Jump to content

Laptop problems, cant run malwarebytes- please help!


Recommended Posts

my laptop has been acting strange for the past year, performing disk scans whenever it is reset/turned on. a few weeks ago I downloaded malwarebytes and ran a scan- it made my computer much better! but over the weekend while I was away and not using my laptop, I came back and malwarebytes had been uninstalled and i wasnt able to install it properly or run the program. (whenever I install it, it gives me errors here and there), I tried running malware bytes with the chameleon also but every single one failed.

Also I had a blue screen earlier, but i went by so fast i wasnt able to make out what it was of.

I ran FRST.exe and attached the two logs that it gave me.

any help would be appreciated, thanks so much!!

FRST.txt

Addition.txt

Link to post
Share on other sites

  • 5 weeks later...
  • Root Admin

Very sorry for the delay. We've simply been overrun with requests for help and have not been able to get to everyone requesting help in a timely manner.

Now that we're finally getting our head a bit above water again I've been going back to review old missed requests. If you do still need help please let me know.

Thank you

Link to post
Share on other sites

  • Root Admin

Okay then, Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 6/26/2014 10:26:07 AM, SYSTEM, LAVENDER-PC, Protection, Malware Protection, Starting,
Protection, 6/26/2014 10:26:07 AM, SYSTEM, LAVENDER-PC, Protection, Malware Protection, Started,
Protection, 6/26/2014 10:26:07 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/26/2014 10:26:07 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Started,
Update, 6/26/2014 10:26:12 AM, SYSTEM, LAVENDER-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.6.23.2,
Update, 6/26/2014 10:26:44 AM, SYSTEM, LAVENDER-PC, Manual, Malware Database, 2014.3.4.9, 2014.6.26.5,
Protection, 6/26/2014 10:26:52 AM, SYSTEM, LAVENDER-PC, Protection, Refresh, Starting,
Protection, 6/26/2014 10:26:52 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Stopping,
Protection, 6/26/2014 10:26:52 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Stopped,
Protection, 6/26/2014 10:26:55 AM, SYSTEM, LAVENDER-PC, Protection, Refresh, Success,
Protection, 6/26/2014 10:26:55 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Starting,
Protection, 6/26/2014 10:26:55 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Started,

(end)

 

 

 

 

RogueKiller V9.1.0.0 (x64) [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lavender [Admin rights]
Mode : Scan -- Date : 06/26/2014  11:04:05

¤¤¤ Bad processes : 1 ¤¤¤
[Hidden]  -- [x] -> KILLED [TermThr]

¤¤¤ Registry Entries : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[suspicious.Path] \\VisualBeeRecovery -- C:\Users\Lavender\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe (/s) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 17 ¤¤¤
[EAT:Addr] (explorer.exe) SensApi.dll - NSPStartup : C:\Windows\system32\wshbth.dll @ 0x7fefb9a4cb8
[EAT:Addr] (explorer.exe) SensApi.dll - WSHAddressToString : C:\Windows\system32\wshbth.dll @ 0x7fefb9a37c8
[EAT:Addr] (explorer.exe) SensApi.dll - WSHEnumProtocols : C:\Windows\system32\wshbth.dll @ 0x7fefb9a2f40
[EAT:Addr] (explorer.exe) SensApi.dll - WSHGetBroadcastSockaddr : C:\Windows\system32\wshbth.dll @ 0x7fefb9a31cc
[EAT:Addr] (explorer.exe) SensApi.dll - WSHGetProviderGuid : C:\Windows\system32\wshbth.dll @ 0x7fefb9a3110
[EAT:Addr] (explorer.exe) SensApi.dll - WSHGetSockaddrType : C:\Windows\system32\wshbth.dll @ 0x7fefb9a303c
[EAT:Addr] (explorer.exe) SensApi.dll - WSHGetSocketInformation : C:\Windows\system32\wshbth.dll @ 0x7fefb9a34f4
[EAT:Addr] (explorer.exe) SensApi.dll - WSHGetWSAProtocolInfo : C:\Windows\system32\wshbth.dll @ 0x7fefb9a3078
[EAT:Addr] (explorer.exe) SensApi.dll - WSHGetWildcardSockaddr : C:\Windows\system32\wshbth.dll @ 0x7fefb9a3194
[EAT:Addr] (explorer.exe) SensApi.dll - WSHGetWinsockMapping : C:\Windows\system32\wshbth.dll @ 0x7fefb9a3208
[EAT:Addr] (explorer.exe) SensApi.dll - WSHIoctl : C:\Windows\system32\wshbth.dll @ 0x7fefb9a3298
[EAT:Addr] (explorer.exe) SensApi.dll - WSHJoinLeaf : C:\Windows\system32\wshbth.dll @ 0x7fefb9a3a88
[EAT:Addr] (explorer.exe) SensApi.dll - WSHNotify : C:\Windows\system32\wshbth.dll @ 0x7fefb9a3a94
[EAT:Addr] (explorer.exe) SensApi.dll - WSHOpenSocket : C:\Windows\system32\wshbth.dll @ 0x7fefb9a3b80
[EAT:Addr] (explorer.exe) SensApi.dll - WSHOpenSocket2 : C:\Windows\system32\wshbth.dll @ 0x7fefb9a3bb8
[EAT:Addr] (explorer.exe) SensApi.dll - WSHSetSocketInformation : C:\Windows\system32\wshbth.dll @ 0x7fefb9a362c
[EAT:Addr] (explorer.exe) SensApi.dll - WSHStringToAddress : C:\Windows\system32\wshbth.dll @ 0x7fefb9a38d0

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 132408b2b25a3db063cd1ae8cd1c941b
[bSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_06262014_105652.log

Link to post
Share on other sites

  • Root Admin

Please restart the computer and then run the following.

 

 

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove and threats found.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.


  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lavender on Fri 06/27/2014 at 14:00:58.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet

Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet

Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet

Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet

Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet

Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-575857903-1907476137-

2626480361-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet

Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-

F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-

D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-

4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software

\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software

\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software

\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software

\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing

\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing

\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing

\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing

\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\vid-

saver_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\vid-

saver_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\SearchProtect
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-

220022342291}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-

6666-660066346691}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-

2222-2222-220022342291}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-

6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes

\Toolbar.CT3309350
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface

\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing

\SoftonicDownloader_for_opencanvas_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing

\SoftonicDownloader_for_opencanvas_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing

\VisualBeeClientSilent-softonic_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing

\VisualBeeClientSilent-softonic_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node

\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft

\Tracing\SoftonicDownloader_for_opencanvas_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft

\Tracing\SoftonicDownloader_for_opencanvas_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft

\Tracing\VisualBeeClientSilent-softonic_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft

\Tracing\VisualBeeClientSilent-softonic_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet

Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet

Explorer\SearchScopes\{BC44D76F-696E-43AC-A6DF-7730D15D7D8F}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Users\Lavender\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Lavender\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "\searchprotect"
Successfully deleted: [Folder] "C:\Users\Lavender\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Lavender\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{0046E26D-0A1A-41F9

-8600-A7A47326F401}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{0974D838-B86B-

493D-8285-A93A352FF893}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{22694E0B-2552-4733

-B35E-D4F5B93D4D4F}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{29DADC49-021C-4270

-94E7-3E2DDEA52526}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{2A7EEF8A-A715-

44CB-AD72-15E8DCC9C092}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{2C38A192-53F3-

4A5B-B8F2-BBB64E931CF5}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{2E24513B-3C77-4044

-B004-B077EFFE5BBB}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{2E4E417A-2427-4037

-815E-FDD96FB740A3}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{2FDCBB75-9541-4EB3

-9055-D5A880BD6F57}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{321E7AF3-4F75-4E67

-B374-042ED9C4965E}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{3574F14D-1356-41B3

-B718-6BDE6E9A9A10}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{36319513-E834-

4B9B-9476-2468A7747557}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{3F2B17AB-949C-4A33

-B907-9704FD2465EB}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{415BDE02-7BE6-

4E9A-A0BA-0F6B5B57D36F}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{47A7A217-8943-4F86

-888E-4D8D6DD5A02E}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{4C5EC827-ABA8-41B6

-969C-D9161D0EF6DF}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{531E1D1E-1D4B-43D2

-A201-3B3A5623AAD9}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{5F7D66E7-45A6-49E2

-A56B-17BD461FB4B6}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{62260604-64BE-4691

-A17D-A625D84EB872}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{643BD56E-2985-47E6

-A4A4-59D5F31F08EE}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{6F5109F9-2D50-4820

-BD97-56B81A61C446}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{7978D782-2EBA-4C39

-B917-FDC67A7406D2}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{7A03B73C-6D44-47D8

-8A0E-EF5A85B942E3}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{89604BDD-CED9-4208

-912E-2E20C51A6690}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{8D5C3BFD-6C11-

440B-B59C-418896544DBE}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{940085A0-501E-4070

-8D90-1B07B8EDCDE2}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{96A988E9-E9FC-

4D7B-857A-124C438EE064}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{A0438B09-4912-42E6

-AFCD-4F1BD74AD1F2}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{A7B3F58D-B6DF-

459E-BC86-482C08E4FF32}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{B1A83751-3ED7-4339

-B6E1-60BD5C73B555}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{B29C2F4B-75C2-4268

-9258-A2CFE3BD1151}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{B842E6DE-FE78-4FB3

-AA8B-3345846D3895}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{BFD242A7-F512-48B0

-A5A8-ACEE5CB266E3}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{C09308C7-389E-

490D-9534-4AF7882E2236}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{C184BFF7-A2CC-44E0

-95B1-018F3529C94F}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{C25FD42E-DF62-4A80

-ACBB-F3F3D780B9AD}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{C9B68A17-9456-

4C9F-9652-CB438715863F}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{CB29262D-A1CE-4EB6

-A873-9AC60B15F34E}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{CB3A26BD-E8A0-4C75

-98C5-4CCDB281D40C}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{CDCC4B3E-C98A-4C78

-846D-4D601782CF36}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{E04F9985-EED4-

4F9E-8164-ADE31157D7D1}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{E0646595-2650-4318

-AF10-41E65EC061EC}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{E10504EF-54BF-4142

-ABEE-441504EE160D}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{E111D2E2-B802-4A11

-9E52-DD37168D8628}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{E31E8983-BEC9-48F1

-B380-DD897590D4AA}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{EADA80BD-6AB0-

425A-98BA-E9E11966AB69}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{EBE95890-45BF-4963

-9047-D26A4B5FA7E2}
Successfully deleted: [Empty Folder] C:\Users\Lavender\appdata\local\{F4D52406-95BA-4855

-BFB9-5F2A620FF396}



~~~ FireFox

Successfully deleted: [File] C:\Users\Lavender\AppData\Roaming\mozilla\firefox\profiles

\fsrmvid3.default\user.js
Successfully deleted the following from C:\Users\Lavender\AppData\Roaming\mozilla

\firefox\profiles\fsrmvid3.default\prefs.js

user_pref("CT3309350.smartbar.homepage", "true");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?

ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN40063272742524767&UM=2&UP=SPC382FEC2

-85E9-4DED-B023
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("browser.search.defaultthis.engineName", "BrowserPlus2 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?

ctid=CT3309350&CUI=UN40063272742524767&UM=2&SearchSource=3&q={searchTerms}");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:newtab");
user_pref("extensions.crossrider.bic", "13a769879ffbfca3743ece406f89c70a");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?

ctid=CT3309350&SearchSource=2&CUI=UN40063272742524767&UM=2&q=");
user_pref("smartbar.addressBarOwnerCTID", "CT3309350");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?

ctid=CT3309350&CUI=UN40063272742524767&UM=2&SearchSource=13,hxxp://search.conduit.com/?

ctid=CT3309350&oct
user_pref("smartbar.conduitSearchAddressUrlList",

"hxxp://search.conduit.com/ResultsExt.aspx?

ctid=CT3309350&SearchSource=2&CUI=UN40063272742524767&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3309350");
user_pref("smartbar.homePageOwnerCTID", "CT3309350");
user_pref("smartbar.machineId", "G/7CZJB5FJIZ2ANGGIFYULZ1BOYLTD+PKXEBBVKII0+M7Z

+RGYHX/UO1GQYRF7GAYGHZAY4KWQNPY0JQ3PWOWG");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?

ctid=CT3309350&CUI=UN40063272742524767&UM=2&SearchSource=13");
Emptied folder: C:\Users\Lavender\AppData\Roaming\mozilla\firefox\profiles

\fsrmvid3.default\minidumps [138 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome

\Extensions\odpccdgkmiicgocepijnaeihjnjnomca



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/27/2014 at 14:34:02.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




# AdwCleaner v3.213 - Report created 27/06/2014 at 14:43:00
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lavender - LAVENDER-PC
# Running from : C:\Users\Lavender\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\Lavender\AppData\Local\Conduit
Folder Deleted : C:\Users\Lavender\AppData\Local\DefineExt
Folder Deleted : C:\Users\Lavender\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Users\Lavender\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles

\fsrmvid3.default\CT3309350
Folder Deleted : C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles

\fsrmvid3.default\Extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Windows\System32\Tasks\VisualBeeRecovery

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage

\conduitapps.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-

4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1

-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Tbccint_HKLM

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page Before]

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default

\prefs.js ]

Line Deleted : user_pref("CT3309350.FF19Solved", "true");
Line Deleted : user_pref("CT3309350.UserID", "UN40063272742524767");
Line Deleted : user_pref("CT3309350.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3309350.fullUserID",

"UN40063272742524767.IN.20130831232319");
Line Deleted : user_pref("CT3309350.installDate", "31/08/2013 23:23:22");
Line Deleted : user_pref("CT3309350.installSessionId", "{8C081B02-EB43-4B85-9252-

CE316A84C3CD}");
Line Deleted : user_pref("CT3309350.installSp", "TRUE");
Line Deleted : user_pref("CT3309350.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3309350.keyword", "true");
Line Deleted : user_pref("CT3309350.originalHomepage", "hxxp://sugarstars.net/");
Line Deleted : user_pref("CT3309350.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3309350.originalSearchEngine", "");
Line Deleted : user_pref("CT3309350.originalSearchEngineName", "");
Line Deleted : user_pref("CT3309350.searchRevert", "false");
Line Deleted : user_pref("CT3309350.searchUserMode", "2");
Line Deleted : user_pref("CT3309350.versionFromInstaller", "10.19.2.5");
Line Deleted : user_pref("CT3309350.xpeMode", "0");
Line Deleted : user_pref("extensions.LinkSwift.aul", "1385252861617");
Line Deleted : user_pref("extensions.LinkSwift.irl", true);
Line Deleted : user_pref("extensions.LinkSwift.is", "trlsus");
Line Deleted : user_pref("extensions.LinkSwift.ug", "DA8632F8-B6D5-4671-83D7-

20BCDA84F94C");
Line Deleted : user_pref("extensions.claro.admin", false);
Line Deleted : user_pref("extensions.claro.aflt", "babsst");
Line Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-

69354F332062}");
Line Deleted : user_pref("extensions.claro.dfltLng", "en");
Line Deleted : user_pref("extensions.claro.excTlbr", false);
Line Deleted : user_pref("extensions.claro.id", "008edbb000000000000078929c8b95d3");
Line Deleted : user_pref("extensions.claro.instlDay", "15632");
Line Deleted : user_pref("extensions.claro.instlRef", "sst");
Line Deleted : user_pref("extensions.claro.prdct", "claro");
Line Deleted : user_pref("extensions.claro.prtnrId", "claro");
Line Deleted : user_pref("extensions.claro.tlbrId", "claro");
Line Deleted : user_pref("extensions.claro.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.claro.vrsn", "1.8.3.10");
Line Deleted : user_pref("extensions.claro.vrsni", "1.8.3.10");
Line Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Line Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1021:27:00");

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [5262 octets] - [27/06/2014 14:38:19]
AdwCleaner[s0].txt - [5137 octets] - [27/06/2014 14:43:00]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5197 octets] ##########

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/27/2014
Scan Time: 2:58:24 PM
Logfile: log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.27.08
Rootkit Database: v2014.06.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lavender

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315326
Time Elapsed: 26 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
RiskWare.Tool.CK, C:\$Recycle.Bin\S-1-5-21-575857903-1907476137-2626480361-1001\$RRZZL2T.Keygen-MESMERiZE\m-sp8001.zip, Quarantined, [26c40378cdae8bab5b9f0fda738ee51b],

Physical Sectors: 0
(No malicious items detected)


(end)

 

C:\$Recycle.Bin\S-1-5-21-575857903-1907476137-2626480361-1001\$R0BCPAP.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-575857903-1907476137-2626480361-1001\$RIMCK9H\worked keygen by CORE for 5.14e\core-key.exe    a variant of Win32/Keygen.CX potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir    Win32/Conduit.SearchProtect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\ctypes\FirefoxCtype.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\Plugins\npFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\Lavender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0A9SJK1\APISupport[1].dll    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Lavender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCIUV6L9\MiniSP[1].dll    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\Lavender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMGS54HF\APISupport[1].dll    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Lavender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMGS54HF\MiniSP[1].dll    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\Lavender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBFMYEAZ\TBUpdaterLogic[1].dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Lavender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P4PLSIA3\TBUpdaterLogic[1].dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Lavender\AppData\Local\TB\APISupport\APISupport.dll    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Lavender\AppData\Local\TB\APISupport\APISupport.old    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Lavender\AppData\Local\TB\APISupport\APISupport_2.1.0.8\ApiSupport.dll    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Lavender\AppData\Local\TB\APISupport\APISupport_2.2.0.9\ApiSupport.dll    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Lavender\AppData\Local\TB\APISupport\MiniSP_1.0.2.107\MiniSP.dll    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\Lavender\AppData\Local\TB\APISupport\MiniSP_1.0.2.93\MiniSP.dll    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\Lavender\AppData\Local\Temp\BrowserPlus2\nskD419.tbBro0.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Lavender\AppData\Local\Temp\BrowserPlus2\tbBro0.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Lavender\Downloads\HC2Setup.exe    Win32/Somoto.F potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\plugins\TBVerifier.dll    Win32/Toolbar.Conduit.AC potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\APISupport\APISupport.dll    Win32/Conduit.SearchProtect potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\plugins\ChromeApiPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\plugins\TBVerifier.dll    Win32/Toolbar.Conduit.AC potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\APISupport\APISupport.dll    Win32/Conduit.SearchProtect potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\plugins\ChromeApiPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2014
Ran by Lavender (administrator) on LAVENDER-PC on 27-06-2014 17:22:10
Running from C:\Users\Lavender\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\SysWOW64\WinService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Farbar) C:\Users\Lavender\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [synAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [98088 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [sonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104088 2012-08-15] (VMware, Inc.)
HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601976 2013-02-15] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-20] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-575857903-1907476137-2626480361-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-575857903-1907476137-2626480361-1001\...\Run: [Facebook Update] => C:\Users\Lavender\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-07] (Facebook Inc.)
HKU\S-1-5-21-575857903-1907476137-2626480361-1001\...\MountPoints2: {033cc77f-529f-11e2-932a-c860003cb0a3} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-575857903-1907476137-2626480361-1001\...\MountPoints2: {969e42ea-3cea-11e2-aed5-c860003cb0a3} - F:\LaunchU3.exe -a
HKU\S-1-5-21-575857903-1907476137-2626480361-1001\...\MountPoints2: {d5701999-5b3a-11e2-9981-c860003cb0a3} - F:\LaunchU3.exe -a
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe ()
Startup: C:\Users\Lavender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default
FF Homepage: hxxp://google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Lavender\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: deviantAnywhere - C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\deviantAnywhere@cvds.ro.xpi [2013-11-22]
FF Extension: Larry filter for Twitter - C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\larry@larryfilter.com.xpi [2013-02-02]
FF Extension: Scriptish - C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\scriptish@erikvold.com.xpi [2013-03-08]
FF Extension: FireFTP - C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-10-22]
FF Extension: Adblock Plus - C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-11]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-10-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-20]

Chrome:
=======
CHR HomePage: https://www.google.com/
CHR StartupUrls: "https://chrome.google.com/webstore/category/themes?hl=en",
            "https://support.google.com/chrome/answer/95426"
CHR DefaultSearchKeyword: google.com.pe
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-02]
CHR Extension: (Adblock Plus) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-04]
CHR Extension: (Google Search) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-18]
CHR Extension: (Google Wallet) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (Gmail) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-01]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Lavender\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Lavender\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-27]

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-03] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-20] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-02-15] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-02-15] (BlueStack Systems, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-01] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 SCM_Service; C:\Windows\SysWOW64\WinService.exe [180224 2007-03-29] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15680000 2012-08-15] () [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613760 2012-10-29] (Wacom Technology, Corp.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-20] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-20] ()
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-02-15] (BlueStack Systems)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [243200 2007-02-12] (Realtek Semiconductor Corporation                           )
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-24] (Anchorfree Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-27 17:10 - 2014-06-27 17:09 - 02083328 _____ (Farbar) C:\Users\Lavender\Desktop\FRST64(1).exe
2014-06-27 17:09 - 2014-06-27 17:09 - 02083328 _____ (Farbar) C:\Users\Lavender\Downloads\FRST64(1).exe
2014-06-27 15:29 - 2014-06-27 15:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-27 15:28 - 2014-06-27 15:28 - 02347384 _____ (ESET) C:\Users\Lavender\Downloads\esetsmartinstaller_enu.exe
2014-06-27 14:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-27 14:38 - 2014-06-27 14:43 - 00000000 ____D () C:\AdwCleaner
2014-06-27 14:37 - 2014-06-27 14:37 - 01342659 _____ () C:\Users\Lavender\Downloads\AdwCleaner.exe
2014-06-27 14:37 - 2014-06-27 14:37 - 01342659 _____ () C:\Users\Lavender\Desktop\AdwCleaner.exe
2014-06-27 14:34 - 2014-06-27 14:55 - 00019286 _____ () C:\Users\Lavender\Desktop\JRT.txt
2014-06-27 14:00 - 2014-06-27 14:00 - 00000000 ____D () C:\Windows\ERUNT
2014-06-27 13:39 - 2014-06-27 13:39 - 01016261 _____ (Thisisu) C:\Users\Lavender\Downloads\JRT.exe
2014-06-27 13:39 - 2014-06-27 13:39 - 01016261 _____ (Thisisu) C:\Users\Lavender\Desktop\JRT.exe
2014-06-26 10:49 - 2014-06-26 10:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-26 10:49 - 2014-06-26 10:48 - 05283416 _____ () C:\Users\Lavender\Desktop\RogueKillerX64.exe
2014-06-26 10:48 - 2014-06-26 10:48 - 05283416 _____ () C:\Users\Lavender\Downloads\RogueKillerX64.exe
2014-06-26 10:26 - 2014-06-27 14:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 10:25 - 2014-06-26 10:25 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 10:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-26 10:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 10:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-26 10:12 - 2014-06-26 10:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lavender\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-26 10:10 - 2014-06-26 10:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lavender\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-26 09:40 - 2014-06-26 09:40 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Lavender\Downloads\mbam-clean-2.0.2.0.exe
2014-06-26 09:39 - 2014-06-26 09:39 - 00000000 ____D () C:\Windows\ERDNT
2014-06-26 09:38 - 2014-06-26 09:38 - 00000926 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000926 _____ () C:\Users\Lavender\Desktop\NTREGOPT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000907 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000907 _____ () C:\Users\Lavender\Desktop\ERUNT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-26 09:21 - 2014-06-26 09:21 - 00791393 _____ (Lars Hederer ) C:\Users\Lavender\Downloads\erunt-setup.exe
2014-06-26 09:19 - 2014-06-26 10:15 - 00002454 _____ () C:\Users\Lavender\Desktop\Rkill.txt
2014-06-26 09:19 - 2014-06-26 09:18 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Lavender\Desktop\rkill.exe
2014-06-26 09:19 - 2014-06-26 09:18 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Lavender\Desktop\iExplore.exe
2014-06-26 09:18 - 2014-06-26 09:18 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Lavender\Downloads\rkill.exe
2014-06-26 09:18 - 2014-06-26 09:18 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Lavender\Downloads\iExplore.exe
2014-06-26 05:37 - 2014-06-26 05:37 - 30008226 _____ () C:\Users\Lavender\Desktop\Chess_Piece_Brushes_by_punkdoutkittn.abr
2014-06-26 01:18 - 2014-06-26 01:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2014-06-23 20:14 - 2014-06-25 13:19 - 11503946 _____ () C:\Users\Lavender\Desktop\dannphil.psd
2014-06-23 16:46 - 2014-06-24 13:08 - 46628583 _____ () C:\Users\Lavender\Desktop\sostrong.psd
2014-06-23 13:38 - 2014-06-26 06:02 - 90604024 _____ () C:\Users\Lavender\Desktop\nuuuuh.psd
2014-06-23 12:29 - 2014-06-23 12:29 - 00019728 ____N () C:\bootsqm.dat
2014-06-16 14:35 - 2014-06-25 16:33 - 58683539 _____ () C:\Users\Lavender\Desktop\menu.psd
2014-06-16 14:33 - 2014-06-16 14:33 - 00137377 _____ () C:\Users\Lavender\Desktop\Untitled-1.psd
2014-06-13 16:12 - 2014-06-13 17:00 - 00974848 _____ () C:\Users\Lavender\Desktop\original.sai
2014-06-12 23:40 - 2014-06-13 12:10 - 01949696 _____ () C:\Users\Lavender\Desktop\New canvas.sai
2014-06-10 14:24 - 2014-06-10 14:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 13:37 - 2014-06-10 13:37 - 34367392 _____ () C:\Users\Lavender\Downloads\WacomTablet_634-3(1).exe
2014-06-10 13:36 - 2014-06-10 13:37 - 39544032 _____ () C:\Users\Lavender\Downloads\WacomTablet_6.3.8-4.exe
2014-06-10 13:30 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 13:30 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 13:30 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 13:30 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 13:30 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 13:30 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 13:30 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 13:30 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 13:30 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 13:30 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 13:30 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 13:30 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 13:30 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 13:30 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 13:30 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 13:30 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 13:30 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 13:30 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 13:30 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 13:30 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 13:30 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 13:30 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 13:30 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 13:30 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 13:30 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 13:30 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 13:30 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 13:30 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 13:30 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 13:30 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 13:30 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 13:30 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 13:30 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 13:30 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 13:30 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 13:30 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 13:30 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 13:30 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 13:30 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 13:30 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 13:30 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 13:30 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 13:30 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 13:30 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 13:30 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 13:30 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 13:30 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 13:30 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 13:30 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 13:30 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 13:30 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 13:30 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-10 13:30 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 13:30 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 13:30 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 13:30 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 13:30 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 13:30 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 13:30 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 13:30 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 13:30 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 13:30 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 13:30 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 13:30 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 13:30 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 13:29 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 13:29 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-10 13:29 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 13:17 - 2014-06-10 13:38 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\WTablet
2014-06-01 11:37 - 2014-06-01 13:48 - 05632929 _____ () C:\Users\Lavender\Desktop\kuroko.psd
2014-05-29 12:59 - 2014-05-29 13:00 - 00798657 _____ () C:\Users\Lavender\Downloads\john_silva_smudge_pack_2_0__painterly_edition__by_johnsilva-d7k68im.abr
2014-05-28 21:50 - 2014-06-10 17:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-28 21:50 - 2014-06-10 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-28 21:50 - 2014-05-28 21:50 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-28 21:48 - 2014-05-28 21:48 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Lavender\Downloads\SkypeSetup(1).exe

==================== One Month Modified Files and Folders =======

2014-06-27 17:22 - 2014-05-19 10:36 - 00026084 _____ () C:\Users\Lavender\Desktop\FRST.txt
2014-06-27 17:22 - 2014-05-19 10:31 - 00000000 ____D () C:\FRST
2014-06-27 17:10 - 2012-10-18 21:41 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-27 17:09 - 2014-06-27 17:10 - 02083328 _____ (Farbar) C:\Users\Lavender\Desktop\FRST64(1).exe
2014-06-27 17:09 - 2014-06-27 17:09 - 02083328 _____ (Farbar) C:\Users\Lavender\Downloads\FRST64(1).exe
2014-06-27 16:51 - 2012-10-11 23:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-27 16:26 - 2013-03-07 17:21 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575857903-1907476137-2626480361-1001UA.job
2014-06-27 16:26 - 2013-03-07 17:21 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575857903-1907476137-2626480361-1001Core.job
2014-06-27 16:12 - 2012-03-14 14:51 - 01324180 _____ () C:\Windows\WindowsUpdate.log
2014-06-27 15:29 - 2014-06-27 15:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-27 15:28 - 2014-06-27 15:28 - 02347384 _____ (ESET) C:\Users\Lavender\Downloads\esetsmartinstaller_enu.exe
2014-06-27 15:01 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-27 15:01 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-27 14:55 - 2014-06-27 14:34 - 00019286 _____ () C:\Users\Lavender\Desktop\JRT.txt
2014-06-27 14:55 - 2014-06-26 10:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-27 14:55 - 2012-10-12 12:00 - 00000387 _____ () C:\Users\Lavender\AppData\Roaming\sp_data.sys
2014-06-27 14:53 - 2013-01-22 21:49 - 00000000 ____D () C:\ProgramData\VMware
2014-06-27 14:53 - 2012-12-31 18:53 - 00000000 ____D () C:\Temp
2014-06-27 14:53 - 2012-10-18 21:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-27 14:53 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-27 14:52 - 2014-01-28 17:10 - 00445008 _____ () C:\Windows\PFRO.log
2014-06-27 14:52 - 2013-11-24 23:11 - 00013836 _____ () C:\Windows\setupact.log
2014-06-27 14:43 - 2014-06-27 14:38 - 00000000 ____D () C:\AdwCleaner
2014-06-27 14:37 - 2014-06-27 14:37 - 01342659 _____ () C:\Users\Lavender\Downloads\AdwCleaner.exe
2014-06-27 14:37 - 2014-06-27 14:37 - 01342659 _____ () C:\Users\Lavender\Desktop\AdwCleaner.exe
2014-06-27 14:00 - 2014-06-27 14:00 - 00000000 ____D () C:\Windows\ERUNT
2014-06-27 14:00 - 2009-07-14 01:13 - 00803304 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 13:51 - 2013-11-20 20:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-27 13:40 - 2012-12-13 04:44 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\SoftGrid Client
2014-06-27 13:39 - 2014-06-27 13:39 - 01016261 _____ (Thisisu) C:\Users\Lavender\Downloads\JRT.exe
2014-06-27 13:39 - 2014-06-27 13:39 - 01016261 _____ (Thisisu) C:\Users\Lavender\Desktop\JRT.exe
2014-06-26 10:49 - 2014-06-26 10:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-26 10:48 - 2014-06-26 10:49 - 05283416 _____ () C:\Users\Lavender\Desktop\RogueKillerX64.exe
2014-06-26 10:48 - 2014-06-26 10:48 - 05283416 _____ () C:\Users\Lavender\Downloads\RogueKillerX64.exe
2014-06-26 10:25 - 2014-06-26 10:25 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 10:15 - 2014-06-26 09:19 - 00002454 _____ () C:\Users\Lavender\Desktop\Rkill.txt
2014-06-26 10:10 - 2014-06-26 10:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lavender\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-26 10:10 - 2014-06-26 10:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lavender\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-26 09:40 - 2014-06-26 09:40 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Lavender\Downloads\mbam-clean-2.0.2.0.exe
2014-06-26 09:39 - 2014-06-26 09:39 - 00000000 ____D () C:\Windows\ERDNT
2014-06-26 09:38 - 2014-06-26 09:38 - 00000926 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000926 _____ () C:\Users\Lavender\Desktop\NTREGOPT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000907 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000907 _____ () C:\Users\Lavender\Desktop\ERUNT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-26 09:21 - 2014-06-26 09:21 - 00791393 _____ (Lars Hederer ) C:\Users\Lavender\Downloads\erunt-setup.exe
2014-06-26 09:18 - 2014-06-26 09:19 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Lavender\Desktop\rkill.exe
2014-06-26 09:18 - 2014-06-26 09:19 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Lavender\Desktop\iExplore.exe
2014-06-26 09:18 - 2014-06-26 09:18 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Lavender\Downloads\rkill.exe
2014-06-26 09:18 - 2014-06-26 09:18 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Lavender\Downloads\iExplore.exe
2014-06-26 06:07 - 2014-05-02 15:47 - 00000000 ____D () C:\Users\Lavender\Desktop\Prints
2014-06-26 06:02 - 2014-06-23 13:38 - 90604024 _____ () C:\Users\Lavender\Desktop\nuuuuh.psd
2014-06-26 05:37 - 2014-06-26 05:37 - 30008226 _____ () C:\Users\Lavender\Desktop\Chess_Piece_Brushes_by_punkdoutkittn.abr
2014-06-26 01:18 - 2014-06-26 01:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2014-06-26 01:17 - 2012-11-07 04:09 - 00000000 ____D () C:\Program Files\Tablet
2014-06-25 16:35 - 2014-04-28 08:12 - 00000000 ____D () C:\Users\Lavender\Desktop\newprints
2014-06-25 16:33 - 2014-06-16 14:35 - 58683539 _____ () C:\Users\Lavender\Desktop\menu.psd
2014-06-25 13:19 - 2014-06-23 20:14 - 11503946 _____ () C:\Users\Lavender\Desktop\dannphil.psd
2014-06-24 15:27 - 2014-04-19 14:10 - 00000000 ____D () C:\Users\Lavender\Desktop\colos
2014-06-24 13:08 - 2014-06-23 16:46 - 46628583 _____ () C:\Users\Lavender\Desktop\sostrong.psd
2014-06-23 12:30 - 2012-10-11 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-23 12:29 - 2014-06-23 12:29 - 00019728 ____N () C:\bootsqm.dat
2014-06-23 10:15 - 2012-10-14 21:12 - 00000000 ____D () C:\Users\Lavender\Desktop\kurot
2014-06-18 16:00 - 2012-11-14 02:55 - 00000132 _____ () C:\Users\Lavender\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-06-17 15:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-17 05:05 - 2012-10-18 21:41 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-17 05:05 - 2012-10-18 21:41 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-16 14:33 - 2014-06-16 14:33 - 00137377 _____ () C:\Users\Lavender\Desktop\Untitled-1.psd
2014-06-13 17:00 - 2014-06-13 16:12 - 00974848 _____ () C:\Users\Lavender\Desktop\original.sai
2014-06-13 12:10 - 2014-06-12 23:40 - 01949696 _____ () C:\Users\Lavender\Desktop\New canvas.sai
2014-06-12 09:52 - 2014-04-14 02:11 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 07:20 - 2014-05-07 07:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 17:05 - 2014-05-28 21:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-10 17:05 - 2014-05-28 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-10 17:05 - 2014-04-14 14:31 - 00000000 ____D () C:\Program Files\TabletPlugins
2014-06-10 17:05 - 2014-04-14 14:31 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-06-10 17:05 - 2013-08-31 23:29 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\vlc
2014-06-10 17:05 - 2012-10-18 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-10 17:05 - 2012-10-18 11:09 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\Skype
2014-06-10 17:05 - 2012-10-18 11:09 - 00000000 ____D () C:\ProgramData\Skype
2014-06-10 17:05 - 2012-10-12 11:51 - 00000000 ____D () C:\ProgramData\P4G
2014-06-10 17:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-06-10 17:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-06-10 14:24 - 2014-06-10 14:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 13:38 - 2014-06-10 13:17 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\WTablet
2014-06-10 13:37 - 2014-06-10 13:37 - 34367392 _____ () C:\Users\Lavender\Downloads\WacomTablet_634-3(1).exe
2014-06-10 13:37 - 2014-06-10 13:36 - 39544032 _____ () C:\Users\Lavender\Downloads\WacomTablet_6.3.8-4.exe
2014-06-10 13:19 - 2013-11-20 20:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-10 13:14 - 2012-10-11 13:39 - 00000000 ____D () C:\Users\Lavender
2014-06-10 12:51 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-08 05:13 - 2014-06-10 13:29 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-10 13:29 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-01 13:48 - 2014-06-01 11:37 - 05632929 _____ () C:\Users\Lavender\Desktop\kuroko.psd
2014-05-30 06:21 - 2014-06-10 13:29 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-10 13:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-10 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-10 13:30 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-10 13:30 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:39 - 2014-06-10 13:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:38 - 2014-06-10 13:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-10 13:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-10 13:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-10 13:30 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-10 13:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:21 - 2014-06-10 13:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:20 - 2014-06-10 13:30 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-10 13:30 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-10 13:30 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-10 13:30 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-10 13:30 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-10 13:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-10 13:30 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-10 13:30 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-10 13:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-10 13:30 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-10 13:30 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-10 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-10 13:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-10 13:30 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-10 13:30 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-10 13:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-10 13:30 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-10 13:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-10 13:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-10 13:30 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-10 13:30 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-10 13:30 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-10 13:30 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-10 13:30 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-10 13:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-10 13:30 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-10 13:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-10 13:30 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-10 13:30 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-10 13:30 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-10 13:30 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-10 13:30 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-10 13:30 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-10 13:30 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-10 13:30 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-10 13:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-10 13:30 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-10 13:30 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-10 13:30 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-10 13:30 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 13:00 - 2014-05-29 12:59 - 00798657 _____ () C:\Users\Lavender\Downloads\john_silva_smudge_pack_2_0__painterly_edition__by_johnsilva-d7k68im.abr
2014-05-28 21:50 - 2014-05-28 21:50 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-28 21:48 - 2014-05-28 21:48 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Lavender\Downloads\SkypeSetup(1).exe

Some content of TEMP:
====================
C:\Users\Lavender\AppData\Local\Temp\Quarantine.exe
C:\Users\Lavender\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Lavender\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-12 19:19

==================== End Of Log ============================

 

 

 

the last step was the step I did first before everything right? only that time it made the Addition.txt log, this time it didnt make a new one or update it, so i'll attach the old addition log

Addition.txt

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lavender on Tue 07/01/2014 at  1:42:31.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Lavender\AppData\Roaming\mozilla\firefox\profiles\fsrmvid3.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/01/2014 at  2:28:31.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.214 - Report created 01/07/2014 at 02:43:41
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lavender - LAVENDER-PC
# Running from : C:\Users\Lavender\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Lavender\Documents\Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5262 octets] - [27/06/2014 14:38:19]
AdwCleaner[R1].txt - [1089 octets] - [01/07/2014 02:41:12]
AdwCleaner[s0].txt - [5285 octets] - [27/06/2014 14:43:00]
AdwCleaner[s1].txt - [1013 octets] - [01/07/2014 02:43:41]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1073 octets] ##########

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 7/1/2014 1:50:51 AM, SYSTEM, LAVENDER-PC, Scheduler, Malware Database, 2014.7.1.1, 2014.7.1.2,
Protection, 7/1/2014 1:50:52 AM, SYSTEM, LAVENDER-PC, Protection, Refresh, Starting,
Protection, 7/1/2014 1:50:52 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Stopping,
Protection, 7/1/2014 1:50:52 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Stopped,
Protection, 7/1/2014 1:51:01 AM, SYSTEM, LAVENDER-PC, Protection, Refresh, Success,
Protection, 7/1/2014 1:51:01 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Starting,
Protection, 7/1/2014 1:51:02 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Started,
Detection, 7/1/2014 1:58:40 AM, SYSTEM, LAVENDER-PC, Protection, Malware Protection, File, PUP.Optional.Conduit.A, C:\Users\Lavender\AppData\Local\TB\APISupport\APISupport.dll, Quarantine, [5afc564438437bbbbe25cae331d1e11f]
Protection, 7/1/2014 2:54:38 AM, SYSTEM, LAVENDER-PC, Protection, Malware Protection, Starting,
Protection, 7/1/2014 2:54:38 AM, SYSTEM, LAVENDER-PC, Protection, Malware Protection, Started,
Protection, 7/1/2014 2:54:38 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Starting,
Protection, 7/1/2014 2:54:47 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Started,
Update, 7/1/2014 2:59:17 AM, SYSTEM, LAVENDER-PC, Manual, Rootkit Database, 2014.6.30.1, 2014.7.1.1,
Protection, 7/1/2014 2:59:19 AM, SYSTEM, LAVENDER-PC, Protection, Refresh, Starting,
Protection, 7/1/2014 2:59:19 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Stopping,
Protection, 7/1/2014 2:59:19 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Stopped,
Protection, 7/1/2014 2:59:23 AM, SYSTEM, LAVENDER-PC, Protection, Refresh, Success,
Protection, 7/1/2014 2:59:23 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Starting,
Protection, 7/1/2014 2:59:23 AM, SYSTEM, LAVENDER-PC, Protection, Malicious Website Protection, Started,

(end)

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir    Win32/Conduit.SearchProtect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\ctypes\FirefoxCtype.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\Plugins\npFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\Lavender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0A9SJK1\APISupport[1].dll    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Lavender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCIUV6L9\MiniSP[1].dll    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\Lavender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMGS54HF\APISupport[1].dll    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Lavender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMGS54HF\MiniSP[1].dll    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\Lavender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBFMYEAZ\TBUpdaterLogic[1].dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Lavender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P4PLSIA3\TBUpdaterLogic[1].dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Lavender\AppData\Local\TB\APISupport\APISupport.old    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Lavender\AppData\Local\TB\APISupport\APISupport_2.1.0.8\ApiSupport.dll    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Lavender\AppData\Local\TB\APISupport\APISupport_2.2.0.9\ApiSupport.dll    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Lavender\AppData\Local\TB\APISupport\MiniSP_1.0.2.107\MiniSP.dll    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\Lavender\AppData\Local\TB\APISupport\MiniSP_1.0.2.93\MiniSP.dll    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\Lavender\AppData\Local\Temp\BrowserPlus2\nskD419.tbBro0.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Lavender\AppData\Local\Temp\BrowserPlus2\tbBro0.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Lavender\Downloads\HC2Setup.exe    Win32/Somoto.F potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\plugins\TBVerifier.dll    Win32/Toolbar.Conduit.AC potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\APISupport\APISupport.dll    Win32/Conduit.SearchProtect potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\plugins\ChromeApiPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\plugins\TBVerifier.dll    Win32/Toolbar.Conduit.AC potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\APISupport\APISupport.dll    Win32/Conduit.SearchProtect potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.31.0.526_0\plugins\ChromeApiPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2014
Ran by Lavender (administrator) on LAVENDER-PC on 01-07-2014 12:55:27
Running from C:\Users\Lavender\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\SysWOW64\WinService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [synAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [98088 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [sonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601976 2013-02-15] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-20] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-575857903-1907476137-2626480361-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-575857903-1907476137-2626480361-1001\...\Run: [Facebook Update] => C:\Users\Lavender\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-07] (Facebook Inc.)
HKU\S-1-5-21-575857903-1907476137-2626480361-1001\...\MountPoints2: {033cc77f-529f-11e2-932a-c860003cb0a3} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-575857903-1907476137-2626480361-1001\...\MountPoints2: {969e42ea-3cea-11e2-aed5-c860003cb0a3} - F:\LaunchU3.exe -a
HKU\S-1-5-21-575857903-1907476137-2626480361-1001\...\MountPoints2: {d5701999-5b3a-11e2-9981-c860003cb0a3} - F:\LaunchU3.exe -a
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe ()
Startup: C:\Users\Lavender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default
FF Homepage: hxxp://google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Lavender\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: deviantAnywhere - C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\deviantAnywhere@cvds.ro.xpi [2013-11-22]
FF Extension: Larry filter for Twitter - C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\larry@larryfilter.com.xpi [2013-02-02]
FF Extension: Scriptish - C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\scriptish@erikvold.com.xpi [2013-03-08]
FF Extension: FireFTP - C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-10-22]
FF Extension: Adblock Plus - C:\Users\Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\fsrmvid3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-11]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-10-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-20]

Chrome:
=======
CHR HomePage: https://www.google.com/
CHR StartupUrls: "https://chrome.google.com/webstore/category/themes?hl=en",
            "https://support.google.com/chrome/answer/95426"
CHR DefaultSearchKeyword: google.com.pe
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-02]
CHR Extension: (Adblock Plus) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-04]
CHR Extension: (Google Search) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-18]
CHR Extension: (Google Wallet) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (Gmail) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-01]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Lavender\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Lavender\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-27]

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-03] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-20] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-02-15] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-02-15] (BlueStack Systems, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-01] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 SCM_Service; C:\Windows\SysWOW64\WinService.exe [180224 2007-03-29] () [File not signed]
R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613760 2012-10-29] (Wacom Technology, Corp.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-20] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-20] ()
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-02-15] (BlueStack Systems)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [243200 2007-02-12] (Realtek Semiconductor Corporation                           )
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-24] (Anchorfree Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-01 12:55 - 2014-07-01 12:56 - 00025213 _____ () C:\Users\Lavender\Downloads\FRST.txt
2014-07-01 12:54 - 2014-07-01 12:54 - 02083328 _____ (Farbar) C:\Users\Lavender\Downloads\FRST64.exe
2014-07-01 12:50 - 2014-07-01 12:50 - 00005313 _____ () C:\Users\Lavender\Desktop\eset.txt
2014-07-01 03:55 - 2014-07-01 03:55 - 02347384 _____ (ESET) C:\Users\Lavender\Downloads\esetsmartinstaller_enu(1).exe
2014-07-01 02:40 - 2014-07-01 02:40 - 01346519 _____ () C:\Users\Lavender\Downloads\AdwCleaner(1).exe
2014-07-01 02:28 - 2014-07-01 02:28 - 00000770 _____ () C:\Users\Lavender\Desktop\JRT.txt
2014-07-01 01:39 - 2014-07-01 01:39 - 01016261 _____ (Thisisu) C:\Users\Lavender\Downloads\JRT(1).exe
2014-06-29 18:03 - 2014-06-29 18:04 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-06-29 17:56 - 2014-06-29 17:57 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-29 17:53 - 2014-06-29 17:56 - 356583291 _____ (Adobe Systems Inc. ) C:\Users\Lavender\Downloads\PhSp_CS2_English.exe
2014-06-27 15:29 - 2014-06-27 15:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-27 15:28 - 2014-06-27 15:28 - 02347384 _____ (ESET) C:\Users\Lavender\Downloads\esetsmartinstaller_enu.exe
2014-06-27 14:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-27 14:38 - 2014-07-01 02:43 - 00000000 ____D () C:\AdwCleaner
2014-06-27 14:37 - 2014-06-27 14:37 - 01342659 _____ () C:\Users\Lavender\Downloads\AdwCleaner.exe
2014-06-27 14:00 - 2014-06-27 14:00 - 00000000 ____D () C:\Windows\ERUNT
2014-06-26 10:49 - 2014-06-26 10:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-26 10:48 - 2014-06-26 10:48 - 05283416 _____ () C:\Users\Lavender\Downloads\RogueKillerX64.exe
2014-06-26 10:26 - 2014-07-01 02:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 10:25 - 2014-06-26 10:25 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 10:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-26 10:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 10:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-26 10:12 - 2014-06-26 10:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lavender\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-26 09:40 - 2014-06-26 09:40 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Lavender\Downloads\mbam-clean-2.0.2.0.exe
2014-06-26 09:39 - 2014-06-26 09:39 - 00000000 ____D () C:\Windows\ERDNT
2014-06-26 09:38 - 2014-06-26 09:38 - 00000926 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000926 _____ () C:\Users\Lavender\Desktop\NTREGOPT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000907 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000907 _____ () C:\Users\Lavender\Desktop\ERUNT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-26 09:21 - 2014-06-26 09:21 - 00791393 _____ (Lars Hederer ) C:\Users\Lavender\Downloads\erunt-setup.exe
2014-06-26 05:37 - 2014-06-26 05:37 - 30008226 _____ () C:\Users\Lavender\Desktop\Chess_Piece_Brushes_by_punkdoutkittn.abr
2014-06-26 01:18 - 2014-06-26 01:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2014-06-23 20:14 - 2014-06-25 13:19 - 11503946 _____ () C:\Users\Lavender\Desktop\dannphil.psd
2014-06-23 16:46 - 2014-06-24 13:08 - 46628583 _____ () C:\Users\Lavender\Desktop\sostrong.psd
2014-06-23 13:38 - 2014-06-26 06:02 - 90604024 _____ () C:\Users\Lavender\Desktop\nuuuuh.psd
2014-06-16 14:35 - 2014-06-25 16:33 - 58683539 _____ () C:\Users\Lavender\Desktop\menu.psd
2014-06-16 14:33 - 2014-06-16 14:33 - 00137377 _____ () C:\Users\Lavender\Desktop\Untitled-1.psd
2014-06-13 16:12 - 2014-06-13 17:00 - 00974848 _____ () C:\Users\Lavender\Desktop\original.sai
2014-06-12 23:40 - 2014-06-13 12:10 - 01949696 _____ () C:\Users\Lavender\Desktop\New canvas.sai
2014-06-10 14:24 - 2014-06-10 14:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 13:37 - 2014-06-10 13:37 - 34367392 _____ () C:\Users\Lavender\Downloads\WacomTablet_634-3(1).exe
2014-06-10 13:36 - 2014-06-10 13:37 - 39544032 _____ () C:\Users\Lavender\Downloads\WacomTablet_6.3.8-4.exe
2014-06-10 13:30 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 13:30 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 13:30 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 13:30 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 13:30 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 13:30 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 13:30 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 13:30 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 13:30 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 13:30 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 13:30 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 13:30 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 13:30 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 13:30 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 13:30 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 13:30 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 13:30 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 13:30 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 13:30 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 13:30 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 13:30 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 13:30 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 13:30 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 13:30 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 13:30 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 13:30 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 13:30 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 13:30 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 13:30 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 13:30 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 13:30 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 13:30 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 13:30 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 13:30 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 13:30 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 13:30 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 13:30 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 13:30 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 13:30 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 13:30 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 13:30 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 13:30 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 13:30 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 13:30 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 13:30 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 13:30 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 13:30 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 13:30 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 13:30 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 13:30 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 13:30 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 13:30 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-10 13:30 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 13:30 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 13:30 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 13:30 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 13:30 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 13:30 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 13:30 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 13:30 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 13:30 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 13:30 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 13:30 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 13:30 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 13:30 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 13:29 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 13:29 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-10 13:29 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 13:17 - 2014-06-10 13:38 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\WTablet
2014-06-01 11:37 - 2014-06-01 13:48 - 05632929 _____ () C:\Users\Lavender\Desktop\kuroko.psd

==================== One Month Modified Files and Folders =======

2014-07-01 12:56 - 2014-07-01 12:55 - 00025213 _____ () C:\Users\Lavender\Downloads\FRST.txt
2014-07-01 12:55 - 2014-05-19 10:31 - 00000000 ____D () C:\FRST
2014-07-01 12:54 - 2014-07-01 12:54 - 02083328 _____ (Farbar) C:\Users\Lavender\Downloads\FRST64.exe
2014-07-01 12:51 - 2012-10-11 23:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-01 12:50 - 2014-07-01 12:50 - 00005313 _____ () C:\Users\Lavender\Desktop\eset.txt
2014-07-01 12:49 - 2013-03-07 17:21 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575857903-1907476137-2626480361-1001UA.job
2014-07-01 12:49 - 2012-10-18 21:41 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-01 12:49 - 2012-10-12 12:00 - 00000387 _____ () C:\Users\Lavender\AppData\Roaming\sp_data.sys
2014-07-01 12:49 - 2012-03-14 14:51 - 01387566 _____ () C:\Windows\WindowsUpdate.log
2014-07-01 05:10 - 2012-10-18 21:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-01 03:55 - 2014-07-01 03:55 - 02347384 _____ (ESET) C:\Users\Lavender\Downloads\esetsmartinstaller_enu(1).exe
2014-07-01 03:29 - 2012-10-14 21:12 - 00000000 ____D () C:\Users\Lavender\Desktop\kurot
2014-07-01 03:01 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-01 03:01 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-01 02:59 - 2014-06-26 10:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 02:55 - 2012-10-11 13:39 - 00058864 _____ () C:\Users\Lavender\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-01 02:54 - 2013-11-24 23:11 - 00014686 _____ () C:\Windows\setupact.log
2014-07-01 02:54 - 2012-12-31 18:53 - 00000000 ____D () C:\Temp
2014-07-01 02:54 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-01 02:54 - 2009-07-14 00:45 - 04827008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-01 02:52 - 2014-01-28 17:10 - 00446024 _____ () C:\Windows\PFRO.log
2014-07-01 02:43 - 2014-06-27 14:38 - 00000000 ____D () C:\AdwCleaner
2014-07-01 02:40 - 2014-07-01 02:40 - 01346519 _____ () C:\Users\Lavender\Downloads\AdwCleaner(1).exe
2014-07-01 02:28 - 2014-07-01 02:28 - 00000770 _____ () C:\Users\Lavender\Desktop\JRT.txt
2014-07-01 01:39 - 2014-07-01 01:39 - 01016261 _____ (Thisisu) C:\Users\Lavender\Downloads\JRT(1).exe
2014-07-01 01:37 - 2014-05-05 10:01 - 00000000 ____D () C:\Users\Lavender\Desktop\chibis2014
2014-07-01 01:07 - 2012-11-23 15:44 - 00000000 ____D () C:\ProgramData\Macromedia
2014-07-01 01:07 - 2012-11-23 15:43 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2014-07-01 01:03 - 2012-11-23 15:43 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-07-01 01:03 - 2012-11-23 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2014-07-01 00:50 - 2012-10-11 14:20 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-01 00:48 - 2012-10-11 13:44 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\Adobe
2014-07-01 00:47 - 2012-10-11 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-01 00:40 - 2009-07-14 01:13 - 00799008 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 17:10 - 2013-03-07 17:21 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575857903-1907476137-2626480361-1001Core.job
2014-06-29 18:13 - 2012-10-11 14:17 - 00000000 ____D () C:\Users\Lavender\AppData\Local\Adobe
2014-06-29 18:04 - 2014-06-29 18:03 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-06-29 18:01 - 2012-10-11 14:19 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-29 17:57 - 2014-06-29 17:56 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-29 17:56 - 2014-06-29 17:53 - 356583291 _____ (Adobe Systems Inc. ) C:\Users\Lavender\Downloads\PhSp_CS2_English.exe
2014-06-28 13:17 - 2012-10-11 14:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-28 13:14 - 2012-10-18 21:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-28 13:10 - 2013-01-22 21:49 - 00000000 ____D () C:\ProgramData\VMware
2014-06-28 13:06 - 2013-01-22 22:00 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\VMware
2014-06-27 15:29 - 2014-06-27 15:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-27 15:28 - 2014-06-27 15:28 - 02347384 _____ (ESET) C:\Users\Lavender\Downloads\esetsmartinstaller_enu.exe
2014-06-27 14:37 - 2014-06-27 14:37 - 01342659 _____ () C:\Users\Lavender\Downloads\AdwCleaner.exe
2014-06-27 14:00 - 2014-06-27 14:00 - 00000000 ____D () C:\Windows\ERUNT
2014-06-27 13:51 - 2013-11-20 20:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-27 13:40 - 2012-12-13 04:44 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\SoftGrid Client
2014-06-26 10:49 - 2014-06-26 10:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-26 10:48 - 2014-06-26 10:48 - 05283416 _____ () C:\Users\Lavender\Downloads\RogueKillerX64.exe
2014-06-26 10:25 - 2014-06-26 10:25 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 10:10 - 2014-06-26 10:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lavender\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-26 09:40 - 2014-06-26 09:40 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Lavender\Downloads\mbam-clean-2.0.2.0.exe
2014-06-26 09:39 - 2014-06-26 09:39 - 00000000 ____D () C:\Windows\ERDNT
2014-06-26 09:38 - 2014-06-26 09:38 - 00000926 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000926 _____ () C:\Users\Lavender\Desktop\NTREGOPT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000907 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000907 _____ () C:\Users\Lavender\Desktop\ERUNT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-26 09:21 - 2014-06-26 09:21 - 00791393 _____ (Lars Hederer ) C:\Users\Lavender\Downloads\erunt-setup.exe
2014-06-26 06:07 - 2014-05-02 15:47 - 00000000 ____D () C:\Users\Lavender\Desktop\Prints
2014-06-26 06:02 - 2014-06-23 13:38 - 90604024 _____ () C:\Users\Lavender\Desktop\nuuuuh.psd
2014-06-26 05:37 - 2014-06-26 05:37 - 30008226 _____ () C:\Users\Lavender\Desktop\Chess_Piece_Brushes_by_punkdoutkittn.abr
2014-06-26 01:18 - 2014-06-26 01:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2014-06-26 01:17 - 2012-11-07 04:09 - 00000000 ____D () C:\Program Files\Tablet
2014-06-25 16:35 - 2014-04-28 08:12 - 00000000 ____D () C:\Users\Lavender\Desktop\newprints
2014-06-25 16:33 - 2014-06-16 14:35 - 58683539 _____ () C:\Users\Lavender\Desktop\menu.psd
2014-06-25 13:19 - 2014-06-23 20:14 - 11503946 _____ () C:\Users\Lavender\Desktop\dannphil.psd
2014-06-24 15:27 - 2014-04-19 14:10 - 00000000 ____D () C:\Users\Lavender\Desktop\colos
2014-06-24 13:08 - 2014-06-23 16:46 - 46628583 _____ () C:\Users\Lavender\Desktop\sostrong.psd
2014-06-23 12:30 - 2012-10-11 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 16:00 - 2012-11-14 02:55 - 00000132 _____ () C:\Users\Lavender\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-06-17 15:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-17 05:05 - 2012-10-18 21:41 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-17 05:05 - 2012-10-18 21:41 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-16 14:33 - 2014-06-16 14:33 - 00137377 _____ () C:\Users\Lavender\Desktop\Untitled-1.psd
2014-06-13 17:00 - 2014-06-13 16:12 - 00974848 _____ () C:\Users\Lavender\Desktop\original.sai
2014-06-13 12:10 - 2014-06-12 23:40 - 01949696 _____ () C:\Users\Lavender\Desktop\New canvas.sai
2014-06-12 09:52 - 2014-04-14 02:11 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 07:20 - 2014-05-07 07:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 17:05 - 2014-05-28 21:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-10 17:05 - 2014-05-28 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-10 17:05 - 2014-04-14 14:31 - 00000000 ____D () C:\Program Files\TabletPlugins
2014-06-10 17:05 - 2014-04-14 14:31 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-06-10 17:05 - 2013-08-31 23:29 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\vlc
2014-06-10 17:05 - 2012-10-18 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-10 17:05 - 2012-10-18 11:09 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\Skype
2014-06-10 17:05 - 2012-10-18 11:09 - 00000000 ____D () C:\ProgramData\Skype
2014-06-10 17:05 - 2012-10-12 11:51 - 00000000 ____D () C:\ProgramData\P4G
2014-06-10 17:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-06-10 17:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-06-10 14:24 - 2014-06-10 14:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 13:38 - 2014-06-10 13:17 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\WTablet
2014-06-10 13:37 - 2014-06-10 13:37 - 34367392 _____ () C:\Users\Lavender\Downloads\WacomTablet_634-3(1).exe
2014-06-10 13:37 - 2014-06-10 13:36 - 39544032 _____ () C:\Users\Lavender\Downloads\WacomTablet_6.3.8-4.exe
2014-06-10 13:19 - 2013-11-20 20:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-10 13:14 - 2012-10-11 13:39 - 00000000 ____D () C:\Users\Lavender
2014-06-10 12:51 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-08 05:13 - 2014-06-10 13:29 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-10 13:29 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-01 13:48 - 2014-06-01 11:37 - 05632929 _____ () C:\Users\Lavender\Desktop\kuroko.psd

Some content of TEMP:
====================
C:\Users\Lavender\AppData\Local\Temp\Quarantine.exe
C:\Users\Lavender\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Lavender\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-29 19:34

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

NEXT:

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
  • RESTART THE COMPUTER NOW!!

 

 

NEXT:

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

 

 

Link to post
Share on other sites

I did the first thing, but when it told me it will open the log, it said that 'it wasnt found'

but i did a search and found this, I don't know if it was bad that it couldnt find it, but yeah. I'll do the next steps now

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Jul 02 02:56:44 2014

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

------------------------------------

Finished reporting.



JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Jul 02 02:57:30 2014

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

------------------------------------

Finished reporting.


 

Link to post
Share on other sites

  • Root Admin

Please try running TFC again now and let me know.

 

When you say you were without Internet was that due to an ISP issue?

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

TFC ran smoothly

 

(no I was without internet because of being away from home with no wifi)

the log for checkup.txt

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Trend Micro Titanium Internet Security   
avast! Antivirus                         
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 14.0.0.145  
 Mozilla Firefox (30.0)
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 Trend Micro Titanium TiMiniService.exe  
 Trend Micro Titanium TiResumeSrv.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

MBAM is working now, and the computer seems to be fine.

the only thing that's a little odd is that it takes a while to load the desktop when restarting now, not sure if that's normal?

One last thing, I don't think this is triggered by an infection, but it always does it when booting up BrcIuVcCYAAfZ4x.jpg

Link to post
Share on other sites

  • Root Admin

It should not be doing it every restart. That is an indication of an issue that could be software or hardware related.

 

Please run a new FRST scan and make sure you put a check mark in the ADDITIONS.TXT check box and post back both new logs and I'll take a look.  Once a disk check completes it should not need to run again.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Lavender (administrator) on LAVENDER-PC on 16-07-2014 10:46:20
Running from C:\Users\Lavender\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: "https://support.google.com/chrome/answer/95426"
CHR DefaultSearchKeyword: google.com.pe
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-02]
CHR Extension: (Adblock Plus) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-04]
CHR Extension: (Google Search) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-18]
CHR Extension: (Google Wallet) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (Gmail) - C:\Users\Lavender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-01]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Lavender\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Lavender\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-27]

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-03] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-20] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-02-15] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-02-15] (BlueStack Systems, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-01] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 SCM_Service; C:\Windows\SysWOW64\WinService.exe [180224 2007-03-29] () [File not signed]
R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613760 2012-10-29] (Wacom Technology, Corp.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-20] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-20] ()
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-02-15] (BlueStack Systems)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-10] (Malwarebytes Corporation)
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [243200 2007-02-12] (Realtek Semiconductor Corporation                           )
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-24] (Anchorfree Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 10:46 - 2014-07-16 10:47 - 00023343 _____ () C:\Users\Lavender\Desktop\FRST.txt
2014-07-16 10:44 - 2014-07-16 10:44 - 02086912 _____ (Farbar) C:\Users\Lavender\Desktop\FRST64(1).exe
2014-07-10 09:09 - 2014-07-10 09:09 - 00854390 _____ () C:\Users\Lavender\Downloads\SecurityCheck.exe
2014-07-08 14:29 - 2014-07-08 14:30 - 00752704 _____ () C:\Windows\Minidump\070814-34086-01.dmp
2014-07-07 23:04 - 2014-07-07 23:05 - 00816352 _____ () C:\Windows\Minidump\070714-34788-01.dmp
2014-07-07 22:04 - 2014-07-07 22:04 - 00000000 ____D () C:\Users\Lavender\AppData\Local\CrashDumps
2014-07-06 23:18 - 2014-07-06 23:18 - 00025009 _____ () C:\ComboFix.txt
2014-07-06 23:07 - 2014-07-06 23:18 - 00000000 ____D () C:\Qoobox
2014-07-06 23:07 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-06 23:07 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-06 23:07 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-06 23:07 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-06 23:07 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-06 23:07 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-06 23:07 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-06 23:07 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-06 22:59 - 2014-07-06 22:59 - 05215766 ____R (Swearware) C:\Users\Lavender\Desktop\ComboFix.exe
2014-07-06 22:20 - 2014-07-06 22:20 - 00448512 _____ (OldTimer Tools) C:\Users\Lavender\Downloads\TFC.exe
2014-07-05 02:17 - 2014-07-05 02:17 - 00000000 ____D () C:\Users\Lavender\Desktop\bae
2014-07-02 03:09 - 2014-07-02 03:17 - 00008100 _____ () C:\Users\Lavender\Desktop\TFC.exe
2014-07-02 03:00 - 2014-07-02 03:00 - 00006816 _____ () C:\Users\Lavender\Desktop\JavaRa.log
2014-07-02 02:54 - 2014-07-02 02:54 - 00000000 ____D () C:\Users\Lavender\Desktop\RemoveJava
2014-07-02 02:53 - 2014-07-02 02:53 - 00165483 _____ () C:\Users\Lavender\Downloads\JavaRa-1.16-28-5-13.zip
2014-07-01 12:57 - 2014-07-01 12:57 - 00035589 _____ () C:\Users\Lavender\Downloads\Addition.txt
2014-07-01 12:55 - 2014-07-01 12:57 - 00050225 _____ () C:\Users\Lavender\Downloads\FRST.txt
2014-07-01 12:54 - 2014-07-01 12:54 - 02083328 _____ (Farbar) C:\Users\Lavender\Downloads\FRST64.exe
2014-07-01 03:55 - 2014-07-01 03:55 - 02347384 _____ (ESET) C:\Users\Lavender\Downloads\esetsmartinstaller_enu(1).exe
2014-07-01 02:40 - 2014-07-01 02:40 - 01346519 _____ () C:\Users\Lavender\Downloads\AdwCleaner(1).exe
2014-07-01 01:39 - 2014-07-01 01:39 - 01016261 _____ (Thisisu) C:\Users\Lavender\Downloads\JRT(1).exe
2014-06-29 18:24 - 2014-06-29 18:27 - 166059266 _____ () C:\Users\Lavender\Downloads\adobe white rabbit (photoshop cs5) portable.rar
2014-06-29 18:03 - 2014-06-29 18:04 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-06-29 17:56 - 2014-06-29 17:57 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-29 17:53 - 2014-06-29 17:56 - 356583291 _____ (Adobe Systems Inc. ) C:\Users\Lavender\Downloads\PhSp_CS2_English.exe
2014-06-27 15:29 - 2014-06-27 15:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-27 15:28 - 2014-06-27 15:28 - 02347384 _____ (ESET) C:\Users\Lavender\Downloads\esetsmartinstaller_enu.exe
2014-06-27 14:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-27 14:38 - 2014-07-01 02:43 - 00000000 ____D () C:\AdwCleaner
2014-06-27 14:37 - 2014-06-27 14:37 - 01342659 _____ () C:\Users\Lavender\Downloads\AdwCleaner.exe
2014-06-27 14:00 - 2014-06-27 14:00 - 00000000 ____D () C:\Windows\ERUNT
2014-06-26 10:49 - 2014-06-26 10:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-26 10:48 - 2014-06-26 10:48 - 05283416 _____ () C:\Users\Lavender\Downloads\RogueKillerX64.exe
2014-06-26 10:26 - 2014-07-10 09:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 10:25 - 2014-06-26 10:25 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 10:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-26 10:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 10:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-26 10:12 - 2014-06-26 10:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lavender\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-26 09:40 - 2014-06-26 09:40 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Lavender\Downloads\mbam-clean-2.0.2.0.exe
2014-06-26 09:39 - 2014-07-06 23:16 - 00000000 ____D () C:\Windows\ERDNT
2014-06-26 09:38 - 2014-06-26 09:38 - 00000926 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000926 _____ () C:\Users\Lavender\Desktop\NTREGOPT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000907 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000907 _____ () C:\Users\Lavender\Desktop\ERUNT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-26 09:21 - 2014-06-26 09:21 - 00791393 _____ (Lars Hederer ) C:\Users\Lavender\Downloads\erunt-setup.exe
2014-06-26 05:37 - 2014-06-26 05:37 - 30008226 _____ () C:\Users\Lavender\Desktop\Chess_Piece_Brushes_by_punkdoutkittn.abr
2014-06-26 01:18 - 2014-06-26 01:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2014-06-23 20:14 - 2014-06-25 13:19 - 11503946 _____ () C:\Users\Lavender\Desktop\dannphil.psd
2014-06-23 16:46 - 2014-06-24 13:08 - 46628583 _____ () C:\Users\Lavender\Desktop\sostrong.psd
2014-06-23 13:38 - 2014-06-26 06:02 - 90604024 _____ () C:\Users\Lavender\Desktop\nuuuuh.psd
2014-06-16 14:35 - 2014-06-25 16:33 - 58683539 _____ () C:\Users\Lavender\Desktop\menu.psd
2014-06-16 14:33 - 2014-06-16 14:33 - 00137377 _____ () C:\Users\Lavender\Desktop\Untitled-1.psd

==================== One Month Modified Files and Folders =======

2014-07-16 10:47 - 2014-07-16 10:46 - 00023343 _____ () C:\Users\Lavender\Desktop\FRST.txt
2014-07-16 10:46 - 2014-05-19 10:31 - 00000000 ____D () C:\FRST
2014-07-16 10:44 - 2014-07-16 10:44 - 02086912 _____ (Farbar) C:\Users\Lavender\Desktop\FRST64(1).exe
2014-07-16 10:26 - 2013-03-07 17:21 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575857903-1907476137-2626480361-1001UA.job
2014-07-16 10:10 - 2012-10-18 21:41 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 09:51 - 2012-10-11 23:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 09:47 - 2012-03-14 14:51 - 01193481 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 09:36 - 2012-10-18 21:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 09:36 - 2012-10-12 12:00 - 00000387 _____ () C:\Users\Lavender\AppData\Roaming\sp_data.sys
2014-07-16 00:42 - 2014-04-19 14:10 - 00000000 ____D () C:\Users\Lavender\Desktop\colos
2014-07-15 16:26 - 2013-03-07 17:21 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575857903-1907476137-2626480361-1001Core.job
2014-07-15 15:35 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 15:35 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 09:25 - 2013-11-20 20:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-10 09:09 - 2014-07-10 09:09 - 00854390 _____ () C:\Users\Lavender\Downloads\SecurityCheck.exe
2014-07-10 09:09 - 2014-06-26 10:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 09:07 - 2012-12-31 18:53 - 00000000 ____D () C:\Temp
2014-07-09 20:07 - 2013-11-24 23:11 - 00015078 _____ () C:\Windows\setupact.log
2014-07-09 20:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-08 23:16 - 2012-10-11 23:13 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 23:16 - 2012-10-11 23:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 23:16 - 2012-10-11 23:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 14:30 - 2014-07-08 14:29 - 00752704 _____ () C:\Windows\Minidump\070814-34086-01.dmp
2014-07-08 14:29 - 2014-05-19 08:20 - 612332868 _____ () C:\Windows\MEMORY.DMP
2014-07-08 14:29 - 2012-10-19 14:44 - 00000000 ____D () C:\Windows\Minidump
2014-07-07 23:05 - 2014-07-07 23:04 - 00816352 _____ () C:\Windows\Minidump\070714-34788-01.dmp
2014-07-07 22:04 - 2014-07-07 22:04 - 00000000 ____D () C:\Users\Lavender\AppData\Local\CrashDumps
2014-07-07 14:02 - 2014-05-02 15:47 - 00000000 ____D () C:\Users\Lavender\Desktop\Prints
2014-07-07 09:46 - 2014-01-28 17:10 - 00446558 _____ () C:\Windows\PFRO.log
2014-07-06 23:18 - 2014-07-06 23:18 - 00025009 _____ () C:\ComboFix.txt
2014-07-06 23:18 - 2014-07-06 23:07 - 00000000 ____D () C:\Qoobox
2014-07-06 23:18 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-07-06 23:16 - 2014-06-26 09:39 - 00000000 ____D () C:\Windows\ERDNT
2014-07-06 23:15 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-06 22:59 - 2014-07-06 22:59 - 05215766 ____R (Swearware) C:\Users\Lavender\Desktop\ComboFix.exe
2014-07-06 22:20 - 2014-07-06 22:20 - 00448512 _____ (OldTimer Tools) C:\Users\Lavender\Downloads\TFC.exe
2014-07-06 21:54 - 2012-12-13 04:44 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\SoftGrid Client
2014-07-05 02:17 - 2014-07-05 02:17 - 00000000 ____D () C:\Users\Lavender\Desktop\bae
2014-07-02 15:33 - 2012-12-27 18:37 - 00000000 ____D () C:\Users\Lavender\Desktop\tones
2014-07-02 03:17 - 2014-07-02 03:09 - 00008100 _____ () C:\Users\Lavender\Desktop\TFC.exe
2014-07-02 03:00 - 2014-07-02 03:00 - 00006816 _____ () C:\Users\Lavender\Desktop\JavaRa.log
2014-07-02 02:56 - 2012-10-11 13:39 - 00000000 ____D () C:\Users\Lavender\AppData\Local\VirtualStore
2014-07-02 02:54 - 2014-07-02 02:54 - 00000000 ____D () C:\Users\Lavender\Desktop\RemoveJava
2014-07-02 02:53 - 2014-07-02 02:53 - 00165483 _____ () C:\Users\Lavender\Downloads\JavaRa-1.16-28-5-13.zip
2014-07-01 12:57 - 2014-07-01 12:57 - 00035589 _____ () C:\Users\Lavender\Downloads\Addition.txt
2014-07-01 12:57 - 2014-07-01 12:55 - 00050225 _____ () C:\Users\Lavender\Downloads\FRST.txt
2014-07-01 12:54 - 2014-07-01 12:54 - 02083328 _____ (Farbar) C:\Users\Lavender\Downloads\FRST64.exe
2014-07-01 03:55 - 2014-07-01 03:55 - 02347384 _____ (ESET) C:\Users\Lavender\Downloads\esetsmartinstaller_enu(1).exe
2014-07-01 03:29 - 2012-10-14 21:12 - 00000000 ____D () C:\Users\Lavender\Desktop\kurot
2014-07-01 02:55 - 2012-10-11 13:39 - 00058864 _____ () C:\Users\Lavender\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-01 02:54 - 2009-07-14 00:45 - 04827008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-01 02:43 - 2014-06-27 14:38 - 00000000 ____D () C:\AdwCleaner
2014-07-01 02:40 - 2014-07-01 02:40 - 01346519 _____ () C:\Users\Lavender\Downloads\AdwCleaner(1).exe
2014-07-01 01:39 - 2014-07-01 01:39 - 01016261 _____ (Thisisu) C:\Users\Lavender\Downloads\JRT(1).exe
2014-07-01 01:37 - 2014-05-05 10:01 - 00000000 ____D () C:\Users\Lavender\Desktop\chibis2014
2014-07-01 01:07 - 2012-11-23 15:44 - 00000000 ____D () C:\ProgramData\Macromedia
2014-07-01 01:07 - 2012-11-23 15:43 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2014-07-01 01:03 - 2012-11-23 15:43 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-07-01 01:03 - 2012-11-23 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2014-07-01 00:50 - 2012-10-11 14:20 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-01 00:48 - 2012-10-11 13:44 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\Adobe
2014-07-01 00:47 - 2012-10-11 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-01 00:40 - 2009-07-14 01:13 - 00799008 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 18:27 - 2014-06-29 18:24 - 166059266 _____ () C:\Users\Lavender\Downloads\adobe white rabbit (photoshop cs5) portable.rar
2014-06-29 18:13 - 2012-10-11 14:17 - 00000000 ____D () C:\Users\Lavender\AppData\Local\Adobe
2014-06-29 18:04 - 2014-06-29 18:03 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-06-29 18:01 - 2012-10-11 14:19 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-29 17:57 - 2014-06-29 17:56 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-06-29 17:56 - 2014-06-29 17:53 - 356583291 _____ (Adobe Systems Inc. ) C:\Users\Lavender\Downloads\PhSp_CS2_English.exe
2014-06-28 13:17 - 2012-10-11 14:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-28 13:14 - 2012-10-18 21:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-28 13:10 - 2013-01-22 21:49 - 00000000 ____D () C:\ProgramData\VMware
2014-06-28 13:06 - 2013-01-22 22:00 - 00000000 ____D () C:\Users\Lavender\AppData\Roaming\VMware
2014-06-27 15:29 - 2014-06-27 15:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-27 15:28 - 2014-06-27 15:28 - 02347384 _____ (ESET) C:\Users\Lavender\Downloads\esetsmartinstaller_enu.exe
2014-06-27 14:37 - 2014-06-27 14:37 - 01342659 _____ () C:\Users\Lavender\Downloads\AdwCleaner.exe
2014-06-27 14:00 - 2014-06-27 14:00 - 00000000 ____D () C:\Windows\ERUNT
2014-06-26 10:49 - 2014-06-26 10:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-26 10:48 - 2014-06-26 10:48 - 05283416 _____ () C:\Users\Lavender\Downloads\RogueKillerX64.exe
2014-06-26 10:25 - 2014-06-26 10:25 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 10:25 - 2014-06-26 10:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 10:10 - 2014-06-26 10:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lavender\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-26 09:40 - 2014-06-26 09:40 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Lavender\Downloads\mbam-clean-2.0.2.0.exe
2014-06-26 09:38 - 2014-06-26 09:38 - 00000926 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000926 _____ () C:\Users\Lavender\Desktop\NTREGOPT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000907 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000907 _____ () C:\Users\Lavender\Desktop\ERUNT.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-26 09:21 - 2014-06-26 09:21 - 00791393 _____ (Lars Hederer ) C:\Users\Lavender\Downloads\erunt-setup.exe
2014-06-26 06:02 - 2014-06-23 13:38 - 90604024 _____ () C:\Users\Lavender\Desktop\nuuuuh.psd
2014-06-26 05:37 - 2014-06-26 05:37 - 30008226 _____ () C:\Users\Lavender\Desktop\Chess_Piece_Brushes_by_punkdoutkittn.abr
2014-06-26 01:18 - 2014-06-26 01:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2014-06-26 01:17 - 2012-11-07 04:09 - 00000000 ____D () C:\Program Files\Tablet
2014-06-25 16:35 - 2014-04-28 08:12 - 00000000 ____D () C:\Users\Lavender\Desktop\newprints
2014-06-25 16:33 - 2014-06-16 14:35 - 58683539 _____ () C:\Users\Lavender\Desktop\menu.psd
2014-06-25 13:19 - 2014-06-23 20:14 - 11503946 _____ () C:\Users\Lavender\Desktop\dannphil.psd
2014-06-24 13:08 - 2014-06-23 16:46 - 46628583 _____ () C:\Users\Lavender\Desktop\sostrong.psd
2014-06-23 12:30 - 2012-10-11 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 16:00 - 2012-11-14 02:55 - 00000132 _____ () C:\Users\Lavender\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-06-17 15:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-17 05:05 - 2012-10-18 21:41 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-17 05:05 - 2012-10-18 21:41 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-16 14:33 - 2014-06-16 14:33 - 00137377 _____ () C:\Users\Lavender\Desktop\Untitled-1.psd

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-15 15:28

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by Lavender at 2014-07-16 10:48:00
Running from C:\Users\Lavender\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Sonic Focus (HKLM-x32\...\{B0002707-4F7E-4745-88A7-852DA8A88635}) (Version: 1.0.0.5 - Synopsys )
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2008 - Avast Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.9.860 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{CD9D0827-A6D6-4E2C-B31E-23F01577E27B}) (Version: 0.7.9.860 - BlueStack Systems, Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GraphicsGale version 1.93.21 (HKLM-x32\...\GraphicsGale_is1) (Version:  - HUMANBALANCE Co.,Ltd.)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.25.01 - Hyperionics Technology LLC)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.1.10 - ASUS)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
JTablet (HKLM-x32\...\JTablet) (Version:  - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia)
Macromedia Flash Player 8 Plugin (HKLM-x32\...\{91057632-CA70-413C-B628-2D3CDBBB906B}) (Version: 8.0.22.0 - Macromedia)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MotoHelper 2.1.40 Driver 5.5.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.40 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.5.0 (Version: 5.5.0 - Motorola Inc.) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WG111v2 wireless USB 2.0 adapter (HKLM-x32\...\{4102037D-E8E0-48E0-B203-E521D194FB71}) (Version: 1.0.0.133 - NETGEAR)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA Control Panel 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6499 - Realtek Semiconductor Corp.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.17.0 - Synaptics Incorporated)
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro Titanium Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.4-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)

==================== Restore Points  =========================

28-06-2014 17:12:58 Removed SketchUp Pro 8
29-06-2014 22:01:06 Installed Adobe Photoshop CS2
01-07-2014 04:58:06 Removed Macromedia Dreamweaver 8
01-07-2014 05:01:37 Removed Macromedia Flash 8
02-07-2014 06:50:56 Removed Java 7 Update 9
07-07-2014 02:15:40 Windows Backup
15-07-2014 13:25:08 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-07-06 23:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {07E3EA81-F4C0-4121-8E84-045C81BD9C8C} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.)
Task: {248FCB3F-665A-440E-821C-4389F8EC270E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {4D988043-B2D9-4B11-96F6-E40A5D2D4C1D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {68ADC474-4C06-4D0C-8375-8C95B8035CDD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-575857903-1907476137-2626480361-1001Core => C:\Users\Lavender\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-07] (Facebook Inc.)
Task: {78D2A3FA-458A-4EB7-800C-295E4182C736} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()
Task: {9D783B65-F8DE-4971-8C35-87A95B1AF4A0} - System32\Tasks\AdobeAAMUpdater-1.0-Lavender-PC-Lavender => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {9FAD161F-E7E3-4913-994E-D1F048D9845E} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()
Task: {A1D90B72-D0FA-43CD-B3F3-D0D4347D6CBF} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()
Task: {A65BDC29-B8BE-4168-92FF-F14A9B651F66} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-20] (AVAST Software)
Task: {BA1751AA-454A-40FC-A3F5-F5F5C0E0B26D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-575857903-1907476137-2626480361-1001UA => C:\Users\Lavender\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-07] (Facebook Inc.)
Task: {BAB76798-89BC-4F13-B369-B7CB50C9B24D} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)
Task: {DA1BCF23-B1A4-4382-B7DC-BF37EDF65457} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18] (Google Inc.)
Task: {DEE79AA0-40A0-4A9A-B33E-CB4A034FAEB4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E8BB349B-9B47-49FE-AFA3-315B0379EBA9} - \VisualBeeRecovery No Task File <==== ATTENTION
Task: {EBC2F14E-141C-4088-823E-02FA87607E34} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {FA238485-E4DB-44B9-8A97-4B201DC62028} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575857903-1907476137-2626480361-1001Core.job => C:\Users\Lavender\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575857903-1907476137-2626480361-1001UA.job => C:\Users\Lavender\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-14 14:55 - 2012-10-02 15:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-07-27 23:07 - 2011-07-27 23:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-02-01 17:55 - 2012-02-01 17:55 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2013-01-22 21:43 - 2007-03-29 19:42 - 00180224 _____ () C:\Windows\SysWOW64\WinService.exe
2011-12-06 07:25 - 2011-07-21 06:59 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-07-27 23:07 - 2011-07-27 23:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-12-06 07:22 - 2011-07-26 03:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-22 21:43 - 2007-05-14 19:26 - 01261568 _____ () C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-04-14 14:31 - 2012-10-29 08:14 - 01184640 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2012-02-01 17:55 - 2012-02-01 17:55 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2011-10-18 00:29 - 2010-09-17 04:52 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2011-10-18 00:29 - 2010-09-17 04:52 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2014-07-16 09:36 - 2014-07-16 03:43 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071600\algo.dll
2012-01-31 09:25 - 2012-01-31 09:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-11-20 20:08 - 2013-11-20 20:08 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2012-02-06 19:32 - 2012-02-06 19:32 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 12:57 - 2010-08-20 12:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 12:57 - 2010-08-20 12:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-06-10 14:24 - 2014-06-10 14:24 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-08 23:16 - 2014-07-08 23:16 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2014 00:18:13 AM) (Source: Google Update) (EventID: 20) (User: Lavender-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (07/15/2014 03:30:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/15/2014 03:30:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/15/2014 03:29:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/15/2014 03:29:14 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/15/2014 09:35:03 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).

Error: (07/09/2014 08:08:18 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/08/2014 02:37:36 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (07/08/2014 02:30:55 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/07/2014 11:08:38 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path


System errors:
=============
Error: (07/14/2014 04:33:15 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (07/10/2014 09:38:23 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/10/2014 09:07:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (07/10/2014 09:07:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (07/09/2014 08:19:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/09/2014 08:10:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/09/2014 08:10:24 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/09/2014 08:08:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (07/09/2014 07:55:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASLDR Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/09/2014 03:23:19 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.


Microsoft Office Sessions:
=========================
Error: (07/16/2014 00:18:13 AM) (Source: Google Update) (EventID: 20) (User: Lavender-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (07/15/2014 03:30:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Lavender\downloads\esetsmartinstaller_enu.exe

Error: (07/15/2014 03:30:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Lavender\downloads\esetsmartinstaller_enu(1).exe

Error: (07/15/2014 03:29:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/15/2014 03:29:14 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/15/2014 09:35:03 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF)

Error: (07/09/2014 08:08:18 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/08/2014 02:37:36 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (07/08/2014 02:30:55 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/07/2014 11:08:38 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path


CodeIntegrity Errors:
===================================
  Date: 2014-07-06 23:15:00.834
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-06 23:15:00.724
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 5920.05 MB
Available physical RAM: 2850.08 MB
Total Pagefile: 11838.29 MB
Available Pagefile: 8807.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:206.24 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:392.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=279 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=394 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

The logs indicate that you're using 2 different antivirus products which can certainly be causing unexpected issues. Please choose one or the other and fully uninstall the other one.

 

Only keep one of these

 

Trend Micro Titanium Internet Security
avast! Antivirus

 

After you have fully removed one then run the following again as the logs show that Java was not fully removed.

 

 

 

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:


  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 
 

 

Then restart the computer 2 times and run a new FRST scan and make sure you place a check mark in the ADDITIONS.TXT check box and post back both new logs

Link to post
Share on other sites

removed one of the antiviruses, restarted, ran the JavaRa but got some errors? i dont know if they have to do with java still being in my system even after trying to remove them all.

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Jul 18 00:09:57 2014

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.



I will now run TFC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.