PUM.Hijack.Taskmanager and PUM.Hijack.Regedit

freakstyle · July 4, 2014

Everytime I run a scan on MBAM these two always appear.

I ran farbar as said in this link https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

freakstyle · July 4, 2014

for some reason i couldnt post the 2 files as it says that my post is too long.

freakstyle · July 4, 2014

MBAM scan:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 7/4/2014

Scan Time: 12:23:36 PM

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.07.04.02

Rootkit Database: v2014.07.03.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: asus

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 356240

Time Elapsed: 14 min, 1 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 1

Keylogger.PKL, HKU\S-1-5-21-1210325367-195732664-3179361299-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Phrozen Mon_KP, "C:\Users\asus\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe" /h, , [2cf60d8ea6d5b87e9018bf1df210ea16]

Registry Data: 2

PUM.Hijack.Regedit, HKU\S-1-5-21-1210325367-195732664-3179361299-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),,[6cb61f7c35467cbaa408fc91f21222de]

PUM.Hijack.TaskManager, HKU\S-1-5-21-1210325367-195732664-3179361299-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),,[75ad3e5da8d39a9c5eb09bf49f653ec2]

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Addition.txt

FRST.txt

freakstyle · July 4, 2014

Roguekiller report:

RKreport_SCN_07042014_125245.log

freakstyle · July 4, 2014

bump

AdvancedSetup · July 7, 2014

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
[*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

freakstyle · July 9, 2014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows_NT x64

Ran by asus on Wed 07/09/2014 at 12:29:51.05

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [service] hshld

Successfully deleted: [service] hshld

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 07/09/2014 at 12:35:43.04

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

freakstyle · July 9, 2014

# AdwCleaner v3.215 - Report created 09/07/2014 at 12:37:52

# Updated 09/07/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : asus - ASUS-PC

# Running from : C:\Users\asus\Downloads\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

Service Found : globalUpdate

Service Found : globalUpdatem

***** [ Files / Folders ] *****

File Found : C:\Users\asus\daemonprocess.txt

File Found : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore

File Found : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA

File Found : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job

File Found : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job

Folder Found : C:\Program Files (x86)\globalUpdate

Folder Found : C:\Program Files (x86)\GreenTree Applications

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield

Folder Found : C:\Users\asus\AppData\Local\globalUpdate

Folder Found : C:\Users\asus\AppData\Local\Mobogenie

Folder Found : C:\Users\asus\AppData\Local\Temp\hotspot shield

Folder Found : C:\Users\asus\Documents\Mobogenie

Folder Found : C:\Windows\SysWOW64\hotspot shield

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager

Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Found : HKLM\Software\hotspotshield

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield

Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10

Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Google Chrome v

[ File : C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3346 octets] - [09/07/2014 12:37:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3406 octets] ##########

# AdwCleaner v3.215 - Report created 09/07/2014 at 12:52:19

# Updated 09/07/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : asus - ASUS-PC

# Running from : C:\Users\asus\Downloads\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate

[#] Service Deleted : globalUpdatem

***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield

Folder Deleted : C:\Program Files (x86)\globalUpdate

[x] Not Deleted : C:\Program Files (x86)\GreenTree Applications

[x] Not Deleted : C:\Windows\SysWOW64\hotspot shield

Folder Deleted : C:\Users\asus\AppData\Local\globalUpdate

Folder Deleted : C:\Users\asus\AppData\Local\Mobogenie

[x] Not Deleted : C:\Users\asus\AppData\Local\Temp\hotspot shield

Folder Deleted : C:\Users\asus\Documents\Mobogenie

[x] Not Deleted : C:\Users\asus\daemonprocess.txt

File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job

File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore

File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job

File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager

Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\Software\hotspotshield

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Google Chrome v

[ File : C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

Deleted [search Provider] : hxxp://go.speedbit.com/search.aspx?s=DBIaya1&q={searchTerms}

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3502 octets] - [09/07/2014 12:37:52]

AdwCleaner[s0].txt - [3695 octets] - [09/07/2014 12:52:19]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3755 octets] ##########

freakstyle · July 9, 2014

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 7/9/2014

Scan Time: 1:02:04 PM

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.07.09.02

Rootkit Database: v2014.07.07.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: asus

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 358540

Time Elapsed: 15 min, 12 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 2

PUM.Hijack.Regedit, HKU\S-1-5-21-1210325367-195732664-3179361299-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),Replaced,[7a3c950789f2c670822f771c4eb61ce4]

PUM.Hijack.TaskManager, HKU\S-1-5-21-1210325367-195732664-3179361299-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),Replaced,[7d39c3d9e596072f1300fe97d52f36ca]

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

ESET:

C:\Users\asus\AppData\Local\Temp\GoogleSetup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\asus\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe Win32/KeyLogger.Phrozen.B application

C:\Users\asus\Desktop\c.exe Win32/PSWTool.ChromePass.A potentially unsafe application

C:\Users\asus\Desktop\f.exe Win32/PSWTool.PassFox.D potentially unsafe application

C:\Users\asus\Desktop\i.exe Win32/PSWTool.IEPassView.NAE potentially unsafe application

C:\Users\asus\Documents\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\asus\Documents\Havij v1.16 Pro Portable.exe Win32/HackTool.Crack.BF potentially unsafe application

C:\Users\asus\Documents\fkl-setup\fkl-setup (password=2013).exe a variant of Win32/KeyLogger.FamilyKeyLogger.F application

C:\Users\asus\Documents\PhrozenKeyloggerLite1-0R3_setup\PhrozenKeyloggerLite1-0R3_setup.exe Win32/KeyLogger.Phrozen.B application

C:\Users\asus\Documents\USB files\New folder\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\asus\Downloads\cbsidlm-cbsi188-Free_Keylogger_Pro-SEO-75886072.exe a variant of Win32/CNETInstaller.B potentially unwanted application

C:\Users\asus\Downloads\HSS-3.40-install-hss-561-conduit.exe Win32/Toolbar.Conduit potentially unwanted application

C:\Windows\System32\HavijPro\Havij_Load.exe Win32/HackTool.Crack.BF potentially unsafe application

C:\Windows\SysWOW64\HavijPro\Havij_Load.exe Win32/HackTool.Crack.BF potentially unsafe application

D:\drivers\Audio_Realtek_Win7_64_Z6016373\Setup.exe a variant of Win32/Sality.NDW virus

D:\drivers\Audio_Realtek_Win7_64_Z6016373\Vista\RtHDVCpl.exe probably a variant of Win32/Sality.NAR virus

D:\drivers\Camera_Azurewave_VS010_Win7_64_Z5855133208\vsnp2uvc.exe Win32/Sality.NBA virus

D:\drivers\CardReader_Win7_32_Win7_64_Z61760010001\APBin_32bit\addfilter.exe Win32/Sality.NBA virus

D:\drivers\CardReader_Win7_32_Win7_64_Z61760010001\DriverBin_32bit\revcon.exe a variant of Win32/Sality.NDW virus

D:\drivers\VGA_nVidia_Win7_64_Z817126856\Display.Update\ComUpdatus.exe probably a variant of Win32/Sality.NAR virus

D:\drivers\VGA_nVidia_Win7_64_Z817126856\Display.Update\daemonu.exe probably a variant of Win32/Sality.NAR virus

Operating memory Win32/KeyLogger.Phrozen.B application

-------------

freakstyle · July 9, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014

Ran by asus (administrator) on ASUS-PC on 09-07-2014 19:46:16

Running from C:\Users\asus\Downloads

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe

(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Greenshot) C:\Program Files\Greenshot\Greenshot.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Spotify Ltd) C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe

(PhrozenSoft) C:\Users\asus\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe

(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(TP-LINK TECHNOLOGIES CO., LTD.) C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.exe

(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(Google Inc.) C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

() C:\Users\asus\Desktop\Orion.exe

(Gary's Hood) C:\Users\asus\Downloads\rsclient.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-04] (Synaptics Incorporated)

HKLM\...\Run: [synAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-04] (Synaptics Incorporated)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)

HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)

HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2014-05-12] (Greenshot)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [uSB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [687336 2013-06-20] (Zbshareware Lab)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [kbdsprt] => [X]

HKLM-x32\...\Run: [ZDWlan.EXE] => C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE [491520 2009-01-14] (TP-LINK TECHNOLOGIES CO., LTD.)

HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [Google Update] => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-19] (Google Inc.)

HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [spotify] => C:\Users\asus\AppData\Roaming\Spotify\Spotify.exe [6189624 2014-06-27] (Spotify Ltd)

HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [spotify Web Helper] => C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-27] (Spotify Ltd)

HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [Phrozen Keylogger Lite] => [X]

HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D] => C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)

HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Run: [Phrozen Mon_KP] => C:\Users\asus\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe [3282952 2013-09-14] (PhrozenSoft)

HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Policies\system: [DisableRegistryTools] 1

HKU\S-1-5-21-1210325367-195732664-3179361299-1000\...\Policies\system: [DisableTaskMgr] 1

HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [uTorrent] => C:\Users\asus\Downloads\uTorrent.exe [1270864 2014-05-19] (BitTorrent Inc.)

HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [Google Update] => C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-19] (Google Inc.)

HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [spotify] => C:\Users\asus\AppData\Roaming\Spotify\Spotify.exe [6189624 2014-06-27] (Spotify Ltd)

HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [spotify Web Helper] => C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-27] (Spotify Ltd)

HKU\S-1-5-21-1210325367-195732664-3179361299-1002\...\Run: [Phrozen Keylogger Lite] => [X]

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - DefaultScope value is missing.

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\asus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\asus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

Chrome:

=======

CHR HomePage: hxxp://google.com/

CHR StartupUrls: "hxxp://www.linkzb.com"

CHR Extension: (Google Docs) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17]

CHR Extension: (Google Drive) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-17]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (YouTube) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-17]

CHR Extension: (Google Search) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-17]

CHR Extension: (Rescroller) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod [2014-05-20]

CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2014-05-20]

CHR Extension: (AdBlock) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-20]

CHR Extension: (Google Keep - notes and lists) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-05-20]

CHR Extension: (Web Navigation) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja [2014-05-19]

CHR Extension: (Twitch Now) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2014-05-20]

CHR Extension: (Google Wallet) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-19]

CHR Extension: (Gmail) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-17]

CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2014-05-17]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]

R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.)

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-06-11] (Macrovision Europe Ltd.) [File not signed]

S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-05-17] () [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 AR5416; C:\Windows\System32\DRIVERS\athwx.sys [2716768 2010-11-06] (Atheros Communications, Inc.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-06-23] (BlueStack Systems)

S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43104 2013-10-10] (IVT Corporation.)

R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-07] (AnchorFree Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-09] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-07] (Anchorfree Inc.)

S3 ZD1211BU(TP-LINK); C:\Windows\System32\DRIVERS\zd1211Bu.sys [602880 2009-01-05] (Atheros Technology Corporation)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-09 19:45 - 2014-07-09 19:45 - 00000000 ____D () C:\Users\asus\Downloads\FRST-OlderVersion

2014-07-09 13:19 - 2014-07-09 13:19 - 02347384 _____ (ESET) C:\Users\asus\Downloads\esetsmartinstaller_enu.exe

2014-07-09 13:19 - 2014-07-09 13:19 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-09 12:57 - 2014-07-09 12:57 - 00000000 ___RD () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2014-07-09 12:54 - 2014-07-09 12:54 - 00000000 ____H () C:\ProgramData\cm-lock

2014-07-09 12:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-07-09 12:37 - 2014-07-09 12:52 - 00000000 ____D () C:\AdwCleaner

2014-07-09 12:36 - 2014-07-09 12:36 - 01348263 _____ () C:\Users\asus\Downloads\AdwCleaner.exe

2014-07-09 12:35 - 2014-07-09 19:44 - 00000000 ____D () C:\Users\asus\Desktop\scans

2014-07-09 12:35 - 2014-07-09 12:35 - 00001756 _____ () C:\Users\asus\Desktop\JRT.txt

2014-07-09 12:23 - 2014-07-09 12:23 - 00000000 ____D () C:\Windows\ERUNT

2014-07-09 12:20 - 2014-07-09 12:21 - 01016261 _____ (Thisisu) C:\Users\asus\Downloads\JRT.exe

2014-07-07 06:18 - 2014-07-07 06:18 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2014-07-05 21:29 - 2014-07-05 21:29 - 00000000 ____D () C:\Users\Guest\Documents\My Games

2014-07-05 20:47 - 2014-07-05 20:47 - 00000284 _____ () C:\Users\Guest\Desktop\SDE Final.m2ts.sfl

2014-07-05 20:33 - 2014-07-05 20:47 - 375570432 _____ () C:\Users\Guest\Desktop\SDE Final.m2ts

2014-07-05 20:01 - 2014-07-05 20:01 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\NVIDIA

2014-07-05 19:57 - 2014-07-05 19:57 - 00000028 _____ () C:\Users\Guest\Desktop\SDE.avi.sfl

2014-07-05 19:41 - 2014-07-05 19:41 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\MPC-HC

2014-07-05 19:39 - 2014-07-05 19:39 - 00000036 _____ () C:\Users\Guest\Desktop\Martha SDE.avi.sfl

2014-07-05 17:31 - 2014-07-05 17:31 - 00000000 ____D () C:\Users\Guest\AppData\Local\proDAD_GmbH

2014-07-05 10:16 - 2014-07-05 10:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps

2014-07-05 09:57 - 2014-07-06 01:05 - 00000158 _____ () C:\Users\Guest\AppData\Roaming\default.rss

2014-07-05 09:56 - 2014-07-05 19:59 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\vlc

2014-07-05 09:56 - 2014-07-05 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Nero

2014-07-05 09:56 - 2014-07-05 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Nero

2014-07-05 09:55 - 2014-07-05 20:53 - 00000000 ____D () C:\Users\Guest\Desktop\Martha

2014-07-04 22:28 - 2014-07-04 22:28 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Publish Providers

2014-07-04 22:27 - 2014-07-04 22:27 - 00001062 _____ () C:\Users\Guest\Desktop\Vegas Pro 10.0 (64-bit).lnk

2014-07-04 22:27 - 2014-07-04 22:27 - 00000000 ____D () C:\Users\Guest\AppData\Local\Sony

2014-07-04 21:59 - 2014-07-04 21:59 - 00000000 ____D () C:\Users\asus\Documents\fkl-setup

2014-07-04 21:58 - 2014-07-04 21:58 - 00275888 _____ () C:\Users\asus\Documents\fkl-setup.zip

2014-07-04 12:53 - 2014-07-04 12:53 - 00006730 _____ () C:\Users\asus\Desktop\RKreport_SCN_07042014_125245.log

2014-07-04 12:46 - 2014-07-04 12:46 - 05283416 _____ () C:\Users\asus\Downloads\RogueKillerX64.exe

2014-07-04 12:41 - 2014-07-04 12:41 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-04 12:40 - 2014-07-04 12:41 - 04721240 _____ () C:\Users\asus\Downloads\RogueKiller.exe

2014-07-04 12:16 - 2014-07-04 12:17 - 00031049 _____ () C:\Users\asus\Downloads\Addition.txt

2014-07-04 12:15 - 2014-07-09 19:46 - 00020837 _____ () C:\Users\asus\Downloads\FRST.txt

2014-07-04 12:12 - 2014-07-09 19:46 - 00000000 ____D () C:\FRST

2014-07-04 12:09 - 2014-07-09 19:45 - 02084352 _____ (Farbar) C:\Users\asus\Downloads\FRST64.exe

2014-07-04 11:43 - 2014-07-04 11:43 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla

2014-07-04 11:43 - 2014-07-04 11:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla

2014-07-03 22:44 - 2014-07-03 22:44 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Publish Providers

2014-07-03 22:41 - 2014-07-03 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2014-07-03 22:40 - 2014-07-03 22:40 - 00000000 ____D () C:\ProgramData\Sony

2014-07-03 22:40 - 2014-07-03 22:40 - 00000000 ____D () C:\Program Files (x86)\Sony

2014-07-03 22:29 - 2014-07-03 22:40 - 00000000 ____D () C:\Program Files\Sony

2014-07-03 22:20 - 2014-07-03 22:44 - 00002696 _____ () C:\Users\asus\Documents\Register Vegas Pro.htm

2014-07-03 22:15 - 2014-07-03 22:15 - 00000000 ____D () C:\Users\asus\AppData\Local\Sony

2014-07-03 22:13 - 2014-07-03 22:13 - 00000000 ____D () C:\Users\asus\AppData\Local\proDAD_GmbH

2014-07-03 22:13 - 2014-07-03 22:13 - 00000000 ____D () C:\ProgramData\proDAD

2014-07-03 22:11 - 2014-07-03 22:44 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Sony

2014-07-03 22:10 - 2014-07-03 22:10 - 00001110 _____ () C:\Users\Public\Desktop\Mercalli 3.0.lnk

2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\Users\asus\AppData\Roaming\proDAD

2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD

2014-07-03 22:10 - 2014-07-03 22:10 - 00000000 ____D () C:\Program Files\proDAD

2014-07-03 22:09 - 2014-07-03 22:22 - 00000000 ____D () C:\Users\asus\Documents\New folder (2)

2014-07-03 22:08 - 2014-07-04 22:28 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Sony

2014-07-03 22:08 - 2014-07-04 11:16 - 00000000 ____D () C:\Users\Guest\Desktop\x64

2014-07-03 22:08 - 2011-01-27 02:57 - 00002844 _____ () C:\Users\Guest\Desktop\INSTRUCTIONS.txt

2014-07-03 22:07 - 2014-07-03 22:07 - 00000000 ____D () C:\Users\Guest\Desktop\proDAD Mercalli 3.0.215.1 Standalone (Win32-64) Serial [ChingLiu]

2014-07-03 22:07 - 2014-07-03 22:07 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\WinRAR

2014-07-03 22:07 - 2014-07-03 21:08 - 396390718 ____R () C:\Users\Guest\Desktop\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ].rar

2014-07-03 22:07 - 2011-01-27 03:01 - 00000000 ____D () C:\Users\Guest\Desktop\x32

2014-07-03 20:39 - 2014-07-05 23:06 - 00000000 ____D () C:\Users\Guest\Documents\Youcam

2014-07-03 20:39 - 2014-07-03 20:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\CyberLink

2014-07-03 20:38 - 2014-07-04 22:27 - 00000000 ____D () C:\Users\Guest\Documents\Bluetooth Folder

2014-07-03 20:38 - 2014-07-03 20:39 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Greenshot

2014-07-03 20:38 - 2014-07-03 20:38 - 00117592 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-03 20:38 - 2014-07-03 20:38 - 00001443 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-07-03 20:38 - 2014-07-03 20:38 - 00001409 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Zbshareware Lab

2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Local\Greenshot

2014-07-03 20:38 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest\AppData\Local\BMExplorer

2014-07-03 20:37 - 2014-07-03 20:38 - 00000000 ____D () C:\Users\Guest

2014-07-03 20:37 - 2014-07-03 20:37 - 00000020 ___SH () C:\Users\Guest\ntuser.ini

2014-07-03 20:37 - 2009-07-14 12:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-03 20:37 - 2009-07-14 12:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-02 11:25 - 2014-07-02 11:25 - 00016500 _____ () C:\Users\asus\Downloads\[kickass.to]super.8.2011.720p.brrip.x264.mp4.multisubs.aac.cc.torrent

2014-06-30 11:43 - 2014-06-30 11:43 - 00013780 _____ () C:\Users\asus\Desktop\com.supercell.clashofclans.cfg - Shortcut.lnk

2014-06-30 07:57 - 2014-06-30 07:57 - 00000000 ____D () C:\Users\asus\AppData\Roaming\NVIDIA

2014-06-29 21:58 - 2014-06-29 21:58 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk

2014-06-29 21:58 - 2014-06-29 21:58 - 00001780 _____ () C:\Users\Public\Desktop\Apps.lnk

2014-06-29 21:57 - 2014-06-29 21:58 - 00000000 ____D () C:\ProgramData\BlueStacks

2014-06-29 21:57 - 2014-06-29 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks

2014-06-29 21:57 - 2014-06-29 21:57 - 00000000 ____D () C:\Program Files (x86)\BlueStacks

2014-06-29 21:56 - 2014-06-29 21:56 - 00000000 ____D () C:\Users\asus\AppData\Local\Bluestacks

2014-06-29 21:51 - 2014-06-29 21:55 - 12851944 _____ (BlueStack Systems Inc.) C:\Users\asus\Downloads\BlueStacks-SplitInstaller_native_b.exe

2014-06-28 13:00 - 2014-06-28 13:00 - 00056797 _____ () C:\Users\asus\Downloads\[kickass.to]the.haunting.in.connecticut.2.ghosts.of.georgia.2013.french.dvdrip.xvid.tmb.torrent

2014-06-27 20:47 - 2014-06-27 20:47 - 00003467 _____ () C:\Windows\SysWOW64\collectionCache.bnk

2014-06-27 13:21 - 2014-06-27 21:30 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-06-27 13:21 - 2014-06-27 13:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-06-27 13:21 - 2014-06-27 13:21 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-06-27 13:21 - 2014-06-27 13:21 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-06-27 13:21 - 2014-06-27 13:21 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-06-27 13:21 - 2014-06-27 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-06-27 13:21 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2014-06-27 13:00 - 2014-06-27 13:03 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\asus\Downloads\spybot-2.3.exe

2014-06-27 12:45 - 2014-06-27 12:45 - 00000000 ____D () C:\Windows\SysWOW64\NV

2014-06-27 12:45 - 2014-06-27 12:45 - 00000000 ____D () C:\Windows\system32\NV

2014-06-27 07:50 - 2014-06-27 07:50 - 00000967 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

2014-06-27 07:50 - 2014-06-27 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

2014-06-27 07:50 - 2014-06-27 07:50 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client

2014-06-27 07:43 - 2014-06-27 07:46 - 29256752 _____ (TeamSpeak Systems GmbH) C:\Users\asus\Downloads\TeamSpeak3-Client-win64-3.0.15.exe

2014-06-26 20:43 - 2014-06-26 20:44 - 00002046 _____ () C:\Users\asus\Desktop\OSRS.lnk

2014-06-26 20:41 - 2014-06-26 20:41 - 00002076 _____ () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk

2014-06-26 20:41 - 2014-06-26 20:41 - 00002046 _____ () C:\Users\asus\Desktop\RuneScape.lnk

2014-06-26 20:41 - 2014-06-26 20:41 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape

2014-06-26 20:39 - 2014-06-29 20:11 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-06-26 20:39 - 2014-06-26 20:40 - 23805952 _____ () C:\Users\asus\Downloads\RuneScape (1).msi

2014-06-26 20:28 - 2014-06-29 21:56 - 00000000 ____D () C:\ProgramData\BlueStacksSetup

2014-06-26 20:24 - 2014-06-26 20:28 - 12851944 _____ (BlueStack Systems Inc.) C:\Users\asus\Downloads\BlueStacks-SplitInstaller_native.exe

2014-06-26 19:15 - 2014-06-26 19:16 - 01653168 _____ () C:\Users\asus\Desktop\Orion.exe

2014-06-26 19:13 - 2014-06-30 21:06 - 00000000 ____D () C:\Users\asus\jagexcache

2014-06-26 19:06 - 2014-06-26 19:11 - 00000000 ____D () C:\Users\asus\Orion

2014-06-23 19:35 - 2014-06-23 19:35 - 00002984 _____ () C:\Windows\System32\Tasks\ATKOSD2

2014-06-23 19:35 - 2014-06-23 19:35 - 00000000 ____D () C:\Program Files (x86)\ASUS

2014-06-23 19:30 - 2014-06-23 19:30 - 00001250 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk

2014-06-23 19:29 - 2014-06-23 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes

2014-06-23 19:29 - 2014-06-23 19:29 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes

2014-06-23 19:28 - 2014-06-23 19:29 - 01640984 _____ () C:\Users\asus\Downloads\SetupVirtualCloneDrive5470.exe

2014-06-23 15:08 - 2014-06-23 15:08 - 00000290 _____ () C:\Users\asus\Documents\vpn kali.txt

2014-06-23 13:30 - 2014-06-23 13:30 - 10432166 _____ () C:\Users\asus\Downloads\Oracle_VM_VirtualBox_Extension_Pack-4.3.10-93012.vbox-extpack

2014-06-23 13:25 - 2014-06-23 13:25 - 00000000 ____D () C:\Users\asus\VirtualBox VMs

2014-06-22 11:05 - 2014-06-22 11:05 - 00025017 _____ () C:\Users\asus\Downloads\[kickass.to]farcry.3.black.box.silvertorrent.torrent

2014-06-21 04:46 - 2014-06-21 04:46 - 00020122 _____ () C:\Users\asus\Downloads\[kickass.to]game.of.thrones.the.complete.season.4.hdtv.torrent

2014-06-20 20:13 - 2014-06-20 20:13 - 00004292 _____ () C:\STF711D.tmp

2014-06-20 20:00 - 2014-06-20 20:00 - 00004292 _____ () C:\STF9465.tmp

2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\asus\Documents\Square Enix

2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\asus\AppData\Local\SKIDROW

2014-06-20 11:11 - 2014-06-20 11:11 - 00002088 _____ () C:\Users\Public\Desktop\TP-LINK Wireless Client Utility.lnk

2014-06-20 11:11 - 2014-06-20 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK

2014-06-20 11:11 - 2014-06-20 11:11 - 00000000 ____D () C:\Program Files (x86)\TP-LINK

2014-06-20 11:11 - 2009-01-05 14:54 - 00602880 _____ (Atheros Technology Corporation) C:\Windows\system32\Drivers\ZD1211BU.sys

2014-06-20 11:11 - 2009-01-05 14:54 - 00499712 _____ (Atheros Technology Corporation) C:\Windows\SysWOW64\ZD11BUME.SYS

2014-06-20 11:11 - 2009-01-05 14:54 - 00499712 _____ (Atheros Technology Corporation) C:\Windows\SysWOW64\ZD11BU98.SYS

2014-06-20 11:11 - 2009-01-05 14:54 - 00081920 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\ZDPN50.DLL

2014-06-20 11:11 - 2009-01-05 14:54 - 00031744 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\ZDPSp50a64.sys

2014-06-20 11:11 - 2009-01-05 14:54 - 00031744 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\ZDPSp50a64.sys

2014-06-20 11:11 - 2009-01-05 14:54 - 00029184 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\BRGSp50a64.sys

2014-06-20 11:11 - 2009-01-05 14:54 - 00029184 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\BRGSp50a64.sys

2014-06-20 11:11 - 2009-01-05 14:54 - 00028672 _____ () C:\Windows\SysWOW64\InsDrvZD.dll

2014-06-20 11:11 - 2009-01-05 14:54 - 00024576 _____ () C:\Windows\SysWOW64\ZyDelReg.exe

2014-06-20 11:11 - 2009-01-05 14:54 - 00020608 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\BRGSp50.sys

2014-06-20 11:11 - 2009-01-05 14:54 - 00019524 _____ () C:\Windows\SysWOW64\BRGSp31.VXD

2014-06-20 11:11 - 2009-01-05 14:54 - 00017664 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\ZDPSp50.sys

2014-06-20 11:11 - 2009-01-05 14:54 - 00017151 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\ZDPNDIS5.SYS

2014-06-20 11:11 - 2009-01-05 14:54 - 00015941 _____ () C:\Windows\SysWOW64\ZDPNDIS3.VXD

2014-06-20 11:11 - 2009-01-05 14:54 - 00015872 _____ () C:\Windows\SysWOW64\InsDrvZD64.DLL

2014-06-20 11:11 - 2009-01-05 14:54 - 00015872 _____ () C:\Windows\system32\InsDrvZD64.dll

2014-06-20 11:11 - 2009-01-05 14:54 - 00015428 _____ () C:\Windows\SysWOW64\ZDPSp31.VXD

2014-06-20 11:11 - 2007-06-25 20:29 - 00499712 _____ (Atheros Technology Corporation) C:\Windows\SysWOW64\ZD11BU.SYS

2014-06-20 11:10 - 2009-03-18 15:34 - 00000000 ____D () C:\Users\asus\Documents\Win98_ME_2K_XP_X64

2014-06-20 11:10 - 2009-03-18 15:34 - 00000000 ____D () C:\Users\asus\Documents\Vista

2014-06-20 11:09 - 2014-06-20 11:10 - 06876733 _____ () C:\Users\asus\Documents\2009319153528.zip

2014-06-20 11:00 - 2014-06-20 11:00 - 00225888 _____ (NirSoft) C:\Users\asus\Desktop\c.exe

2014-06-20 11:00 - 2014-06-20 11:00 - 00090720 _____ (NirSoft) C:\Users\asus\Desktop\f.exe

2014-06-20 11:00 - 2014-06-20 11:00 - 00051200 _____ (NirSoft) C:\Users\asus\Desktop\i.exe

2014-06-20 11:00 - 2014-06-20 11:00 - 00000136 _____ () C:\Users\asus\Desktop\launch.bat

2014-06-19 14:05 - 2014-06-19 14:11 - 00000000 ____D () C:\Users\asus\Documents\USB files

2014-06-19 13:52 - 2014-06-20 12:11 - 00000000 ____D () C:\Users\asus\Desktop\POW

2014-06-13 12:02 - 2014-06-13 12:02 - 00034563 _____ () C:\Users\asus\energy-report.html

2014-06-11 21:35 - 2014-06-11 21:36 - 00000841 _____ () C:\Users\asus\Downloads\[kickass.to]just.cause.2.savegame.100.torrent

2014-06-11 21:28 - 2014-06-11 21:28 - 00001432 _____ () C:\Users\asus\Desktop\Play Just Cause 2.lnk

2014-06-11 21:18 - 2014-06-11 21:18 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk

2014-06-11 21:16 - 2014-06-11 21:16 - 00000000 ____D () C:\Program Files (x86)\Bonjour

2014-06-11 21:15 - 2014-06-11 21:15 - 00001223 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk

2014-06-11 21:13 - 2014-06-11 21:13 - 00001403 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk

2014-06-11 21:13 - 2014-06-11 21:13 - 00001192 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk

2014-06-11 21:11 - 2014-06-11 21:11 - 00000000 ____D () C:\Windows\SysWOW64\spool

2014-06-11 21:10 - 2014-06-11 21:10 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk

2014-06-11 21:10 - 2014-06-11 21:10 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

==================== One Month Modified Files and Folders =======

2014-07-09 19:46 - 2014-07-04 12:15 - 00020837 _____ () C:\Users\asus\Downloads\FRST.txt

2014-07-09 19:46 - 2014-07-04 12:12 - 00000000 ____D () C:\FRST

2014-07-09 19:45 - 2014-07-09 19:45 - 00000000 ____D () C:\Users\asus\Downloads\FRST-OlderVersion

2014-07-09 19:45 - 2014-07-04 12:09 - 02084352 _____ (Farbar) C:\Users\asus\Downloads\FRST64.exe

2014-07-09 19:44 - 2014-07-09 12:35 - 00000000 ____D () C:\Users\asus\Desktop\scans

2014-07-09 19:22 - 2014-05-19 20:47 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000UA.job

2014-07-09 19:22 - 2014-05-19 20:47 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1210325367-195732664-3179361299-1000Core.job

2014-07-09 18:42 - 2014-05-20 18:16 - 00000000 ____D () C:\Users\asus\AppData\Roaming\Spotify

2014-07-09 18:09 - 2014-05-20 09:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-09 15:48 - 2014-06-06 19:30 - 00000000 ____D () C:\Users\asus\Documents\Greenshot

2014-07-09 14:23 - 2014-05-18 04:37 - 01567834 _____ () C:\Windows\WindowsUpdate.log

2014-07-09 14:19 - 2014-06-03 17:43 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-07-09 14:12 - 2014-05-20 18:13 - 00000043 _____ () C:\Users\asus\jagex_cl_oldschool_LIVE.dat

2014-07-09 13:19 - 2014-07-09 13:19 - 02347384 _____ (ESET) C:\Users\asus\Downloads\esetsmartinstaller_enu.exe

2014-07-09 13:19 - 2014-07-09 13:19 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-09 12:58 - 2014-06-01 16:32 - 00000000 ____D () C:\Users\asus\Documents\Youcam

2014-07-09 12:57 - 2014-07-09 12:57 - 00000000 ___RD () C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2014-07-09 12:54 - 2014-07-09 12:54 - 00000000 ____H () C:\ProgramData\cm-lock

2014-07-09 12:54 - 2010-11-21 11:47 - 00043112 _____ () C:\Windows\PFRO.log

2014-07-09 12:54 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-09 12:54 - 2009-07-14 12:51 - 00062045 _____ () C:\Windows\setupact.log

2014-07-09 12:52 - 2014-07-09 12:37 - 00000000 ____D () C:\AdwCleaner

2014-07-09 12:36 - 2014-07-09 12:36 - 01348263 _____ () C:\Users\asus\Downloads\AdwCleaner.exe

2014-07-09 12:35 - 2014-07-09 12:35 - 00001756 _____ () C:\Users\asus\Desktop\JRT.txt

2014-07-09 12:23 - 2014-07-09 12:23 - 00000000 ____D () C:\Windows\ERUNT

2014-07-09 12:22 - 2014-05-21 22:35 - 00000024 _____ () C:\Users\asus\jagexappletviewer.preferences

2014-07-09 12:21 - 2014-07-09 12:20 - 01016261 _____ (Thisisu) C:\Users\asus\Downloads\JRT.exe

2014-07-08 11:54 - 2014-05-20 18:23 - 00000000 ____D () C:\Users\asus\AppData\Local\Spotify

2014-07-08 00:26 - 2009-07-14 12:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-08 00:26 - 2009-07-14 12:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-07 06:46 - 2014-05-24 15:54 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk

2014-07-07 06:46 - 2014-05-24 15:54 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk

2014-07-07 06:18 - 2014-07-07 06:18 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2014-07-06 20:06 - 2014-05-20 03:43 - 00000000 ____D () C:\Users\asus\AppData\Roaming\vlc

2014-07-06 12:59 - 2014-05-17 15:58 - 00052843 _____ () C:\Windows\DirectX.log

2014-07-06 11:48 - 2014-05-17 15:08 - 00000000 ____D () C:\Users\asus\Documents\Bluetooth Folder

2014-07-06 01:05 - 2014-07-05 09:57 - 00000158 _____ () C:\Users\Guest\AppData\Roaming\default.rss

2014-07-05 23:16 - 2009-07-14 13:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-05 23:06 - 2014-07-03 20:39 - 00000000 ____D () C:\Users\Guest\Documents\Youcam

2014-07-05 21:29 - 2014-07-05 21:29 - 00000000 ____D () C:\Users\Guest\Documents\My Games

2014-07-05 20:53 - 2014-07-05 09:55 - 00000000 ____D () C:\Users\Guest\Desktop\Martha

2014-07-05 20:47 - 2014-07-05 20:47 - 00000284 _____ () C:\Users\Guest\Desktop\SDE Final.m2ts.sfl

2014-07-05 20:47 - 2014-07-05 20:33 - 375570432 _____ () C:\Users\Guest\Desktop\SDE Final.m2ts

2014-07-05 20:01 - 2014-07-05 20:01 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\NVIDIA

2014-07-05 19:59 - 2014-07-05 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\vlc