RNxSupaStar Posted July 15, 2014 ID:853239 Share Posted July 15, 2014 I need and I have already read how to post for help so here you go.FRST.txt:Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01Ran by MRTNxHILL (administrator) on MRTNXHILL-PC on 15-07-2014 17:54:30Running from C:\Users\MRTNxHILL\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Webroot) C:\Program Files\Webroot\WRSA.exe(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxdvserv.exe( ) C:\Windows\System32\lxdvcoms.exe() C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe(Webroot) C:\Program Files\Webroot\WRSA.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe() C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe() C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe() C:\Program Files (x86)\AVG Secure Search\vprot.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe(ASUS) C:\Windows\AsScrPro.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1654992 2011-10-26] (Trend Micro Inc.)HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2011-10-04] (Trend Micro Inc.)HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [416992 2011-08-02] (Trend Micro Inc.)HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)HKLM\...\Run: [lxdvmon.exe] => C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe [455336 2007-11-02] ()HKLM\...\Run: [lxdvamon] => C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe [25256 2007-11-02] ()HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-03-06] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [766040 2014-06-13] (Webroot)HKLM-x32\...\Run: [Lexmark X5400 Series] => C:\Program Files (x86)\Lexmark X5400 Series\fm3032.exe [307880 2007-11-02] ()HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2571288 2014-06-25] ()HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exeHKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"HKU\S-1-5-21-2389733265-3962132501-2217828593-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-06-29] (Electronic Arts)HKU\S-1-5-21-2389733265-3962132501-2217828593-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\MRTNxHILL\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m lHKU\S-1-5-21-2389733265-3962132501-2217828593-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-2389733265-3962132501-2217828593-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-2389733265-3962132501-2217828593-1000\...\Run: [backgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\MRTNxHILL\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTIONStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnkShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnkShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnkShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=282369&fr=spigot-yhp-ieHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.comURLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No FileURLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)SearchScopes: HKLM-x32 - DefaultScope {1D75CBF6-E1B0-424C-A971-EAA6C4DFEC6C} URL = SearchScopes: HKCU - DefaultScope {1D75CBF6-E1B0-424C-A971-EAA6C4DFEC6C} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=M60B2D986-0C84-4431-9CCA-CC5F051CAF83&SearchSource=58&CUI=&UM=2&UP=SP9EFA7280-6650-4629-A092-6D97C7EDCF44&q={searchTerms}&SSPV=SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {078AD3A3-754C-4647-9AC9-6785CBF92CB7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}SearchScopes: HKCU - {1D3220FC-A5A8-4847-83F3-8A9C61BFA01E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=DE82D9A8-D5AA-4ECC-B25E-FE8DD51712BB&apn_sauid=839478C8-C4BA-4E62-952D-5D3C0923E89BSearchScopes: HKCU - {1D75CBF6-E1B0-424C-A971-EAA6C4DFEC6C} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=M60B2D986-0C84-4431-9CCA-CC5F051CAF83&SearchSource=58&CUI=&UM=2&UP=SP9EFA7280-6650-4629-A092-6D97C7EDCF44&q={searchTerms}&SSPV=SearchScopes: HKCU - {7FB50EAE-D607-4848-8E01-F3A6D6C98D2D} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E83E726E-48B8-43BD-849A-DCECF906B86D}&mid=b6bb5030385047d08a46c1f60ecff627-707021ce4dbc630d0278fad6fc5e925bfacf3d3e〈=en&ds=st011&pr=sa&d=2012-09-24 10:09:19&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}BHO: Privacy Safeguard BHO -> {1036AD63-AEAC-460B-9060-C96005D4DC86} -> C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivacySafeguard)BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll ()BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No FileBHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: No Name -> {1036AD63-AEAC-460B-9060-C96005D4DC86} -> No FileBHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)BHO-x32: uTorrentControl_v2 Toolbar -> {7473b6bd-4691-4744-a82b-7854eb3d70b6} -> C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll (AVG Secure Search)BHO-x32: Privacy Safeguard BHO -> {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} -> C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard)BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll ()BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll ()Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No FileToolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll (AVG Secure Search)Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll ()Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No FileToolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No FileToolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No FileFF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextensionFF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012-03-06]FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextensionFF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2012-03-06]FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 Chrome: =======CHR HomePage: CHR NewTab: "chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No FileCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Default Plug-in) - default_plugin No FileCHR Extension: (Entanglement Web App) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2012-09-23]CHR Extension: (Theme Creator) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2012-09-23]CHR Extension: (Word Search Puzzle) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl [2014-01-13]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]CHR Extension: (Frat Boy Beer Pong) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldnejoajcpmegfmelnfikdlnnpclaoi [2012-11-14]CHR Extension: (Fun Switcher) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb [2012-09-23]CHR Extension: (AdBlock) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-12]CHR Extension: (New Tab Redirect) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-04-30]CHR Extension: (Nike Theme 2.0) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplhpmojnbohfmhjgccigdofgbkahaca [2014-02-02]CHR Extension: (Poppit) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2012-09-23]CHR Extension: (Google Dictionary (by Google)) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2012-09-23]CHR Extension: (Google Wallet) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]CHR Extension: (Flow Colors) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk [2012-11-14]CHR Extension: (Gmail) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-14]CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_bunndle-cb_1_1.crx [2012-08-31]CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\MRTNxHILL\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-31]CHR HKCU\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\MRTNxHILL\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-12-12]CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\MRTNxHILL\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2013-12-12]CHR HKLM-x32\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_bunndle-cb_1_1.crx [2012-08-31]CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\MRTNxHILL\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-12-12]CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27]CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2012-11-15]CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-03] (ASUS)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)R2 lxdvCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe [33448 2007-10-18] (Lexmark International, Inc.)R2 lxdv_device; C:\Windows\system32\lxdvcoms.exe [1044136 2007-10-18] ( )R2 lxdv_device; C:\Windows\SysWOW64\lxdvcoms.exe [594600 2007-10-18] ( )S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)R2 SupraSavingsService64; C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [247072 2011-08-02] (Trend Micro Inc.)R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1813528 2014-06-25] (AVG Secure Search)R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [766040 2014-06-13] (Webroot)S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X] ==================== Drivers (Whitelisted) ==================== R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows ® Win 7 DDK provider)R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-07] (Windows ® Win 7 DDK provider)R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-25] (AVG Technologies)R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2011-08-11] (Trend Micro Inc.)R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2011-08-11] (Trend Micro Inc.)R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-08-11] (Trend Micro Inc.)R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-09-29] (Trend Micro Inc.)R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-06-13] (Webroot) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-15 17:54 - 2014-07-15 17:55 - 00033434 _____ () C:\Users\MRTNxHILL\Downloads\FRST.txt2014-07-15 17:54 - 2014-07-15 17:54 - 00000000 ____D () C:\FRST2014-07-15 17:53 - 2014-07-15 17:53 - 02086912 _____ (Farbar) C:\Users\MRTNxHILL\Downloads\FRST64.exe2014-07-06 18:22 - 2014-07-15 17:42 - 00000000 ____D () C:\Program Files\SupraSavings2014-06-27 19:34 - 2014-06-27 19:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-27 19:34 - 2014-06-27 19:34 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-27 19:34 - 2014-06-27 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-27 19:33 - 2014-06-27 19:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-27 19:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-06-27 19:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-06-27 19:26 - 2014-06-27 19:26 - 00032659 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]geto.boys.discography.320.10.albums.rap.by.dragan09.torrent2014-06-27 19:25 - 2014-06-27 19:25 - 00032659 _____ () C:\Users\MRTNxHILL\Downloads\F7C8.tmp2014-06-26 17:56 - 2014-06-26 17:56 - 00000000 ____D () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B502014-06-18 22:31 - 2014-06-18 22:31 - 00012500 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]method.man.tical.1994.320.kbps.torrent2014-06-16 22:52 - 2014-06-16 22:52 - 00017045 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]the.cool.kids.when.fish.ride.bicycles.2011.mp3ville.torrent2014-06-16 22:33 - 2014-06-16 22:33 - 00046830 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]busta.rhymes.discography.320.16albums.rap.by.dragan09.torrent2014-06-16 22:10 - 2014-06-16 22:10 - 00094673 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]krs.one.bdp.discography.320.28.albums.rap.by.dragan09.torrent2014-06-16 22:04 - 2014-06-16 22:04 - 00017842 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]slum.village.fantastic.vol.2.torrent ==================== One Month Modified Files and Folders ======= 2014-07-15 17:55 - 2014-07-15 17:54 - 00033434 _____ () C:\Users\MRTNxHILL\Downloads\FRST.txt2014-07-15 17:54 - 2014-07-15 17:54 - 00000000 ____D () C:\FRST2014-07-15 17:54 - 2012-08-28 18:36 - 00000000 ____D () C:\ProgramData\WRData2014-07-15 17:53 - 2014-07-15 17:53 - 02086912 _____ (Farbar) C:\Users\MRTNxHILL\Downloads\FRST64.exe2014-07-15 17:52 - 2012-08-31 12:03 - 00000000 ____D () C:\Users\MRTNxHILL\AppData\Roaming\uTorrent2014-07-15 17:51 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-15 17:51 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-15 17:49 - 2012-12-03 22:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-07-15 17:49 - 2012-05-30 05:50 - 01468989 _____ () C:\Windows\WindowsUpdate.log2014-07-15 17:42 - 2014-07-06 18:22 - 00000000 ____D () C:\Program Files\SupraSavings2014-07-15 17:42 - 2012-03-06 06:49 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-15 17:35 - 2012-03-06 06:49 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-15 17:34 - 2012-08-28 04:57 - 00000380 _____ () C:\Users\MRTNxHILL\AppData\Roaming\sp_data.sys2014-07-15 17:34 - 2012-05-30 05:58 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job2014-07-11 21:48 - 2012-08-28 21:44 - 00000000 ____D () C:\ProgramData\Lx_cats2014-07-08 20:05 - 2012-12-03 22:38 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-08 20:05 - 2012-12-03 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-08 20:05 - 2012-12-03 22:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-06 18:49 - 2012-08-28 21:39 - 00000000 ____D () C:\Program Files (x86)\Steam2014-07-06 18:27 - 2013-12-24 01:07 - 00000000 ____D () C:\Users\MRTNxHILL\AppData\Roaming\newnext.me2014-07-06 18:26 - 2013-10-30 14:06 - 00000000 ____D () C:\Program Files (x86)\Origin2014-07-06 18:26 - 2013-06-11 18:14 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job2014-07-06 18:26 - 2013-06-05 16:11 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job2014-07-06 18:26 - 2012-05-30 05:58 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job2014-07-06 18:26 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-06 18:25 - 2009-07-14 00:51 - 00083185 _____ () C:\Windows\setupact.log2014-07-06 18:21 - 2012-03-06 06:27 - 00237698 _____ () C:\Windows\PFRO.log2014-07-05 20:00 - 2013-09-09 17:23 - 00000000 ____D () C:\Windows\system32\MRT2014-07-05 19:58 - 2012-09-04 08:49 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-05 19:57 - 2012-08-28 18:13 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-05 19:55 - 2014-05-11 17:54 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-06-29 23:06 - 2013-10-30 14:08 - 00000000 ____D () C:\ProgramData\Origin2014-06-29 14:49 - 2012-05-30 06:04 - 00001860 _____ () C:\Windows\system32\ServiceFilter.ini2014-06-27 21:53 - 2014-04-28 17:05 - 00000000 ____D () C:\Program Files\0032014-06-27 20:33 - 2014-04-27 15:15 - 00000000 ____D () C:\ProgramData\AVG Secure Search2014-06-27 20:33 - 2012-09-24 10:09 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search2014-06-27 19:36 - 2014-06-27 19:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-27 19:34 - 2014-06-27 19:34 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-27 19:34 - 2014-06-27 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-27 19:34 - 2014-06-27 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-27 19:34 - 2014-01-13 06:03 - 00000000 ____D () C:\Users\MRTNxHILL\AppData\Roaming\Malwarebytes2014-06-27 19:33 - 2014-01-13 06:02 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-06-27 19:33 - 2014-01-13 06:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-06-27 19:26 - 2014-06-27 19:26 - 00032659 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]geto.boys.discography.320.10.albums.rap.by.dragan09.torrent2014-06-27 19:25 - 2014-06-27 19:25 - 00032659 _____ () C:\Users\MRTNxHILL\Downloads\F7C8.tmp2014-06-26 17:56 - 2014-06-26 17:56 - 00000000 ____D () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B502014-06-25 23:46 - 2012-09-24 10:09 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys2014-06-24 19:20 - 2009-07-14 01:13 - 00798054 _____ () C:\Windows\system32\PerfStringBackup.INI2014-06-24 18:54 - 2012-03-06 06:49 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-06-24 18:54 - 2012-03-06 06:49 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-06-18 22:31 - 2014-06-18 22:31 - 00012500 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]method.man.tical.1994.320.kbps.torrent2014-06-16 22:52 - 2014-06-16 22:52 - 00017045 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]the.cool.kids.when.fish.ride.bicycles.2011.mp3ville.torrent2014-06-16 22:33 - 2014-06-16 22:33 - 00046830 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]busta.rhymes.discography.320.16albums.rap.by.dragan09.torrent2014-06-16 22:12 - 2013-10-11 21:10 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-06-16 22:10 - 2014-06-16 22:10 - 00094673 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]krs.one.bdp.discography.320.28.albums.rap.by.dragan09.torrent2014-06-16 22:04 - 2014-06-16 22:04 - 00017842 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]slum.village.fantastic.vol.2.torrent Some content of TEMP:====================C:\Users\MRTNxHILL\AppData\Local\Temp\6_Offer_15.exeC:\Users\MRTNxHILL\AppData\Local\Temp\AVG.exeC:\Users\MRTNxHILL\AppData\Local\Temp\avguidx.dllC:\Users\MRTNxHILL\AppData\Local\Temp\BackupSetup.exeC:\Users\MRTNxHILL\AppData\Local\Temp\burnsetup.exeC:\Users\MRTNxHILL\AppData\Local\Temp\CommonInstaller.exeC:\Users\MRTNxHILL\AppData\Local\Temp\contentDATs.exeC:\Users\MRTNxHILL\AppData\Local\Temp\dlLogic.exeC:\Users\MRTNxHILL\AppData\Local\Temp\dltr.exeC:\Users\MRTNxHILL\AppData\Local\Temp\DownloadManager.exeC:\Users\MRTNxHILL\AppData\Local\Temp\exthelper.exeC:\Users\MRTNxHILL\AppData\Local\Temp\GCVerifier.dllC:\Users\MRTNxHILL\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\MRTNxHILL\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\MRTNxHILL\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exeC:\Users\MRTNxHILL\AppData\Local\Temp\MachineIdCreator.exeC:\Users\MRTNxHILL\AppData\Local\Temp\Mobogenie_Setup_US.exeC:\Users\MRTNxHILL\AppData\Local\Temp\mpsetup.exeC:\Users\MRTNxHILL\AppData\Local\Temp\mssinstaller.exeC:\Users\MRTNxHILL\AppData\Local\Temp\nsf7D0E.exeC:\Users\MRTNxHILL\AppData\Local\Temp\nsk3066.exeC:\Users\MRTNxHILL\AppData\Local\Temp\nsk608B.exeC:\Users\MRTNxHILL\AppData\Local\Temp\nskF68.exeC:\Users\MRTNxHILL\AppData\Local\Temp\nsl8D2B.exeC:\Users\MRTNxHILL\AppData\Local\Temp\nso8F48.exeC:\Users\MRTNxHILL\AppData\Local\Temp\nsoB38B.exeC:\Users\MRTNxHILL\AppData\Local\Temp\nsqE6BC.exeC:\Users\MRTNxHILL\AppData\Local\Temp\nsqF694.exeC:\Users\MRTNxHILL\AppData\Local\Temp\nsv18D4.exeC:\Users\MRTNxHILL\AppData\Local\Temp\nsz2F81.exeC:\Users\MRTNxHILL\AppData\Local\Temp\nsz4218.exeC:\Users\MRTNxHILL\AppData\Local\Temp\oi_{4828F5E0-1160-4C47-AE8F-7EAB7CC4B11E}.exeC:\Users\MRTNxHILL\AppData\Local\Temp\ose00000.exeC:\Users\MRTNxHILL\AppData\Local\Temp\RegClean10.exeC:\Users\MRTNxHILL\AppData\Local\Temp\ripsetup.exeC:\Users\MRTNxHILL\AppData\Local\Temp\SearchProtectINT.exeC:\Users\MRTNxHILL\AppData\Local\Temp\SearchProtectionSetup.exeC:\Users\MRTNxHILL\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\MRTNxHILL\AppData\Local\Temp\setup-Jutera_US_pscombined-bunndle-cb-1.1-x86x64_20120808.exeC:\Users\MRTNxHILL\AppData\Local\Temp\setup.exeC:\Users\MRTNxHILL\AppData\Local\Temp\SPSetup.exeC:\Users\MRTNxHILL\AppData\Local\Temp\switchsetup.exeC:\Users\MRTNxHILL\AppData\Local\Temp\tbConn.dllC:\Users\MRTNxHILL\AppData\Local\Temp\tbedrs.dllC:\Users\MRTNxHILL\AppData\Local\Temp\ToolbarInstaller.exeC:\Users\MRTNxHILL\AppData\Local\Temp\utt281C.tmp.exeC:\Users\MRTNxHILL\AppData\Local\Temp\utt4B5B.tmp.exeC:\Users\MRTNxHILL\AppData\Local\Temp\uttC514.tmp.exeC:\Users\MRTNxHILL\AppData\Local\Temp\uttC968.tmp.exeC:\Users\MRTNxHILL\AppData\Local\Temp\verifier.exeC:\Users\MRTNxHILL\AppData\Local\Temp\wpsetup.exeC:\Users\MRTNxHILL\AppData\Local\Temp\WRupdate-428516306.exeC:\Users\MRTNxHILL\AppData\Local\Temp\{AFFC373F-9EA9-4604-88DD-668DB11AA89D}-28.0.1500.95_28.0.1500.72_chrome_updater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-27 21:28 ==================== End Of Log ============================ Addition.txt:Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01Ran by MRTNxHILL at 2014-07-15 17:55:51Running from C:\Users\MRTNxHILL\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}AV: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}AS: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)ASUS K5 Series ScreenSaver (HKLM-x32\...\ASUS K5 Series ScreenSaver) (Version: 1.0.0002 - ASUS)ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.0 - ASUS)ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS)ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.8 - ASUS)ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.9 - ASUS)ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.7.644 - AVG Technologies)Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)Convert Audio Free FLAC to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free FLAC to MP3_is1) (Version: 1.0 - )Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) HiddenCyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) HiddenCyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDarkest Hour: Europe '44-'45 (HKLM-x32\...\Steam App 1280) (Version: - Darkest Hour Team)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGalería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGalerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGarry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenHotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.1.10 - ASUS)Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenKatawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version: - )Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)Killing Floor Mod: Defence Alliance 2 (HKLM-x32\...\Steam App 35420) (Version: - )Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)Lexmark X5400 Series (HKLM\...\Lexmark X5400 Series) (Version: - Lexmark International, Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Mare Nostrum (HKLM-x32\...\Steam App 1230) (Version: - Sandstorm Productions)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenOpenAL (HKLM-x32\...\OpenAL) (Version: - )Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)Privacy SafeGuard version 1.1 (HKLM\...\{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1) (Version: 1.1 - Privacy SafeGuard)Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27015 - Realtek Semiconductor Corp.)Red Orchestra 2: Heroes of Stalingrad (HKLM-x32\...\Steam App 35450) (Version: - Tripwire)Red Orchestra: Ostfront 41-45 (HKLM-x32\...\Steam App 1200) (Version: - Tripwire Interactive)SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.11 - ASUS)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSkype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)Slice Audio File Splitter (HKLM-x32\...\Slice) (Version: - NCH Software)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - )Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)Trend Micro Titanium (Version: 5.00 - Trend Micro Inc.) HiddenTrend Micro Titanium Internet Security 2012 (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 5.0 - Trend Micro Inc.)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)uTorrentControl_v2 Toolbar (HKLM-x32\...\uTorrentControl_v2 Toolbar) (Version: 6.9.0.16 - uTorrentControl_v2) <==== ATTENTIONWebroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.84 - Webroot)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Restore Points ========================= 24-05-2014 07:00:21 Windows Update25-05-2014 03:30:16 Windows Update15-06-2014 03:19:49 Windows Update05-07-2014 23:20:11 Removed YTD Toolbar v9.4.05-07-2014 23:23:55 Removed YTD Toolbar v9.4.05-07-2014 23:55:10 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {03481314-0D56-4EA1-8187-8F544F93BADC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06] (Google Inc.)Task: {0883A27C-858A-48BC-97FE-56AF1A8765FB} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2011-12-21] (ASUSTeK Computer Inc.)Task: {0FE70065-BEB1-4E26-8511-CFFCAB8DA87D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)Task: {1282D92A-748E-48C9-934C-7815B284B898} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)Task: {147663BE-D1A1-4090-B92C-63297523897A} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.)Task: {3DCE16FB-2876-4DFE-9B7D-E75D3A37D74D} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)Task: {4A49A795-CA35-4D53-91BB-BF016D91294B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06] (Google Inc.)Task: {50CD89E5-C209-41C3-8F28-75047C126F98} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{E721F325-9223-4FB6-897B-D5566BE0129E}.exeTask: {5CCFB8A9-1481-402B-821A-2DE1CE5B1A72} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)Task: {77D600D5-7A49-42DA-977C-550C2ADCA3AF} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{9AC2F05A-BA82-48AA-8410-648640D74F7C}.exeTask: {7E8D1A6B-2241-4F9A-B49C-F0460368260D} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)Task: {804428FE-3EBA-49D8-95AC-B152A4446086} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\MRTNxHILL\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTIONTask: {80DB0A95-0BE7-4208-9957-DF3565F80C8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)Task: {810EFC09-22D3-42C9-B32C-6F39A6E05027} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2011-12-21] (ASUSTeK Computer Inc.)Task: {96573818-62EB-42B2-8DEA-FD924B2A1F56} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-01-04] (ASUS)Task: {D6F880B7-D5E4-4501-B367-1B3D9728C29B} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{E721F325-9223-4FB6-897B-D5566BE0129E}.exeTask: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{9AC2F05A-BA82-48AA-8410-648640D74F7C}.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exeTask: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-28 21:39 - 2007-09-24 21:03 - 00045568 _____ () C:\Windows\System32\LXDVPMON.DLL2012-08-28 21:38 - 2007-08-14 03:17 - 00069632 _____ () C:\Windows\System32\LXDVOEM.DLL2012-08-28 21:38 - 2007-09-24 20:53 - 00081408 _____ () C:\Program Files (x86)\Lexmark X5400 Series\ipcmt64.dll2012-08-28 21:41 - 2007-05-02 23:43 - 00138240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdvdrpp.dll2007-05-16 00:50 - 2007-05-16 00:50 - 01389568 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxdvptpc.dll2007-05-02 23:45 - 2007-05-02 23:45 - 00182272 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxdvdrui.dll2007-05-02 23:42 - 2007-05-02 23:42 - 00214016 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxdvdr.dll2007-10-01 18:19 - 2007-10-01 18:19 - 01682944 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxdvHPEC.DLL2007-07-20 07:32 - 2007-07-20 07:32 - 00193024 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxdvdatr.dll2012-05-30 05:58 - 2011-12-16 14:02 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe2007-08-10 15:51 - 2007-08-10 15:51 - 00025088 _____ () C:\Windows\system32\lxdvcaps.dll2014-06-25 13:58 - 2014-06-25 13:58 - 00172544 _____ () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe2014-06-12 15:05 - 2014-06-12 15:05 - 00110080 _____ () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\nfapi.dll2014-06-12 15:05 - 2014-06-12 15:05 - 00456192 _____ () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\ProtocolFilters.dll2014-06-27 20:33 - 2014-06-25 23:46 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll2012-08-28 21:37 - 2007-11-02 04:38 - 00455336 _____ () C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe2012-08-28 21:37 - 2007-11-02 04:38 - 00025256 _____ () C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe2012-09-24 10:09 - 2014-06-25 23:46 - 02571288 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe2012-03-06 06:59 - 2011-08-02 16:45 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll2012-03-06 06:59 - 2011-08-02 16:45 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll2012-03-11 23:28 - 2012-02-22 03:18 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll2011-12-14 19:18 - 2011-12-14 19:18 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-06-27 20:33 - 2014-06-25 23:46 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll2012-08-28 21:37 - 2007-09-06 16:38 - 00278528 _____ () C:\Program Files (x86)\Lexmark X5400 Series\lxdvscw.dll2012-08-28 21:37 - 2007-07-20 07:30 - 00188416 _____ () C:\Program Files (x86)\Lexmark X5400 Series\lxdvdatr.dll2012-08-28 21:37 - 2006-12-28 11:47 - 00073728 _____ () C:\Program Files (x86)\Lexmark X5400 Series\lxdvcats.dll2012-08-28 21:37 - 2007-09-06 16:40 - 00692224 _____ () C:\Program Files (x86)\Lexmark X5400 Series\lxdvDRS.dll2012-08-28 21:37 - 2007-08-10 15:49 - 00065536 _____ () C:\Program Files (x86)\Lexmark X5400 Series\lxdvcaps.dll2012-08-28 21:37 - 2007-07-16 13:53 - 00069632 _____ () C:\Program Files (x86)\Lexmark X5400 Series\lxdvcnv4.dll2012-08-28 21:37 - 2007-10-08 04:59 - 00028672 _____ () C:\Program Files (x86)\Lexmark X5400 Series\App4R.Monitor.Common.dll2012-08-28 21:37 - 2007-10-08 04:59 - 00036864 _____ () C:\Program Files (x86)\Lexmark X5400 Series\App4R.Monitor.Core.dll2012-08-28 21:37 - 2007-10-08 04:58 - 00057344 _____ () C:\Program Files (x86)\Lexmark X5400 Series\app4r.devmons.mcmdevmon.dll2012-08-28 21:37 - 2007-08-10 02:12 - 00011776 _____ () C:\Program Files (x86)\Lexmark X5400 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll2014-01-31 22:22 - 2014-06-29 14:52 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll2014-01-31 22:22 - 2014-06-29 14:52 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll2014-01-31 22:22 - 2014-06-29 14:52 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll2014-01-31 22:22 - 2014-06-29 14:52 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll2014-01-31 22:22 - 2014-06-29 14:52 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll2014-01-31 22:22 - 2014-06-29 14:52 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll2014-01-31 22:22 - 2014-06-29 14:52 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll2014-01-31 22:22 - 2014-06-29 14:52 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll2012-01-31 12:25 - 2012-01-31 12:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll2012-02-06 22:32 - 2012-02-06 22:32 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll2010-08-20 12:57 - 2010-08-20 12:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll2010-08-20 12:57 - 2010-08-20 12:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll2012-05-30 05:58 - 2011-12-16 13:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2011-08-15 23:12 - 2011-08-15 23:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll2011-08-15 23:15 - 2011-08-15 23:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll2011-08-17 19:41 - 2011-08-17 19:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll2011-08-17 19:48 - 2011-08-17 19:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll2011-11-25 16:29 - 2011-11-25 16:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll2011-08-15 23:12 - 2011-08-15 23:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll2011-08-17 19:48 - 2011-08-17 19:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll2011-08-15 22:23 - 2011-08-15 22:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll2011-11-25 16:28 - 2011-11-25 16:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll2011-11-25 16:42 - 2011-11-25 16:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll2011-11-25 16:26 - 2011-11-25 16:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll2011-07-19 19:05 - 2011-07-19 19:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll2011-07-19 19:04 - 2011-07-19 19:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll2011-08-15 23:17 - 2011-08-15 23:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll2014-06-16 22:12 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll2014-06-16 22:12 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll2014-06-16 22:12 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll2014-06-16 22:12 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll2014-06-16 22:12 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll2014-06-16 22:12 - 2014-06-05 09:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll2014-07-15 17:45 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exeMSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exeMSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/15/2014 05:34:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 60666121 Error: (07/15/2014 05:34:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 60666121 Error: (07/15/2014 05:34:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/15/2014 00:43:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 21590 Error: (07/15/2014 00:43:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 21590 Error: (07/15/2014 00:43:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/15/2014 00:43:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 20514 Error: (07/15/2014 00:43:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 20514 Error: (07/15/2014 00:43:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/15/2014 00:43:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 19484 System errors:=============Error: (07/06/2014 06:33:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (07/06/2014 06:33:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (07/06/2014 06:24:54 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)Description: CBS Client initialization failed. Last error: 0x8007045b Error: (07/06/2014 06:23:06 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)Description: CBS Client initialization failed. Last error: 0x8007045b Error: (07/05/2014 07:54:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/05/2014 07:24:03 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (06/27/2014 09:52:34 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} Error: (06/27/2014 08:46:45 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {F25AF245-4A81-40DC-92F9-E9021F207706} Error: (06/27/2014 08:34:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The vToolbarUpdater18.1.7 service failed to start due to the following error: %%1053 Error: (06/27/2014 08:34:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the vToolbarUpdater18.1.7 service to connect. Microsoft Office Sessions:=========================Error: (07/15/2014 05:34:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 60666121 Error: (07/15/2014 05:34:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 60666121 Error: (07/15/2014 05:34:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/15/2014 00:43:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 21590 Error: (07/15/2014 00:43:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 21590 Error: (07/15/2014 00:43:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/15/2014 00:43:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 20514 Error: (07/15/2014 00:43:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 20514 Error: (07/15/2014 00:43:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/15/2014 00:43:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 19484 ==================== Memory info =========================== Percentage of memory in use: 59%Total physical RAM: 3981.91 MBAvailable physical RAM: 1599.99 MBTotal Pagefile: 7962.01 MBAvailable Pagefile: 5078.23 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:440.44 GB) (Free:243.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 527CD163) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted July 15, 2014 ID:853251 Share Posted July 15, 2014 Hi & My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please uninstall some programs:Windows 7: Click on the Start Menu button, open Control Panel and click Uninstall a program.Search and select the following programs one by one and click on Uninstall:uTorrentControl_v2 ToolbarReboot your computer.Step 2Please download AdwCleaner (by Xplode) and save it to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select "Run As Administrator"Click on the Scan button.After the scan has finished, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.Step 3Download zoek.exe to your desktopIf Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.Using Zoek.exeOn the Desktop, double-click Zoek.exe to start the tool.Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.Give the program a few seconds to appear.Copy and paste the following script in the code box:Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.FFdefaults;CHRdefaults;iedefaults;emptyclsid;autoclean;Click the "Run script" button and wait patiently.When finished the logfile will be opened in notepad.If a reboot is needed the logfile will be opened after reboot.The zoek-results.log can also be found on your systemdrive.Please post the logfile for further review in your next comment.Step 4Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.Please copy and paste the log in your next reply. Link to post Share on other sites More sharing options...
RNxSupaStar Posted July 16, 2014 Author ID:853347 Share Posted July 16, 2014 AdwCleaner:# AdwCleaner v3.215 - Report created 15/07/2014 at 19:41:05# Updated 09/07/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : MRTNxHILL - MRTNXHILL-PC# Running from : C:\Users\MRTNxHILL\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** Service Deleted : SupraSavingsService64Service Deleted : vToolbarUpdater18.1.7 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apnFolder Deleted : C:\ProgramData\AskFolder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\ProgramData\ConduitFolder Deleted : C:\ProgramData\NCH SoftwareFolder Deleted : C:\Program Files (x86)\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\GreenTree ApplicationsFolder Deleted : C:\Program Files (x86)\MobogenieFolder Deleted : C:\Program Files (x86)\MyPC BackupFolder Deleted : C:\Program Files (x86)\NCH SoftwareFolder Deleted : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\Common Files\SpigotFolder Deleted : C:\Windows\SysWOW64\SearchProtectFolder Deleted : C:\Program Files\003Folder Deleted : C:\Program Files\SupraSavingsFolder Deleted : C:\Users\MRTNxHILL\AppData\Local\AVG Secure SearchFolder Deleted : C:\Users\MRTNxHILL\AppData\Local\ConduitFolder Deleted : C:\Users\MRTNxHILL\AppData\Local\genienextFolder Deleted : C:\Users\MRTNxHILL\AppData\Local\MobogenieFolder Deleted : C:\Users\MRTNxHILL\AppData\Local\NativeMessagingFolder Deleted : C:\Users\MRTNxHILL\AppData\Local\Slick SavingsFolder Deleted : C:\Users\MRTNXH~1\AppData\Local\Temp\apnFolder Deleted : C:\Users\MRTNXH~1\AppData\Local\Temp\NativeMessagingFolder Deleted : C:\Users\MRTNxHILL\AppData\LocalLow\AVG Secure SearchFolder Deleted : C:\Users\MRTNxHILL\AppData\LocalLow\ConduitFolder Deleted : C:\Users\MRTNxHILL\AppData\Roaming\newnext.meFolder Deleted : C:\Users\MRTNxHILL\AppData\Roaming\SystweakFolder Deleted : C:\Users\MRTNxHILL\Documents\MobogenieFolder Deleted : C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmnaFile Deleted : C:\ENDFile Deleted : C:\Windows\System32\roboot64.exeFile Deleted : C:\Users\MRTNxHILL\daemonprocess.txtFile Deleted : C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorageFile Deleted : C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journalFile Deleted : C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorageFile Deleted : C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journalFile Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmddaKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmddaKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocjKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpoojKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkkKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocppValue Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWndKey Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\SKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAddValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\1ClickDownloadKey Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\SmartBarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\AppDataLow\Software\Search SettingsKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\AppDataLow\Software\Supra SavingsKey Deleted : HKLM\Software\AVG Secure SearchKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\suprasavingsKey Deleted : HKLM\Software\systweakKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure SearchKey Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcherKey Deleted : [x64] HKLM\SOFTWARE\Supra SavingsKey Deleted : [x64] HKLM\SOFTWARE\suprasavings ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Extension] : aaaaojmikegpiepcfdkkjaplodkpfmloDeleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmddaDeleted [Extension] : hbcennhacfaagdopikcegfcobcadeocjDeleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpoojDeleted [Extension] : icpgjfneehieebagbmdbhnlpiopdcmnaDeleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkkDeleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblofDeleted [Extension] : pfndaklgolladniicklehhancnlgocpp ************************* AdwCleaner[R0].txt - [14582 octets] - [15/07/2014 19:38:50]AdwCleaner[s0].txt - [14376 octets] - [15/07/2014 19:41:05] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14437 octets] ########## Zoek:Zoek.exe v5.0.0.0 Updated 15-07-2014Tool run by MRTNxHILL on Tue 07/15/2014 at 19:58:26.66.Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\MRTNxHILL\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 7/15/2014 8:08:38 PM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{078AD3A3-754C-4647-9AC9-6785CBF92CB7} deleted successfullyHKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1D3220FC-A5A8-4847-83F3-8A9C61BFA01E} deleted successfullyHKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1D75CBF6-E1B0-424C-A971-EAA6C4DFEC6C} deleted successfullyHKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7FB50EAE-D607-4848-8E01-F3A6D6C98D2D} deleted successfullyHKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1036AD63-AEAC-460B-9060-C96005D4DC86} deleted successfullyHKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1036AD63-AEAC-460B-9060-C96005D4DC86} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{7473B6BD-4691-4744-A82B-7854EB3D70B6} deleted successfullyHKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfullyHKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfullyHKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} deleted successfullyHKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} deleted successfullyHKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfullyHKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{1036AD63-AEAC-460B-9060-C96005D4DC86} deleted successfullyHKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110511131190} deleted successfullyHKEY_USERS\S-1-5-21-2389733265-3962132501-2217828593-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\MRTNxHILL\.android deletedC:\search.sqlite deletedC:\PROGRA~3\SPL59F6.tmp deletedC:\Users\MRTNxHILL\AppData\Local\CRE deletedC:\Users\MRTNxHILL\AppData\Local\cache deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deletedC:\Users\MRTNxHILL\Searches deletedC:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deletedC:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deletedC:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deletedC:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job deletedC:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv deletedC:\prefs.js deletedC:\Windows\SysNative\config\systemprofile\Searches deleted"C:\Windows\Installer\5ed64.msi" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"{22C7F6C6-8D67-4534-92B5-529A0EC09405}"="C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension" [03/06/2012 07:00 AM] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsgeggofhlfbcmanadhknllmlajiafopoh - C:\Program Files\PrivacySafeGuard\pschrome_bunndle-cb_1_1.crx[07/18/2012 01:42 AM]lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[04/11/2014 07:46 PM]lipgolpfajiadodbcbljdpmbmbdmfcil - C:\Users\MRTNxHILL\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx[]okfhiodnpcnnnpgbjbhfebjnbagmfhab - C:\ProgramData\WRData\pkg\lpchrome.crx[12/03/2012 10:14 PM] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensionslipgolpfajiadodbcbljdpmbmbdmfcil - C:\Users\MRTNxHILL\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx[] Theme Creator - MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffcWord Search - MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnlGoogle Voice Search Hotword (Beta) - MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfnAdBlock - MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidomNike Theme 2.0 - MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplhpmojnbohfmhjgccigdofgbkahacaPoppit - MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmiGoogle Dictionary (by Google) - MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcojaFlow Colors - MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk ==== Chrome Fix ====================== C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage deleted successfullyC:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal deleted successfullyC:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage deleted successfullyC:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage-journal deleted successfullyC:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_broadband-search.com_0.localstorage deleted successfullyC:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_broadband-search.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="https://search.yahoo.com/?type=282369&fr=spigot-yhp-ie"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]No DefaultScope Set For HKCU New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfullyC:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil deleted successfullyHKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\MRTNxHILL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\MRTNxHILL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\MRTNxHILL\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=131 folders=28 5585100 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\MRTNxHILL\AppData\Local\Temp will be emptied at rebootC:\Users\TEMP\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at rebootC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\MRTNXH~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on Tue 07/15/2014 at 23:27:19.71 ====================== Link to post Share on other sites More sharing options...
RNxSupaStar Posted July 16, 2014 Author ID:853348 Share Posted July 16, 2014 FRST:Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01Ran by MRTNxHILL (administrator) on MRTNXHILL-PC on 15-07-2014 23:34:46Running from C:\Users\MRTNxHILL\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Webroot) C:\Program Files\Webroot\WRSA.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxdvserv.exe( ) C:\Windows\System32\lxdvcoms.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe(Webroot) C:\Program Files\Webroot\WRSA.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe(ASUS) C:\Windows\AsScrPro.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe() C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe() C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1654992 2011-10-26] (Trend Micro Inc.)HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2011-10-04] (Trend Micro Inc.)HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [416992 2011-08-02] (Trend Micro Inc.)HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)HKLM\...\Run: [lxdvmon.exe] => C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe [455336 2007-11-02] ()HKLM\...\Run: [lxdvamon] => C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe [25256 2007-11-02] ()HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-03-06] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [766040 2014-06-13] (Webroot)HKLM-x32\...\Run: [Lexmark X5400 Series] => C:\Program Files (x86)\Lexmark X5400 Series\fm3032.exe [307880 2007-11-02] ()HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"HKU\S-1-5-21-2389733265-3962132501-2217828593-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-06-29] (Electronic Arts)HKU\S-1-5-21-2389733265-3962132501-2217828593-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-2389733265-3962132501-2217828593-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnkShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnkShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnkShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.comSearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll ()BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Privacy Safeguard BHO -> {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} -> C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll ()BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll ()Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll ()Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextensionFF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012-03-06]FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextensionFF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2012-03-06] Chrome: =======CHR Extension: (Entanglement Web App) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2012-09-23]CHR Extension: (Theme Creator) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2012-09-23]CHR Extension: (Word Search Puzzle) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl [2014-01-13]CHR Extension: (Google Docs) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-15]CHR Extension: (Google Drive) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-15]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]CHR Extension: (Frat Boy Beer Pong) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldnejoajcpmegfmelnfikdlnnpclaoi [2012-11-14]CHR Extension: (YouTube) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-15]CHR Extension: (Google Search) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-15]CHR Extension: (Fun Switcher) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb [2012-09-23]CHR Extension: (AdBlock) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-12]CHR Extension: (Nike Theme 2.0) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplhpmojnbohfmhjgccigdofgbkahaca [2014-02-02]CHR Extension: (Skype Click to Call) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-15]CHR Extension: (Poppit) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2012-09-23]CHR Extension: (Google Dictionary (by Google)) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2012-09-23]CHR Extension: (Google Wallet) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]CHR Extension: (Webroot) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-07-15]CHR Extension: (Flow Colors) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk [2012-11-14]CHR Extension: (Gmail) - C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-14]CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_bunndle-cb_1_1.crx [2012-08-31]CHR HKLM-x32\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_bunndle-cb_1_1.crx [2012-08-31]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2012-11-15]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-03] (ASUS)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)R2 lxdvCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe [33448 2007-10-18] (Lexmark International, Inc.)R2 lxdv_device; C:\Windows\system32\lxdvcoms.exe [1044136 2007-10-18] ( )R2 lxdv_device; C:\Windows\SysWOW64\lxdvcoms.exe [594600 2007-10-18] ( )S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [247072 2011-08-02] (Trend Micro Inc.)R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [766040 2014-06-13] (Webroot)S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X] ==================== Drivers (Whitelisted) ==================== R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows ® Win 7 DDK provider)R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-07] (Windows ® Win 7 DDK provider)R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-25] (AVG Technologies)R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2011-08-11] (Trend Micro Inc.)R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2011-08-11] (Trend Micro Inc.)R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-08-11] (Trend Micro Inc.)R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-09-29] (Trend Micro Inc.)R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-06-13] (Webroot) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-15 23:23 - 2014-07-15 19:57 - 00024064 _____ () C:\Windows\zoek-delete.exe2014-07-15 20:08 - 2014-07-15 23:27 - 00011745 _____ () C:\zoek-results.log2014-07-15 19:57 - 2014-07-15 23:25 - 00000000 ____D () C:\zoek_backup2014-07-15 19:57 - 2014-07-15 19:57 - 01287168 _____ () C:\Users\MRTNxHILL\Downloads\zoek.exe2014-07-15 19:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-07-15 19:38 - 2014-07-15 19:47 - 00000000 ____D () C:\AdwCleaner2014-07-15 19:31 - 2014-07-15 19:31 - 01348263 _____ () C:\Users\MRTNxHILL\Downloads\AdwCleaner.exe2014-07-15 17:55 - 2014-07-15 17:57 - 00043583 _____ () C:\Users\MRTNxHILL\Downloads\Addition.txt2014-07-15 17:54 - 2014-07-15 23:34 - 00024718 _____ () C:\Users\MRTNxHILL\Downloads\FRST.txt2014-07-15 17:54 - 2014-07-15 23:34 - 00000000 ____D () C:\FRST2014-07-15 17:53 - 2014-07-15 17:53 - 02086912 _____ (Farbar) C:\Users\MRTNxHILL\Downloads\FRST64.exe2014-06-27 19:34 - 2014-06-27 19:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-27 19:34 - 2014-06-27 19:34 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-27 19:34 - 2014-06-27 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-27 19:33 - 2014-06-27 19:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-27 19:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-06-27 19:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-06-27 19:26 - 2014-06-27 19:26 - 00032659 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]geto.boys.discography.320.10.albums.rap.by.dragan09.torrent2014-06-27 19:25 - 2014-06-27 19:25 - 00032659 _____ () C:\Users\MRTNxHILL\Downloads\F7C8.tmp2014-06-26 17:56 - 2014-06-26 17:56 - 00000000 ____D () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B502014-06-18 22:31 - 2014-06-18 22:31 - 00012500 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]method.man.tical.1994.320.kbps.torrent2014-06-16 22:52 - 2014-06-16 22:52 - 00017045 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]the.cool.kids.when.fish.ride.bicycles.2011.mp3ville.torrent2014-06-16 22:33 - 2014-06-16 22:33 - 00046830 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]busta.rhymes.discography.320.16albums.rap.by.dragan09.torrent2014-06-16 22:10 - 2014-06-16 22:10 - 00094673 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]krs.one.bdp.discography.320.28.albums.rap.by.dragan09.torrent2014-06-16 22:04 - 2014-06-16 22:04 - 00017842 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]slum.village.fantastic.vol.2.torrent ==================== One Month Modified Files and Folders ======= 2014-07-15 23:35 - 2014-07-15 17:54 - 00024718 _____ () C:\Users\MRTNxHILL\Downloads\FRST.txt2014-07-15 23:34 - 2014-07-15 17:54 - 00000000 ____D () C:\FRST2014-07-15 23:34 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-15 23:34 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-15 23:30 - 2013-10-30 14:08 - 00000000 ____D () C:\ProgramData\Origin2014-07-15 23:27 - 2014-07-15 20:08 - 00011745 _____ () C:\zoek-results.log2014-07-15 23:27 - 2013-10-30 14:06 - 00000000 ____D () C:\Program Files (x86)\Origin2014-07-15 23:26 - 2012-08-28 18:36 - 00000000 ____D () C:\ProgramData\WRData2014-07-15 23:26 - 2012-08-28 04:57 - 00000380 _____ () C:\Users\MRTNxHILL\AppData\Roaming\sp_data.sys2014-07-15 23:25 - 2014-07-15 19:57 - 00000000 ____D () C:\zoek_backup2014-07-15 23:25 - 2012-05-30 05:58 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job2014-07-15 23:25 - 2012-03-06 06:49 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-15 23:25 - 2012-03-06 06:27 - 00238350 _____ () C:\Windows\PFRO.log2014-07-15 23:25 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-15 23:25 - 2009-07-14 00:51 - 00083353 _____ () C:\Windows\setupact.log2014-07-15 23:24 - 2012-05-30 05:50 - 01504088 _____ () C:\Windows\WindowsUpdate.log2014-07-15 22:59 - 2012-03-06 06:49 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-15 22:49 - 2012-12-03 22:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-07-15 22:03 - 2012-08-28 04:55 - 00000000 ____D () C:\Users\MRTNxHILL2014-07-15 19:57 - 2014-07-15 23:23 - 00024064 _____ () C:\Windows\zoek-delete.exe2014-07-15 19:57 - 2014-07-15 19:57 - 01287168 _____ () C:\Users\MRTNxHILL\Downloads\zoek.exe2014-07-15 19:47 - 2014-07-15 19:38 - 00000000 ____D () C:\AdwCleaner2014-07-15 19:31 - 2014-07-15 19:31 - 01348263 _____ () C:\Users\MRTNxHILL\Downloads\AdwCleaner.exe2014-07-15 17:57 - 2014-07-15 17:55 - 00043583 _____ () C:\Users\MRTNxHILL\Downloads\Addition.txt2014-07-15 17:53 - 2014-07-15 17:53 - 02086912 _____ (Farbar) C:\Users\MRTNxHILL\Downloads\FRST64.exe2014-07-15 17:52 - 2012-08-31 12:03 - 00000000 ____D () C:\Users\MRTNxHILL\AppData\Roaming\uTorrent2014-07-15 17:34 - 2012-05-30 05:58 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job2014-07-11 21:48 - 2012-08-28 21:44 - 00000000 ____D () C:\ProgramData\Lx_cats2014-07-08 20:05 - 2012-12-03 22:38 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-08 20:05 - 2012-12-03 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-08 20:05 - 2012-12-03 22:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-06 18:49 - 2012-08-28 21:39 - 00000000 ____D () C:\Program Files (x86)\Steam2014-07-05 20:00 - 2013-09-09 17:23 - 00000000 ____D () C:\Windows\system32\MRT2014-07-05 19:58 - 2012-09-04 08:49 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-05 19:57 - 2012-08-28 18:13 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-05 19:55 - 2014-05-11 17:54 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-06-29 14:49 - 2012-05-30 06:04 - 00001860 _____ () C:\Windows\system32\ServiceFilter.ini2014-06-27 19:36 - 2014-06-27 19:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-27 19:34 - 2014-06-27 19:34 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-27 19:34 - 2014-06-27 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-27 19:34 - 2014-06-27 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-27 19:34 - 2014-01-13 06:03 - 00000000 ____D () C:\Users\MRTNxHILL\AppData\Roaming\Malwarebytes2014-06-27 19:33 - 2014-01-13 06:02 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-06-27 19:33 - 2014-01-13 06:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-06-27 19:26 - 2014-06-27 19:26 - 00032659 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]geto.boys.discography.320.10.albums.rap.by.dragan09.torrent2014-06-27 19:25 - 2014-06-27 19:25 - 00032659 _____ () C:\Users\MRTNxHILL\Downloads\F7C8.tmp2014-06-26 17:56 - 2014-06-26 17:56 - 00000000 ____D () C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B502014-06-25 23:46 - 2012-09-24 10:09 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys2014-06-24 19:20 - 2009-07-14 01:13 - 00798054 _____ () C:\Windows\system32\PerfStringBackup.INI2014-06-24 18:54 - 2012-03-06 06:49 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-06-24 18:54 - 2012-03-06 06:49 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-06-18 22:31 - 2014-06-18 22:31 - 00012500 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]method.man.tical.1994.320.kbps.torrent2014-06-16 22:52 - 2014-06-16 22:52 - 00017045 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]the.cool.kids.when.fish.ride.bicycles.2011.mp3ville.torrent2014-06-16 22:33 - 2014-06-16 22:33 - 00046830 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]busta.rhymes.discography.320.16albums.rap.by.dragan09.torrent2014-06-16 22:12 - 2013-10-11 21:10 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-06-16 22:10 - 2014-06-16 22:10 - 00094673 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]krs.one.bdp.discography.320.28.albums.rap.by.dragan09.torrent2014-06-16 22:04 - 2014-06-16 22:04 - 00017842 _____ () C:\Users\MRTNxHILL\Downloads\[kickass.to]slum.village.fantastic.vol.2.torrent ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-27 21:28 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted July 16, 2014 ID:853485 Share Posted July 16, 2014 Hi,you did a great job!Step 1Scan with Malwarebytes AntimalwarePlease update the database by clicking on the "Update Now" button.Following the update and click "Settings" and go to "Detection and Protection"Make sure "Scan for Rootkits" is checked.Click on Dashboard, then click on Scan Now to start the scan.(If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)A window with an option to view the detailed log will appear. Click on "View Detailed Log".After viewing the results, please click on the "Copy to Clipboard" button and then OK.Return to our forum. Paste your log into your next reply.Step 2Please download the ESET Online Scanner and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start esetsmartinstaller_enu.exe with administartor privileges.Select the option Yes, I accept the Terms of Use and click on Start.Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.Now click on Advanced Settings and select the following:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick on Start. The virus signature database will begin to download. This may take some time.When completed the Online Scan will begin automatically.Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!Now click on FinishA log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.Copy and paste the content of this log file in your next reply.Note: Do not forget to re-enable your antivirus application after running the above scan!Can you please tell me which problems still persist now? Link to post Share on other sites More sharing options...
RNxSupaStar Posted July 16, 2014 Author ID:853640 Share Posted July 16, 2014 MalwareBytes:Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/16/2014Scan Time: 12:34:58 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.16.05Rootkit Database: v2014.07.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: MRTNxHILL Scan Type: Threat ScanResult: CompletedObjects Scanned: 324833Time Elapsed: 18 min, 40 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 3PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Quarantined, [1460613e6c0f2a0c44aa14c160a2758b], PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [472d693624574aec3335924d25dd23dd], PUP.Optional.SuperFish.A, HKU\S-1-5-21-2389733265-3962132501-2217828593-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [2153eeb17308f2441aeac3fe09f91de3], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 1PUP.Optional.SupRaSavings.A, C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50, Quarantined, [a7cd3867f784072fbb488f2d0bf7c739], Files: 14PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, Quarantined, [95dfdcc354276bcb0685f449946c5ba5], PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [472d653a037888ae755836526d97c739], PUP.Optional.MyEmoticons.A, C:\Users\MRTNxHILL\Downloads\YTDSetup.exe, Quarantined, [83f1f8a72259f14587e288d7e71a08f8], PUP.Optional.OneClickDownloader.A, C:\Users\MRTNxHILL\Downloads\Tyler,_The_Creator_Goblin_(Deluxe_Edition)_-_iPlus.exe, Quarantined, [aec63d62285373c3c1ca67b26998e917], PUP.Optional.LiveLyrics.A, C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage, Quarantined, [54208a152853d2647d457f4de919a35d], PUP.Optional.LiveLyrics.A, C:\Users\MRTNxHILL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Quarantined, [0c683f607efdbf774b77f1db3ec4ba46], PUP.Optional.SupRaSavings.A, C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\64.ico, Quarantined, [a7cd3867f784072fbb488f2d0bf7c739], PUP.Optional.SupRaSavings.A, C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\libeay32.dll, Quarantined, [a7cd3867f784072fbb488f2d0bf7c739], PUP.Optional.SupRaSavings.A, C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\nfapi.dll, Quarantined, [a7cd3867f784072fbb488f2d0bf7c739], PUP.Optional.SupRaSavings.A, C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\nfregdrv.exe, Quarantined, [a7cd3867f784072fbb488f2d0bf7c739], PUP.Optional.SupRaSavings.A, C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\ProtocolFilters.dll, Quarantined, [a7cd3867f784072fbb488f2d0bf7c739], PUP.Optional.SupRaSavings.A, C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\ssleay32.dll, Quarantined, [a7cd3867f784072fbb488f2d0bf7c739], PUP.Optional.SupRaSavings.A, C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\SupraSavingsService64.exe, Quarantined, [a7cd3867f784072fbb488f2d0bf7c739], PUP.Optional.SupRaSavings.A, C:\Program Files (x86)\A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50\uninstall_l.exe, Quarantined, [a7cd3867f784072fbb488f2d0bf7c739], Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
deeprybka Posted July 16, 2014 ID:853741 Share Posted July 16, 2014 OK, and if finished the ESET-Log please... Link to post Share on other sites More sharing options...
RNxSupaStar Posted July 16, 2014 Author ID:853759 Share Posted July 16, 2014 EsetOS:C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\MRTNxHILL\AppData\Local\Conduit\Chrome\CT3306061\CHUninstaller.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\MRTNxHILL\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\MRTNxHILL\AppData\Local\NativeMessaging\CT3306061\1_0_0_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\MRTNxHILL\AppData\Local\Temp\NativeMessaging\CT3306061.crx.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\MRTNxHILL\AppData\Local\Temp\NativeMessaging\CT3306061\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\MRTNxHILL\AppData\Roaming\newnext.me\nengine.dll.vir Win32/NextLive.A potentially unwanted applicationC:\Program Files (x86)\NCH Swift Sound\Slice\slice.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted applicationC:\Program Files (x86)\NCH Swift Sound\Slice\slicesetup_v2.00.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted applicationC:\Program Files (x86)\NCH Swift Sound\Slice\uninst.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted applicationC:\Users\MRTNxHILL\Downloads\cbsidlm-cbsi145-Free_Flac_to_MP3-SEO-75758784.exe a variant of Win32/CNETInstaller.B potentially unwanted applicationC:\Users\MRTNxHILL\Downloads\slicesetup.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted applicationC:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted applicationC:\zoek_backup\C_Users_MRTNxHILL_AppData_Local_CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx a variant of Win32/Toolbar.Conduit.AA potentially unwanted application Link to post Share on other sites More sharing options...
deeprybka Posted July 16, 2014 ID:853764 Share Posted July 16, 2014 Can you please tell me which problems still persist now? Link to post Share on other sites More sharing options...
RNxSupaStar Posted July 16, 2014 Author ID:853777 Share Posted July 16, 2014 I dont think there are any problems any more, thank you. Link to post Share on other sites More sharing options...
deeprybka Posted July 16, 2014 ID:853781 Share Posted July 16, 2014 Once again... Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from. Please copy and paste the log in your next reply. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 27, 2014 Root Admin ID:858470 Share Posted July 27, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts