01 Ran by Wesley (administrator) on WESLEY on 21-09-2014 21:14:05 Running from C:\Users\Wesley\Downloads Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\lpksetup.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\Garena Plus\ggdllhost.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [btTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-30] (Qualcomm Atheros) HKLM\...\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-30] (Qualcomm Atheros Commnucations) HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-12] (ASUS) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-29880558-42785158-1016828536-1002\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1939136 2014-08-28] (Valve Corporation) HKU\S-1-5-21-29880558-42785158-1016828536-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-29880558-42785158-1016828536-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-29880558-42785158-1016828536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1939136 2014-08-28] (Valve Corporation) HKU\S-1-5-21-29880558-42785158-1016828536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-29880558-42785158-1016828536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: FunOverlay -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\MogulKahn.dll (Funshion) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.msn.com/?pc=UP97&ocid=UP97DHP HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIaXKwFZQup7jnfz4efo1ypocm3zWgqykkm4FGs1u1IWYRgj-23qXulDyCdDdNz7isIgHrLITky0vUayJ5RC1wUv9rePotnRf14dHArFxPF5NMW4BluSHPT_2tgq0ZlQfzfsWuPglMBEblxHlRu05Ly7DMYwuMh8Qc, HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=514&systemid=406&v=n11099-244&apn_uid=4914311320704201&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=514&systemid=406&v=n11099-244&apn_uid=4914311320704201&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKCU - DefaultScope {B029F876-2C67-4BCC-AACA-66916A893E39} URL = https://sg.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms} SearchScopes: HKCU - {31B33E44-F140-4F30-9509-A7F1285C9BCB} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^SG&apn_uid=0FF07265-69B7-479D-98B2-7F91F883EE87&apn_sauid=0A6CA36E-079E-4FA8-92F7-2196F202B379 SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=514&systemid=406&v=n11099-244&apn_uid=4914311320704201&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKCU - {B029F876-2C67-4BCC-AACA-66916A893E39} URL = https://sg.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms} BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: No Name -> {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} -> No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default FF DefaultSearchEngine: Yahoo! FF SelectedSearchEngine: Yahoo! FF Keyword.URL: https://sg.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\Wesley\funshion\funshiontools\npFunshion.dll No File FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\user.js FF SearchPlugin: C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\searchplugins\bingp.xml FF SearchPlugin: C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\searchplugins\yahoo_ff.xml FF Extension: save on - C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\6bneoeyuei@civqdzrqs.net [2014-05-31] FF Extension: SNT - C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\l.ovis@ieao-b.net [2014-05-31] FF Extension: YoutubeAdblocker - C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\w_yuy@vmkvfcdwl.com [2014-05-31] FF Extension: MEGA - C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\firefox@mega.co.nz.xpi [2014-05-31] FF Extension: Adblock Plus - C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-13] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-03-18] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-11] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HomePage: Default -> 5E661AB35B92ABF06B6329321C3F15569B7CDEB92CB61C13C06EAE1701355C7A CHR DefaultSearchKeyword: Default -> 41C6AF1AA520A614B481640D0AE91E3BA1602B89156D586E97EB45526B4B6D28 CHR DefaultSearchURL: Default -> 28B1C3B40164110D1F8F5AA51265FAD6262AA567CBC21D2D85074B373F648D29 CHR Profile: C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26] CHR Extension: (avast! Online Security) - C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-23] CHR Extension: (Google Wallet) - C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-11] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-30] (Qualcomm Atheros Commnucations) U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-11] (AVAST Software) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5635016 2013-06-25] (INCA Internet Co., Ltd.) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed] S2 FunshionSvr; C:\Users\Wesley\funshion\funshiontools\FunshionSvr.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-11] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-11] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-11] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-11] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-11] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-11] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-11] () R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-11-01] (ASUS Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-30] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 GGSAFERDriver; \??\D:\Garena Plus\Room\safedrv.sys [X] U0 msahci; No ImagePath U2 TMAgent; No ImagePath S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-21 21:14 - 2014-09-21 21:15 - 00021044 _____ () C:\Users\Wesley\Downloads\FRST.txt 2014-09-21 21:13 - 2014-09-21 21:14 - 00000000 ____D () C:\FRST 2014-09-21 21:12 - 2014-09-21 21:12 - 02105856 _____ (Farbar) C:\Users\Wesley\Downloads\FRST64.exe 2014-09-21 16:58 - 2014-09-21 16:58 - 01097728 _____ (Farbar) C:\Users\Wesley\Downloads\FRST.exe 2014-09-20 04:42 - 2014-09-20 04:42 - 00000186 _____ () C:\Users\Wesley\Desktop\cc_20140920_044215.reg 2014-09-19 15:04 - 2014-09-19 15:04 - 00000170 _____ () C:\Users\Wesley\Desktop\cc_20140919_150419.reg 2014-09-19 15:03 - 2014-09-19 15:04 - 00008036 _____ () C:\Users\Wesley\Desktop\cc_20140919_150357.reg 2014-09-19 15:03 - 2014-09-19 15:03 - 00288968 _____ () C:\Users\Wesley\Desktop\cc_20140919_150303.reg 2014-09-19 14:04 - 2014-09-19 14:04 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-09-19 14:04 - 2014-09-19 14:04 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-19 14:03 - 2014-09-20 04:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-19 14:03 - 2014-09-19 14:03 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-19 14:03 - 2014-09-19 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-19 14:02 - 2014-09-19 14:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-19 14:02 - 2014-09-19 14:02 - 04901352 _____ (Piriform Ltd) C:\Users\Wesley\Downloads\ccsetup417.exe 2014-09-19 14:02 - 2014-09-19 14:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-19 14:02 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-19 14:02 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-19 14:02 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-19 14:01 - 2014-09-19 14:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Wesley\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-19 13:56 - 2014-09-19 13:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-17 23:00 - 2014-09-17 23:00 - 00000000 ___RD () C:\Users\Wesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-09-17 13:33 - 2014-09-21 21:09 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Wesley 2014-09-15 19:41 - 2014-07-16 06:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys 2014-09-15 19:39 - 2014-08-16 17:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-15 19:39 - 2014-08-16 17:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-15 19:39 - 2014-08-16 17:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-09-15 19:39 - 2014-08-16 17:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-15 19:39 - 2014-08-16 17:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-15 19:39 - 2014-08-16 17:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-15 19:39 - 2014-08-16 17:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-15 19:39 - 2014-08-16 17:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-15 19:39 - 2014-08-16 17:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-15 19:39 - 2014-08-16 17:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-15 19:39 - 2014-08-16 17:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-09-15 19:39 - 2014-08-16 17:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-15 19:39 - 2014-08-16 17:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-15 19:39 - 2014-08-16 17:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-15 19:39 - 2014-08-16 15:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-15 19:39 - 2014-08-16 15:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-15 19:39 - 2014-08-16 15:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-15 19:39 - 2014-08-16 15:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-15 19:39 - 2014-08-16 15:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-15 19:39 - 2014-08-16 15:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-09-15 19:39 - 2014-08-16 15:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-15 19:39 - 2014-08-16 15:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-15 19:39 - 2014-08-16 15:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-15 19:39 - 2014-08-16 15:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-15 19:39 - 2014-08-16 15:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-15 19:39 - 2014-08-16 15:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-15 19:39 - 2014-03-07 08:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-15 19:39 - 2013-05-16 06:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-09-15 19:39 - 2013-05-16 06:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-09-15 19:39 - 2013-05-14 21:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-15 19:39 - 2013-05-14 17:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-15 19:39 - 2013-02-21 18:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-09-15 19:39 - 2013-02-21 18:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-15 19:39 - 2013-02-21 18:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-15 19:39 - 2013-02-21 18:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-15 19:39 - 2013-02-21 18:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-09-15 19:39 - 2013-02-21 18:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-15 19:39 - 2013-02-19 17:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-09-15 19:39 - 2012-11-08 12:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-15 19:39 - 2012-11-08 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-15 19:39 - 2012-07-26 11:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-15 19:38 - 2014-08-16 17:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-15 19:38 - 2014-08-16 15:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-15 19:30 - 2014-06-11 06:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-09-15 19:30 - 2014-06-11 06:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-09-13 15:11 - 2014-06-13 09:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-09-13 15:11 - 2014-06-13 09:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-09-13 15:11 - 2014-06-05 09:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2014-09-13 15:11 - 2014-06-04 07:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2014-09-13 15:10 - 2014-08-01 07:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-09-13 15:10 - 2014-05-29 12:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2014-09-13 15:10 - 2014-05-08 09:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2014-09-13 15:09 - 2014-08-28 19:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-09-13 15:09 - 2014-08-28 14:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-09-13 15:09 - 2014-08-28 14:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-09-13 15:09 - 2014-08-28 14:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-09-13 15:09 - 2014-08-28 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-09-13 15:09 - 2014-08-28 14:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-09-13 15:09 - 2014-08-28 14:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-09-13 15:09 - 2014-08-28 14:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-09-13 15:09 - 2014-08-28 14:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-09-13 15:09 - 2014-08-28 14:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-09-13 15:09 - 2014-08-28 14:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2014-09-13 15:09 - 2014-08-28 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-09-13 15:09 - 2014-08-28 14:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-09-13 15:09 - 2014-08-28 14:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-09-13 15:07 - 2014-07-24 11:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll 2014-09-13 15:07 - 2014-07-24 11:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2014-09-13 15:07 - 2014-06-20 07:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-09-13 15:07 - 2014-06-20 06:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-09-13 15:07 - 2014-06-06 01:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-09-13 15:07 - 2014-06-06 01:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-09-13 15:07 - 2014-06-06 01:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-09-13 15:07 - 2014-06-06 01:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-09-13 15:07 - 2014-06-06 01:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-09-13 15:07 - 2014-06-06 01:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-09-13 15:07 - 2014-06-05 21:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-09-13 15:07 - 2014-06-05 21:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-09-13 15:07 - 2014-06-05 21:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-09-13 15:07 - 2014-06-05 21:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-09-13 15:07 - 2014-06-05 21:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-09-13 15:06 - 2014-08-23 14:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-13 15:06 - 2014-08-09 16:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-09-13 15:06 - 2014-08-09 16:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2014-09-13 15:06 - 2014-07-16 07:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-13 15:06 - 2014-07-12 10:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-11 00:06 - 2014-09-13 15:08 - 00000000 ____D () C:\iResearch 2014-09-10 23:46 - 2014-09-10 23:46 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-08 01:09 - 2014-09-08 01:09 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\iy 2014-09-03 16:57 - 2014-09-03 16:57 - 00002239 _____ () C:\Users\Public\Desktop\BlackShot Launcher.lnk 2014-09-03 16:51 - 2014-09-03 16:57 - 00001061 _____ () C:\Users\Public\Desktop\Garena Plus.lnk 2014-09-03 16:50 - 2014-09-20 00:02 - 00000000 ____D () C:\Program Files (x86)\Garena Plus 2014-09-03 16:50 - 2014-09-03 16:51 - 75320584 _____ () C:\Users\Wesley\Downloads\Garena+_Install.exe 2014-09-03 16:46 - 2014-09-03 16:47 - 02751024 _____ () C:\Users\Wesley\Downloads\Blackshot_GarenaPlus_Installer(1).exe 2014-08-31 00:34 - 2014-08-31 00:52 - 1597847024 _____ () C:\BlackShot_GarenaPlus_Install_2_212.exe 2014-08-31 00:34 - 2014-08-31 00:34 - 02751024 _____ () C:\Users\Wesley\Downloads\Blackshot_GarenaPlus_Installer.exe 2014-08-31 00:32 - 2014-08-31 00:30 - 1597847024 _____ () C:\trz97D1.tmp 2014-08-27 21:47 - 2014-08-27 21:47 - 00000000 ____D () C:\Users\Wesley\Desktop\Wesley 503 2014-08-24 21:12 - 2014-08-24 21:12 - 00031232 ___SH () C:\Users\Wesley\Documents\Thumbs.db 2014-08-22 13:19 - 2014-08-22 13:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-08-22 13:19 - 2014-08-22 13:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVAST Software 2014-08-22 13:18 - 2014-08-22 13:18 - 00002249 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-21 21:15 - 2014-09-21 21:14 - 00021044 _____ () C:\Users\Wesley\Downloads\FRST.txt 2014-09-21 21:14 - 2014-09-21 21:13 - 00000000 ____D () C:\FRST 2014-09-21 21:14 - 2013-03-10 21:11 - 00003590 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-29880558-42785158-1016828536-1002 2014-09-21 21:12 - 2014-09-21 21:12 - 02105856 _____ (Farbar) C:\Users\Wesley\Downloads\FRST64.exe 2014-09-21 21:11 - 2012-12-14 21:10 - 01615149 _____ () C:\Windows\WindowsUpdate.log 2014-09-21 21:11 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\sru 2014-09-21 21:11 - 2012-07-26 15:28 - 00848294 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-21 21:09 - 2014-09-17 13:33 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Wesley 2014-09-21 21:09 - 2013-09-10 13:44 - 00000000 ____D () C:\Users\Public\Fundata 2014-09-21 21:09 - 2013-03-21 00:00 - 00000294 _____ () C:\Windows\Tasks\FSPlatform.job 2014-09-21 21:09 - 2013-03-10 21:08 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-21 21:09 - 2013-03-10 21:04 - 00000401 _____ () C:\Users\Wesley\AppData\Roaming\sp_data.sys 2014-09-21 17:03 - 2013-03-10 21:50 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\GarenaPlus 2014-09-21 17:03 - 2013-03-10 21:50 - 00000000 ____D () C:\ProgramData\GarenaMessenger 2014-09-21 17:00 - 2013-03-24 15:38 - 00907264 ___SH () C:\Users\Wesley\Desktop\Thumbs.db 2014-09-21 16:58 - 2014-09-21 16:58 - 01097728 _____ (Farbar) C:\Users\Wesley\Downloads\FRST.exe 2014-09-21 16:58 - 2013-03-10 21:08 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-21 04:58 - 2013-03-11 17:38 - 00000000 ____D () C:\Users\Wesley\AppData\Local\CrashDumps 2014-09-21 04:46 - 2014-07-23 17:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-21 02:21 - 2012-07-26 15:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-09-21 02:20 - 2014-07-04 13:42 - 00000000 ____D () C:\Users\Public\FunAcce 2014-09-20 04:42 - 2014-09-20 04:42 - 00000186 _____ () C:\Users\Wesley\Desktop\cc_20140920_044215.reg 2014-09-20 04:41 - 2014-09-19 14:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-20 04:35 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\migwiz 2014-09-20 04:30 - 2014-07-10 14:56 - 00317592 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-20 04:30 - 2014-05-04 13:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-20 04:30 - 2013-05-22 20:21 - 00000294 _____ () C:\Windows\Tasks\FSPlatform1.job 2014-09-20 04:30 - 2012-08-02 09:20 - 00485320 _____ () C:\Windows\PFRO.log 2014-09-20 04:30 - 2012-07-26 15:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-20 04:29 - 2014-04-25 17:53 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\CloudMedia 2014-09-20 04:29 - 2014-01-31 12:40 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar 2014-09-20 04:29 - 2012-08-02 09:36 - 00000000 ____D () C:\Windows\ASUS 2014-09-20 04:29 - 2012-07-26 16:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-09-20 00:02 - 2014-09-03 16:50 - 00000000 ____D () C:\Program Files (x86)\Garena Plus 2014-09-19 15:04 - 2014-09-19 15:04 - 00000170 _____ () C:\Users\Wesley\Desktop\cc_20140919_150419.reg 2014-09-19 15:04 - 2014-09-19 15:03 - 00008036 _____ () C:\Users\Wesley\Desktop\cc_20140919_150357.reg 2014-09-19 15:03 - 2014-09-19 15:03 - 00288968 _____ () C:\Users\Wesley\Desktop\cc_20140919_150303.reg 2014-09-19 14:32 - 2014-05-31 21:36 - 00000000 ____D () C:\ProgramData\TopApp soft 2014-09-19 14:32 - 2014-05-31 21:26 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\Systweak 2014-09-19 14:32 - 2013-03-10 21:00 - 00000000 ____D () C:\Users\Wesley 2014-09-19 14:31 - 2014-07-15 21:23 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\Funshion 2014-09-19 14:04 - 2014-09-19 14:04 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-09-19 14:04 - 2014-09-19 14:04 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-19 14:03 - 2014-09-19 14:03 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-19 14:03 - 2014-09-19 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-19 14:03 - 2014-09-19 14:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-19 14:02 - 2014-09-19 14:02 - 04901352 _____ (Piriform Ltd) C:\Users\Wesley\Downloads\ccsetup417.exe 2014-09-19 14:02 - 2014-09-19 14:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-19 14:02 - 2014-09-19 14:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Wesley\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-19 13:56 - 2014-09-19 13:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-19 13:56 - 2013-07-02 16:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-17 23:00 - 2014-09-17 23:00 - 00000000 ___RD () C:\Users\Wesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-09-17 14:43 - 2012-08-05 09:43 - 00000000 ____D () C:\ProgramData\McAfee 2014-09-17 14:42 - 2013-03-24 16:49 - 00000000 ____D () C:\ProgramData\Skype 2014-09-17 14:19 - 2013-03-28 17:19 - 00000000 ____D () C:\Users\Wesley\Documents\BlackshotScreenshot 2014-09-15 20:07 - 2012-07-26 13:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-09-15 20:06 - 2012-07-26 16:12 - 00000000 ___RD () C:\Windows\ToastData 2014-09-15 19:38 - 2013-08-15 21:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-14 03:04 - 2014-06-11 18:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-09-14 03:01 - 2014-07-13 17:56 - 00000000 ____D () C:\Program Files (x86)\NetCrawl 2014-09-14 02:54 - 2014-05-31 02:12 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\Animals 2014-09-13 15:13 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-09-13 15:11 - 2013-03-10 21:08 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-13 15:08 - 2014-09-11 00:06 - 00000000 ____D () C:\iResearch 2014-09-10 23:46 - 2014-09-10 23:46 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-10 23:46 - 2014-07-23 17:00 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-08 01:39 - 2014-05-31 21:35 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-09-08 01:39 - 2014-05-31 21:35 - 00000000 ____D () C:\Users\Administrator 2014-09-08 01:39 - 2012-07-26 16:12 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-09-08 01:09 - 2014-09-08 01:09 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\iy 2014-09-03 16:57 - 2014-09-03 16:57 - 00002239 _____ () C:\Users\Public\Desktop\BlackShot Launcher.lnk 2014-09-03 16:57 - 2014-09-03 16:51 - 00001061 _____ () C:\Users\Public\Desktop\Garena Plus.lnk 2014-09-03 16:57 - 2013-03-10 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena 2014-09-03 16:51 - 2014-09-03 16:50 - 75320584 _____ () C:\Users\Wesley\Downloads\Garena+_Install.exe 2014-09-03 16:47 - 2014-09-03 16:46 - 02751024 _____ () C:\Users\Wesley\Downloads\Blackshot_GarenaPlus_Installer(1).exe 2014-09-03 03:32 - 2014-07-10 13:21 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-03 03:32 - 2014-07-10 13:21 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-31 00:52 - 2014-08-31 00:34 - 1597847024 _____ () C:\BlackShot_GarenaPlus_Install_2_212.exe 2014-08-31 00:34 - 2014-08-31 00:34 - 02751024 _____ () C:\Users\Wesley\Downloads\Blackshot_GarenaPlus_Installer.exe 2014-08-31 00:30 - 2014-08-31 00:32 - 1597847024 _____ () C:\trz97D1.tmp 2014-08-29 13:01 - 2013-03-12 18:19 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-28 19:34 - 2014-09-13 15:09 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-28 14:05 - 2014-09-13 15:09 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-28 14:05 - 2014-09-13 15:09 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-28 14:05 - 2014-09-13 15:09 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-28 14:05 - 2014-09-13 15:09 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-08-28 14:02 - 2014-09-13 15:09 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-28 14:01 - 2014-09-13 15:09 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-28 14:01 - 2014-09-13 15:09 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-28 14:01 - 2014-09-13 15:09 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-28 14:01 - 2014-09-13 15:09 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-08-28 14:01 - 2014-09-13 15:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2014-08-28 14:01 - 2014-09-13 15:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-28 14:01 - 2014-09-13 15:09 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-28 14:01 - 2014-09-13 15:09 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-08-27 21:47 - 2014-08-27 21:47 - 00000000 ____D () C:\Users\Wesley\Desktop\Wesley 503 2014-08-24 21:12 - 2014-08-24 21:12 - 00031232 ___SH () C:\Users\Wesley\Documents\Thumbs.db 2014-08-23 14:47 - 2014-09-13 15:06 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 13:22 - 2013-03-10 21:04 - 00000000 ____D () C:\Users\Wesley\Documents\Bluetooth Folder 2014-08-22 13:19 - 2014-08-22 13:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-08-22 13:19 - 2014-08-22 13:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVAST Software 2014-08-22 13:18 - 2014-08-22 13:18 - 00002249 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk 2014-08-22 13:18 - 2014-03-01 23:35 - 00000401 _____ () C:\Users\Guest\AppData\Roaming\sp_data.sys Files to move or delete: ==================== C:\ProgramData\SetStretch.exe Some content of TEMP: ==================== C:\Users\Wesley\AppData\Local\Temp\1363615952638_DriverUtils.dll C:\Users\Wesley\AppData\Local\Temp\360AD32.tmp360net.dll C:\Users\Wesley\AppData\Local\Temp\360sd_min_1204C.exe C:\Users\Wesley\AppData\Local\Temp\BackupSetup.exe C:\Users\Wesley\AppData\Local\Temp\bdfilters.dll C:\Users\Wesley\AppData\Local\Temp\BuenoSearchTB.exe C:\Users\Wesley\AppData\Local\Temp\dump.dll C:\Users\Wesley\AppData\Local\Temp\fc9c3d6316da4a5cfdcf4e4f5e662a96.dll C:\Users\Wesley\AppData\Local\Temp\FunshionURLGetFileSize.dll C:\Users\Wesley\AppData\Local\Temp\gma.dll C:\Users\Wesley\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Wesley\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Wesley\AppData\Local\Temp\kuwo_fengxingjm2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130307to130320.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130320to130321.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130321to130325.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130325to130403.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130403to130404.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130404to130411.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130411to130503.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130503to130504.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130504to130513.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130513to130521.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130521to130530.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130530to130619.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130619to130620.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130620to130716.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130716to130717v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130717to130801.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130801to130827.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130827to130911.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130911to130913.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_130913to131016.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_131016to131104v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_131104to131114.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_131114to131127v3.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_131127to131217v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_131217to140110.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140110to140121v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140121to140212v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140212to140214.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140214to140220.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140220to140306.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140306to140307.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140307to140325.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140325to140401v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140401to140409.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140409to140410.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140410to140429.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140429to140430.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140430to140513.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140513to140529.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140529to140610v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140610to140624.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140624to140708v2.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140708to140722.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140722to140805.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140805to140819.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140819to140903.exe C:\Users\Wesley\AppData\Local\Temp\lol_patch_140903to140916.exe C:\Users\Wesley\AppData\Local\Temp\NetCrawlUntemp.exe C:\Users\Wesley\AppData\Local\Temp\NEWDE61.tmp.exe C:\Users\Wesley\AppData\Local\Temp\NGMDll.dll C:\Users\Wesley\AppData\Local\Temp\NGMResource.dll C:\Users\Wesley\AppData\Local\Temp\NGMSetup.exe C:\Users\Wesley\AppData\Local\Temp\ose00000.exe C:\Users\Wesley\AppData\Local\Temp\setup.exe C:\Users\Wesley\AppData\Local\Temp\setup_7.0.0.1020.exe C:\Users\Wesley\AppData\Local\Temp\Setup_fengxingtg.exe C:\Users\Wesley\AppData\Local\Temp\SkypeSetup.exe C:\Users\Wesley\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Wesley\AppData\Local\Temp\Tmp1402997744_Greenil.dll C:\Users\Wesley\AppData\Local\Temp\Tmp1405430620_Greenil.dll C:\Users\Wesley\AppData\Local\Temp\uhhgwnmv.dll C:\Users\Wesley\AppData\Local\Temp\unicows.dll C:\Users\Wesley\AppData\Local\Temp\update_2_166.exe C:\Users\Wesley\AppData\Local\Temp\update_2_167.exe C:\Users\Wesley\AppData\Local\Temp\update_2_168.exe C:\Users\Wesley\AppData\Local\Temp\update_2_169.exe C:\Users\Wesley\AppData\Local\Temp\update_2_170.exe C:\Users\Wesley\AppData\Local\Temp\update_2_171.exe C:\Users\Wesley\AppData\Local\Temp\update_2_172.exe C:\Users\Wesley\AppData\Local\Temp\update_2_173.exe C:\Users\Wesley\AppData\Local\Temp\update_2_174.exe C:\Users\Wesley\AppData\Local\Temp\update_2_175.exe C:\Users\Wesley\AppData\Local\Temp\update_2_176.exe C:\Users\Wesley\AppData\Local\Temp\update_2_177.exe C:\Users\Wesley\AppData\Local\Temp\update_2_178.exe C:\Users\Wesley\AppData\Local\Temp\update_2_179.exe C:\Users\Wesley\AppData\Local\Temp\update_2_180.exe C:\Users\Wesley\AppData\Local\Temp\update_2_181.exe C:\Users\Wesley\AppData\Local\Temp\update_2_182.exe C:\Users\Wesley\AppData\Local\Temp\update_2_183.exe C:\Users\Wesley\AppData\Local\Temp\update_2_184.exe C:\Users\Wesley\AppData\Local\Temp\update_2_185.exe C:\Users\Wesley\AppData\Local\Temp\update_2_186.exe C:\Users\Wesley\AppData\Local\Temp\update_2_187.exe C:\Users\Wesley\AppData\Local\Temp\update_2_188.exe C:\Users\Wesley\AppData\Local\Temp\update_2_189.exe C:\Users\Wesley\AppData\Local\Temp\update_2_190.exe C:\Users\Wesley\AppData\Local\Temp\update_2_191.exe C:\Users\Wesley\AppData\Local\Temp\update_2_192.exe C:\Users\Wesley\AppData\Local\Temp\update_2_193.exe C:\Users\Wesley\AppData\Local\Temp\update_2_194.exe C:\Users\Wesley\AppData\Local\Temp\update_2_195.exe C:\Users\Wesley\AppData\Local\Temp\update_2_196.exe C:\Users\Wesley\AppData\Local\Temp\update_2_197.exe C:\Users\Wesley\AppData\Local\Temp\update_2_198.exe C:\Users\Wesley\AppData\Local\Temp\update_2_199.exe C:\Users\Wesley\AppData\Local\Temp\update_2_200.exe C:\Users\Wesley\AppData\Local\Temp\update_2_201.exe C:\Users\Wesley\AppData\Local\Temp\update_2_202.exe C:\Users\Wesley\AppData\Local\Temp\update_2_203.exe C:\Users\Wesley\AppData\Local\Temp\update_2_204.exe C:\Users\Wesley\AppData\Local\Temp\update_2_205.exe C:\Users\Wesley\AppData\Local\Temp\update_2_206.exe C:\Users\Wesley\AppData\Local\Temp\update_2_207.exe C:\Users\Wesley\AppData\Local\Temp\update_2_208.exe C:\Users\Wesley\AppData\Local\Temp\update_2_209.exe C:\Users\Wesley\AppData\Local\Temp\update_2_210.exe C:\Users\Wesley\AppData\Local\Temp\update_2_211.exe C:\Users\Wesley\AppData\Local\Temp\update_2_212.exe C:\Users\Wesley\AppData\Local\Temp\update_2_213.exe C:\Users\Wesley\AppData\Local\Temp\update_2_214.exe C:\Users\Wesley\AppData\Local\Temp\update_2_215.exe C:\Users\Wesley\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-18 00:51 ==================== End Of Log ============================ This is the Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01 Ran by Wesley at 2014-09-21 21:15:21 Running from C:\Users\Wesley\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS) ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.7 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS) ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation) ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Epson E-Web Print (HKLM-x32\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION) EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Garena - BlackShot (HKLM-x32\...\BlackShot) (Version: 2.165 - Garena Online Pte Ltd.) Garena - League of Legends (HKLM-x32\...\LoL) (Version: - Garena Online Pte Ltd.) Garena Plus (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Grand Theft Auto: Vice City (HKLM-x32\...\Steam App 12110) (Version: - Rockstar Games) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MapleStory (HKLM-x32\...\MapleStory) (Version: - ) Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - ) NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.12.12 (Version: 1.12.12 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Sleeping Dogs version 1.4 (HKLM-x32\...\Sleeping Dogs_is1) (Version: 1.4 - ) Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION) Soldier Front 2 (HKLM-x32\...\Steam App 239660) (Version: - Dragonfly) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC) Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Yu-Gi-Oh! Forbidden Memories (HKLM-x32\...\Yu-Gi-Oh! Forbidden Memories_is1) (Version: - PSX Emulador) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-09-2014 07:01:21 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 13:26 - 2012-07-26 13:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00472DEB-E607-4D23-B4C0-182E6702AB3D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-11] (AVAST Software) Task: {11457FDE-FDF1-4A61-A398-B2980B97C16E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {1722A097-8787-41C1-8177-3259641088F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {1C14D8BD-544A-4545-92E4-DFE33B819A1D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation) Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2ADAB7B7-8D51-4993-9511-77499FEEAC28} - System32\Tasks\gg_uac_daemon_Wesley => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-07-10] () Task: {45CA8C91-64E1-4A02-97A8-F0C3A28507B8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {596A9ED5-4B55-4926-AD67-C6F860D64A7E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated) Task: {60F84A75-6290-4DA2-92F8-E8A22A5AD43E} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-23] (ASUSTeK Computer Inc.) Task: {7113455F-C08C-4DCB-BAF2-A41725F9F27E} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-25] (ASUS) Task: {7A4BA57F-BEB1-40FB-B112-E8EA2413FB60} - System32\Tasks\FSPlatform1 => C:\Users\Wesley\funshion\funshiontools\FSPAP.exe Task: {928BF324-D898-4EB1-8A64-B40EA02F86C4} - System32\Tasks\FSPlatform => C:\Users\Wesley\funshion\funshiontools\FSPAP.exe Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {BD66E86D-9DFF-46EF-BC5D-4B78E40C4A0D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {CCD5AA84-0FAC-4AA6-89F4-898C8DD11437} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-11-01] (AsusTek) Task: {D3ED31A9-7DBB-4379-8080-C7852C9F70EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.) Task: {D60CCC94-64B4-4E5A-A9CC-B4ACD86785B6} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-19] (ASUSTek Computer Inc.) Task: {D8E83BC2-C663-42B3-89CA-08E3918736B6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation) Task: {E944EC81-CB9A-4974-907D-E6517D2A70BF} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-07] (ASUS) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FSPlatform.job => C:\Users\Wesley\funshion\funshiontools\FSPAP.exe Task: C:\Windows\Tasks\FSPlatform1.job => C:\Users\Wesley\funshion\funshiontools\FSPAP.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-14 20:52 - 2012-09-17 17:27 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-09-03 16:55 - 2013-07-10 19:54 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe 2012-08-25 09:26 - 2012-08-25 09:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2012-11-05 17:59 - 2012-08-24 07:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-09-20 02:01 - 2014-09-20 02:01 - 02864128 _____ () C:\Program Files\AVAST Software\Avast\defs\14091901\algo.dll 2014-09-21 03:09 - 2014-09-21 03:09 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092001\algo.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-12-14 21:02 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2013-02-07 17:11 - 2013-08-23 17:10 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll 2012-09-12 06:01 - 2012-09-12 06:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2012-12-14 20:52 - 2012-09-17 17:27 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2014-06-11 18:37 - 2014-06-11 18:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-09-19 13:56 - 2014-09-19 13:56 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-02-28 11:32 - 2014-02-28 11:32 - 00174368 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe 2014-02-28 11:33 - 2014-02-28 11:33 - 00041248 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32api.pyd 2014-02-28 11:32 - 2014-02-28 11:32 - 00059680 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pywintypes27.dll 2014-02-28 11:32 - 2014-02-28 11:32 - 00119072 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pythoncom27.dll 2014-02-28 11:33 - 2014-02-28 11:33 - 00020256 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_multiprocessing.pyd 2014-02-28 11:33 - 2014-02-28 11:33 - 00025376 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32service.pyd 2014-02-28 11:33 - 2014-02-28 11:33 - 00022816 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\servicemanager.pyd 2014-02-28 11:33 - 2014-02-28 11:33 - 00018208 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32event.pyd 2014-02-28 11:33 - 2014-02-28 11:33 - 00027424 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_socket.pyd 2014-02-28 11:33 - 2014-02-28 11:33 - 00277280 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_ssl.pyd 2014-02-28 11:33 - 2014-02-28 11:33 - 00113952 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_hashlib.pyd 2014-02-28 11:33 - 2014-02-28 11:33 - 00016672 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\select.pyd 2014-02-28 11:33 - 2014-02-28 11:33 - 00040736 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_ctypes.pyd 2014-02-28 11:33 - 2014-02-28 11:33 - 00023328 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32process.pyd 2014-02-28 11:33 - 2014-02-28 11:33 - 00020256 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32ts.pyd 2014-02-28 11:33 - 2014-02-28 11:33 - 00018720 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32profile.pyd 2014-02-28 11:33 - 2014-02-28 11:33 - 00042784 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32security.pyd ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run: => "BtTray" HKLM\...\StartupApproved\Run: => "BtvStack" HKLM\...\StartupApproved\Run32: => "Funshion" HKCU\...\StartupApproved\Run: => "Funshion" HKCU\...\StartupApproved\Run: => "Skype" HKCU\...\StartupApproved\Run: => "Steam" HKCU\...\StartupApproved\Run: => "iCloudServices" ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/21/2014 04:58:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: League of Legends.exe, version: 4.16.0.253, time stamp: 0x54137361 Faulting module name: League of Legends.exe, version: 4.16.0.253, time stamp: 0x54137361 Exception code: 0xc0000409 Fault offset: 0x00880bda Faulting process id: 0x1814 Faulting application start time: 0xLeague of Legends.exe0 Faulting application path: League of Legends.exe1 Faulting module path: League of Legends.exe2 Report Id: League of Legends.exe3 Faulting package full name: League of Legends.exe4 Faulting package-relative application ID: League of Legends.exe5 Error: (09/19/2014 03:01:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64. System Error: The system cannot find the file specified. . Error: (09/18/2014 02:38:04 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (09/18/2014 00:52:32 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (09/17/2014 11:59:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9200.16579, time stamp: 0x51636a5d Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d34d8 Exception code: 0xc0000409 Fault offset: 0x000000000000a3b2 Faulting process id: 0x1c8c Faulting application start time: 0xSearchProtocolHost.exe0 Faulting application path: SearchProtocolHost.exe1 Faulting module path: SearchProtocolHost.exe2 Report Id: SearchProtocolHost.exe3 Faulting package full name: SearchProtocolHost.exe4 Faulting package-relative application ID: SearchProtocolHost.exe5 Error: (09/17/2014 02:38:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: lpksetup.exe, version: 6.2.9200.16420, time stamp: 0x505aa4b0 Faulting module name: SHELL32.dll, version: 6.2.9200.16882, time stamp: 0x5334f23b Exception code: 0xc0000409 Fault offset: 0x00000000002a11a3 Faulting process id: 0x714 Faulting application start time: 0xlpksetup.exe0 Faulting application path: lpksetup.exe1 Faulting module path: lpksetup.exe2 Report Id: lpksetup.exe3 Faulting package full name: lpksetup.exe4 Faulting package-relative application ID: lpksetup.exe5 Error: (09/17/2014 02:38:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AsusTPCenter.exe, version: 1.0.0.43, time stamp: 0x50879199 Faulting module name: npggNT64.des_unloaded, version: 0.0.0.0, time stamp: 0x51de6c0e Exception code: 0xc0000005 Fault offset: 0x00000000458b0733 Faulting process id: 0x1d50 Faulting application start time: 0xAsusTPCenter.exe0 Faulting application path: AsusTPCenter.exe1 Faulting module path: AsusTPCenter.exe2 Report Id: AsusTPCenter.exe3 Faulting package full name: AsusTPCenter.exe4 Faulting package-relative application ID: AsusTPCenter.exe5 Error: (09/17/2014 02:38:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AsusTPLoader.exe, version: 1.0.13.0, time stamp: 0x5087952f Faulting module name: npggNT64.des_unloaded, version: 0.0.0.0, time stamp: 0x51de6c0e Exception code: 0xc0000005 Fault offset: 0x00000000458b0733 Faulting process id: 0x197c Faulting application start time: 0xAsusTPLoader.exe0 Faulting application path: AsusTPLoader.exe1 Faulting module path: AsusTPLoader.exe2 Report Id: AsusTPLoader.exe3 Faulting package full name: AsusTPLoader.exe4 Faulting package-relative application ID: AsusTPLoader.exe5 Error: (09/17/2014 02:30:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AsusTPHelper.exe, version: 1.0.11.0, time stamp: 0x50796d2e Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d34d8 Exception code: 0xc0000409 Fault offset: 0x000000000000a3b2 Faulting process id: 0x21d8 Faulting application start time: 0xAsusTPHelper.exe0 Faulting application path: AsusTPHelper.exe1 Faulting module path: AsusTPHelper.exe2 Report Id: AsusTPHelper.exe3 Faulting package full name: AsusTPHelper.exe4 Faulting package-relative application ID: AsusTPHelper.exe5 Error: (09/17/2014 02:17:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9200.16579, time stamp: 0x51636a5d Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d34d8 Exception code: 0xc0000409 Fault offset: 0x000000000000a3b2 Faulting process id: 0x1abc Faulting application start time: 0xSearchProtocolHost.exe0 Faulting application path: SearchProtocolHost.exe1 Faulting module path: SearchProtocolHost.exe2 Report Id: SearchProtocolHost.exe3 Faulting package full name: SearchProtocolHost.exe4 Faulting package-relative application ID: SearchProtocolHost.exe5 System errors: ============= Error: (09/21/2014 09:09:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (09/21/2014 04:55:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (09/21/2014 03:22:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (09/21/2014 03:09:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (09/21/2014 02:21:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (09/20/2014 04:39:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s). Error: (09/20/2014 04:38:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (09/20/2014 04:32:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (09/20/2014 04:32:58 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (09/20/2014 04:32:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel® Core i5-3230M CPU @ 2.60GHz Percentage of memory in use: 15% Total physical RAM: 12165.52 MB Available physical RAM: 10279.57 MB Total Pagefile: 13893.52 MB Available Pagefile: 11826.14 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:50.05 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:179.96 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: F306CAF5) Partition: GPT Partition Type. ==================== End Of Log ============================
  6. Hi Kevin.. I tried to download the Farbar Recovery Scan Tool however this is what my computer showed me. Sorry i'm really not an expert when it comes to computer. Please be patient with me and guide me step by step! Thankyou!!
  7. Hi guys I know that both Fundata and Funacce folder is from funshion. But I have uninstalled funshion however this 2 folder still remain. I tried to delete them but it always says that it is being run at other programme. Can anyone help me to remove this 2 folder ? (
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.