Jump to content

Removal of Fundata and Funacce folder help needed!

higherguy2

By higherguy2
in Resolved Malware Removal Logs

 Share

Recommended Posts

kevinf80

kevinf80

Posted
Posted

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites
higherguy2

higherguy2

Posted
  • Author
Posted

Thank you!! This is the FRST.txt

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Wesley (administrator) on WESLEY on 21-09-2014 21:14:05
Running from C:\Users\Wesley\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [btTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-30] (Qualcomm Atheros)
HKLM\...\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-30] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-12] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-29880558-42785158-1016828536-1002\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-29880558-42785158-1016828536-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-29880558-42785158-1016828536-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-29880558-42785158-1016828536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-29880558-42785158-1016828536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-29880558-42785158-1016828536-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: FunOverlay -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\MogulKahn.dll (Funshion)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoIaXKwFZQup7jnfz4efo1ypocm3zWgqykkm4FGs1u1IWYRgj-23qXulDyCdDdNz7isIgHrLITky0vUayJ5RC1wUv9rePotnRf14dHArFxPF5NMW4BluSHPT_2tgq0ZlQfzfsWuPglMBEblxHlRu05Ly7DMYwuMh8Qc,
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=514&systemid=406&v=n11099-244&apn_uid=4914311320704201&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=514&systemid=406&v=n11099-244&apn_uid=4914311320704201&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {B029F876-2C67-4BCC-AACA-66916A893E39} URL = https://sg.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKCU - {31B33E44-F140-4F30-9509-A7F1285C9BCB} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^SG&apn_uid=0FF07265-69B7-479D-98B2-7F91F883EE87&apn_sauid=0A6CA36E-079E-4FA8-92F7-2196F202B379
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=514&systemid=406&v=n11099-244&apn_uid=4914311320704201&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {B029F876-2C67-4BCC-AACA-66916A893E39} URL = https://sg.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: No Name -> {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} ->  No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://sg.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\Wesley\funshion\funshiontools\npFunshion.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\user.js
FF SearchPlugin: C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\searchplugins\yahoo_ff.xml
FF Extension: save on - C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\6bneoeyuei@civqdzrqs.net [2014-05-31]
FF Extension: SNT - C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\l.ovis@ieao-b.net [2014-05-31]
FF Extension: YoutubeAdblocker - C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\w_yuy@vmkvfcdwl.com [2014-05-31]
FF Extension: MEGA - C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\firefox@mega.co.nz.xpi [2014-05-31]
FF Extension: Adblock Plus - C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-13]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-03-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: Default -> 5E661AB35B92ABF06B6329321C3F15569B7CDEB92CB61C13C06EAE1701355C7A
CHR DefaultSearchKeyword: Default -> 41C6AF1AA520A614B481640D0AE91E3BA1602B89156D586E97EB45526B4B6D28
CHR DefaultSearchURL: Default -> 28B1C3B40164110D1F8F5AA51265FAD6262AA567CBC21D2D85074B373F648D29
CHR Profile: C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (avast! Online Security) - C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-23]
CHR Extension: (Google Wallet) - C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-30] (Qualcomm Atheros Commnucations)
U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-11] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5635016 2013-06-25] (INCA Internet Co., Ltd.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed]
S2 FunshionSvr; C:\Users\Wesley\funshion\funshiontools\FunshionSvr.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-11] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-11-01] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\D:\Garena Plus\Room\safedrv.sys [X]
U0 msahci; No ImagePath
U2 TMAgent; No ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 21:14 - 2014-09-21 21:15 - 00021044 _____ () C:\Users\Wesley\Downloads\FRST.txt
2014-09-21 21:13 - 2014-09-21 21:14 - 00000000 ____D () C:\FRST
2014-09-21 21:12 - 2014-09-21 21:12 - 02105856 _____ (Farbar) C:\Users\Wesley\Downloads\FRST64.exe
2014-09-21 16:58 - 2014-09-21 16:58 - 01097728 _____ (Farbar) C:\Users\Wesley\Downloads\FRST.exe
2014-09-20 04:42 - 2014-09-20 04:42 - 00000186 _____ () C:\Users\Wesley\Desktop\cc_20140920_044215.reg
2014-09-19 15:04 - 2014-09-19 15:04 - 00000170 _____ () C:\Users\Wesley\Desktop\cc_20140919_150419.reg
2014-09-19 15:03 - 2014-09-19 15:04 - 00008036 _____ () C:\Users\Wesley\Desktop\cc_20140919_150357.reg
2014-09-19 15:03 - 2014-09-19 15:03 - 00288968 _____ () C:\Users\Wesley\Desktop\cc_20140919_150303.reg
2014-09-19 14:04 - 2014-09-19 14:04 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-19 14:04 - 2014-09-19 14:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-19 14:03 - 2014-09-20 04:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 14:03 - 2014-09-19 14:03 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 14:03 - 2014-09-19 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 14:02 - 2014-09-19 14:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 14:02 - 2014-09-19 14:02 - 04901352 _____ (Piriform Ltd) C:\Users\Wesley\Downloads\ccsetup417.exe
2014-09-19 14:02 - 2014-09-19 14:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-19 14:02 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-19 14:02 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-19 14:02 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-19 14:01 - 2014-09-19 14:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Wesley\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-19 13:56 - 2014-09-19 13:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-17 23:00 - 2014-09-17 23:00 - 00000000 ___RD () C:\Users\Wesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-17 13:33 - 2014-09-21 21:09 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Wesley
2014-09-15 19:41 - 2014-07-16 06:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-09-15 19:39 - 2014-08-16 17:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 19:39 - 2014-08-16 17:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-15 19:39 - 2014-08-16 17:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-15 19:39 - 2014-08-16 17:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 19:39 - 2014-08-16 17:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 19:39 - 2014-08-16 17:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 19:39 - 2014-08-16 17:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 19:39 - 2014-08-16 17:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 19:39 - 2014-08-16 17:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 19:39 - 2014-08-16 17:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 19:39 - 2014-08-16 17:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-15 19:39 - 2014-08-16 17:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 19:39 - 2014-08-16 17:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 19:39 - 2014-08-16 17:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 19:39 - 2014-08-16 15:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-15 19:39 - 2014-08-16 15:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-15 19:39 - 2014-08-16 15:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-15 19:39 - 2014-08-16 15:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-15 19:39 - 2014-08-16 15:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-15 19:39 - 2014-08-16 15:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-15 19:39 - 2014-08-16 15:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-15 19:39 - 2014-08-16 15:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-15 19:39 - 2014-08-16 15:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-15 19:39 - 2014-08-16 15:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-15 19:39 - 2014-08-16 15:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-15 19:39 - 2014-08-16 15:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-15 19:39 - 2014-03-07 08:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-15 19:39 - 2013-05-16 06:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-15 19:39 - 2013-05-16 06:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-15 19:39 - 2013-05-14 21:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-15 19:39 - 2013-05-14 17:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-15 19:39 - 2013-02-21 18:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-15 19:39 - 2013-02-21 18:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-15 19:39 - 2013-02-21 18:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-15 19:39 - 2013-02-21 18:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-15 19:39 - 2013-02-21 18:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-15 19:39 - 2013-02-21 18:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-15 19:39 - 2013-02-19 17:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-15 19:39 - 2012-11-08 12:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-15 19:39 - 2012-11-08 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-15 19:39 - 2012-07-26 11:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-15 19:38 - 2014-08-16 17:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 19:38 - 2014-08-16 15:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-15 19:30 - 2014-06-11 06:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-15 19:30 - 2014-06-11 06:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-13 15:11 - 2014-06-13 09:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-13 15:11 - 2014-06-13 09:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-13 15:11 - 2014-06-05 09:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-13 15:11 - 2014-06-04 07:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-13 15:10 - 2014-08-01 07:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-13 15:10 - 2014-05-29 12:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-09-13 15:10 - 2014-05-08 09:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-09-13 15:09 - 2014-08-28 19:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-13 15:09 - 2014-08-28 14:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-13 15:09 - 2014-08-28 14:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-13 15:09 - 2014-08-28 14:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-13 15:09 - 2014-08-28 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-13 15:09 - 2014-08-28 14:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-13 15:09 - 2014-08-28 14:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-13 15:09 - 2014-08-28 14:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-13 15:09 - 2014-08-28 14:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-13 15:09 - 2014-08-28 14:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-13 15:09 - 2014-08-28 14:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-13 15:09 - 2014-08-28 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-13 15:09 - 2014-08-28 14:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-13 15:09 - 2014-08-28 14:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-13 15:07 - 2014-07-24 11:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-13 15:07 - 2014-07-24 11:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-13 15:07 - 2014-06-20 07:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-13 15:07 - 2014-06-20 06:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-13 15:07 - 2014-06-06 01:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-13 15:07 - 2014-06-06 01:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-13 15:07 - 2014-06-06 01:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-13 15:07 - 2014-06-06 01:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-13 15:07 - 2014-06-06 01:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-13 15:07 - 2014-06-06 01:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-13 15:07 - 2014-06-05 21:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-13 15:07 - 2014-06-05 21:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-13 15:07 - 2014-06-05 21:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-13 15:07 - 2014-06-05 21:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-13 15:07 - 2014-06-05 21:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-13 15:06 - 2014-08-23 14:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-13 15:06 - 2014-08-09 16:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-13 15:06 - 2014-08-09 16:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-13 15:06 - 2014-07-16 07:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-13 15:06 - 2014-07-12 10:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-11 00:06 - 2014-09-13 15:08 - 00000000 ____D () C:\iResearch
2014-09-10 23:46 - 2014-09-10 23:46 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-08 01:09 - 2014-09-08 01:09 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\iy
2014-09-03 16:57 - 2014-09-03 16:57 - 00002239 _____ () C:\Users\Public\Desktop\BlackShot Launcher.lnk
2014-09-03 16:51 - 2014-09-03 16:57 - 00001061 _____ () C:\Users\Public\Desktop\Garena Plus.lnk
2014-09-03 16:50 - 2014-09-20 00:02 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-09-03 16:50 - 2014-09-03 16:51 - 75320584 _____ () C:\Users\Wesley\Downloads\Garena+_Install.exe
2014-09-03 16:46 - 2014-09-03 16:47 - 02751024 _____ () C:\Users\Wesley\Downloads\Blackshot_GarenaPlus_Installer(1).exe
2014-08-31 00:34 - 2014-08-31 00:52 - 1597847024 _____ () C:\BlackShot_GarenaPlus_Install_2_212.exe
2014-08-31 00:34 - 2014-08-31 00:34 - 02751024 _____ () C:\Users\Wesley\Downloads\Blackshot_GarenaPlus_Installer.exe
2014-08-31 00:32 - 2014-08-31 00:30 - 1597847024 _____ () C:\trz97D1.tmp
2014-08-27 21:47 - 2014-08-27 21:47 - 00000000 ____D () C:\Users\Wesley\Desktop\Wesley 503
2014-08-24 21:12 - 2014-08-24 21:12 - 00031232 ___SH () C:\Users\Wesley\Documents\Thumbs.db
2014-08-22 13:19 - 2014-08-22 13:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-22 13:19 - 2014-08-22 13:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVAST Software
2014-08-22 13:18 - 2014-08-22 13:18 - 00002249 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 21:15 - 2014-09-21 21:14 - 00021044 _____ () C:\Users\Wesley\Downloads\FRST.txt
2014-09-21 21:14 - 2014-09-21 21:13 - 00000000 ____D () C:\FRST
2014-09-21 21:14 - 2013-03-10 21:11 - 00003590 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-29880558-42785158-1016828536-1002
2014-09-21 21:12 - 2014-09-21 21:12 - 02105856 _____ (Farbar) C:\Users\Wesley\Downloads\FRST64.exe
2014-09-21 21:11 - 2012-12-14 21:10 - 01615149 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 21:11 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-21 21:11 - 2012-07-26 15:28 - 00848294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-21 21:09 - 2014-09-17 13:33 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Wesley
2014-09-21 21:09 - 2013-09-10 13:44 - 00000000 ____D () C:\Users\Public\Fundata
2014-09-21 21:09 - 2013-03-21 00:00 - 00000294 _____ () C:\Windows\Tasks\FSPlatform.job
2014-09-21 21:09 - 2013-03-10 21:08 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 21:09 - 2013-03-10 21:04 - 00000401 _____ () C:\Users\Wesley\AppData\Roaming\sp_data.sys
2014-09-21 17:03 - 2013-03-10 21:50 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\GarenaPlus
2014-09-21 17:03 - 2013-03-10 21:50 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-09-21 17:00 - 2013-03-24 15:38 - 00907264 ___SH () C:\Users\Wesley\Desktop\Thumbs.db
2014-09-21 16:58 - 2014-09-21 16:58 - 01097728 _____ (Farbar) C:\Users\Wesley\Downloads\FRST.exe
2014-09-21 16:58 - 2013-03-10 21:08 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-21 04:58 - 2013-03-11 17:38 - 00000000 ____D () C:\Users\Wesley\AppData\Local\CrashDumps
2014-09-21 04:46 - 2014-07-23 17:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 02:21 - 2012-07-26 15:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-21 02:20 - 2014-07-04 13:42 - 00000000 ____D () C:\Users\Public\FunAcce
2014-09-20 04:42 - 2014-09-20 04:42 - 00000186 _____ () C:\Users\Wesley\Desktop\cc_20140920_044215.reg
2014-09-20 04:41 - 2014-09-19 14:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-20 04:35 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\migwiz
2014-09-20 04:30 - 2014-07-10 14:56 - 00317592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-20 04:30 - 2014-05-04 13:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-20 04:30 - 2013-05-22 20:21 - 00000294 _____ () C:\Windows\Tasks\FSPlatform1.job
2014-09-20 04:30 - 2012-08-02 09:20 - 00485320 _____ () C:\Windows\PFRO.log
2014-09-20 04:30 - 2012-07-26 15:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-20 04:29 - 2014-04-25 17:53 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\CloudMedia
2014-09-20 04:29 - 2014-01-31 12:40 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar
2014-09-20 04:29 - 2012-08-02 09:36 - 00000000 ____D () C:\Windows\ASUS
2014-09-20 04:29 - 2012-07-26 16:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-09-20 00:02 - 2014-09-03 16:50 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-09-19 15:04 - 2014-09-19 15:04 - 00000170 _____ () C:\Users\Wesley\Desktop\cc_20140919_150419.reg
2014-09-19 15:04 - 2014-09-19 15:03 - 00008036 _____ () C:\Users\Wesley\Desktop\cc_20140919_150357.reg
2014-09-19 15:03 - 2014-09-19 15:03 - 00288968 _____ () C:\Users\Wesley\Desktop\cc_20140919_150303.reg
2014-09-19 14:32 - 2014-05-31 21:36 - 00000000 ____D () C:\ProgramData\TopApp soft
2014-09-19 14:32 - 2014-05-31 21:26 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\Systweak
2014-09-19 14:32 - 2013-03-10 21:00 - 00000000 ____D () C:\Users\Wesley
2014-09-19 14:31 - 2014-07-15 21:23 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\Funshion
2014-09-19 14:04 - 2014-09-19 14:04 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-19 14:04 - 2014-09-19 14:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-19 14:03 - 2014-09-19 14:03 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 14:03 - 2014-09-19 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 14:03 - 2014-09-19 14:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 14:02 - 2014-09-19 14:02 - 04901352 _____ (Piriform Ltd) C:\Users\Wesley\Downloads\ccsetup417.exe
2014-09-19 14:02 - 2014-09-19 14:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-19 14:02 - 2014-09-19 14:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Wesley\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-19 13:56 - 2014-09-19 13:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 13:56 - 2013-07-02 16:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-17 23:00 - 2014-09-17 23:00 - 00000000 ___RD () C:\Users\Wesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-17 14:43 - 2012-08-05 09:43 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-17 14:42 - 2013-03-24 16:49 - 00000000 ____D () C:\ProgramData\Skype
2014-09-17 14:19 - 2013-03-28 17:19 - 00000000 ____D () C:\Users\Wesley\Documents\BlackshotScreenshot
2014-09-15 20:07 - 2012-07-26 13:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-15 20:06 - 2012-07-26 16:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-15 19:38 - 2013-08-15 21:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 03:04 - 2014-06-11 18:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-14 03:01 - 2014-07-13 17:56 - 00000000 ____D () C:\Program Files (x86)\NetCrawl
2014-09-14 02:54 - 2014-05-31 02:12 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\Animals
2014-09-13 15:13 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-13 15:11 - 2013-03-10 21:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-13 15:08 - 2014-09-11 00:06 - 00000000 ____D () C:\iResearch
2014-09-10 23:46 - 2014-09-10 23:46 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 23:46 - 2014-07-23 17:00 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-08 01:39 - 2014-05-31 21:35 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-08 01:39 - 2014-05-31 21:35 - 00000000 ____D () C:\Users\Administrator
2014-09-08 01:39 - 2012-07-26 16:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-09-08 01:09 - 2014-09-08 01:09 - 00000000 ____D () C:\Users\Wesley\AppData\Roaming\iy
2014-09-03 16:57 - 2014-09-03 16:57 - 00002239 _____ () C:\Users\Public\Desktop\BlackShot Launcher.lnk
2014-09-03 16:57 - 2014-09-03 16:51 - 00001061 _____ () C:\Users\Public\Desktop\Garena Plus.lnk
2014-09-03 16:57 - 2013-03-10 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2014-09-03 16:51 - 2014-09-03 16:50 - 75320584 _____ () C:\Users\Wesley\Downloads\Garena+_Install.exe
2014-09-03 16:47 - 2014-09-03 16:46 - 02751024 _____ () C:\Users\Wesley\Downloads\Blackshot_GarenaPlus_Installer(1).exe
2014-09-03 03:32 - 2014-07-10 13:21 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-03 03:32 - 2014-07-10 13:21 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-31 00:52 - 2014-08-31 00:34 - 1597847024 _____ () C:\BlackShot_GarenaPlus_Install_2_212.exe
2014-08-31 00:34 - 2014-08-31 00:34 - 02751024 _____ () C:\Users\Wesley\Downloads\Blackshot_GarenaPlus_Installer.exe
2014-08-31 00:30 - 2014-08-31 00:32 - 1597847024 _____ () C:\trz97D1.tmp
2014-08-29 13:01 - 2013-03-12 18:19 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-28 19:34 - 2014-09-13 15:09 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-28 14:05 - 2014-09-13 15:09 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-28 14:05 - 2014-09-13 15:09 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-28 14:05 - 2014-09-13 15:09 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-28 14:05 - 2014-09-13 15:09 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-28 14:02 - 2014-09-13 15:09 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-28 14:01 - 2014-09-13 15:09 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-28 14:01 - 2014-09-13 15:09 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-28 14:01 - 2014-09-13 15:09 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-28 14:01 - 2014-09-13 15:09 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-28 14:01 - 2014-09-13 15:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-28 14:01 - 2014-09-13 15:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-28 14:01 - 2014-09-13 15:09 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-28 14:01 - 2014-09-13 15:09 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-08-27 21:47 - 2014-08-27 21:47 - 00000000 ____D () C:\Users\Wesley\Desktop\Wesley 503
2014-08-24 21:12 - 2014-08-24 21:12 - 00031232 ___SH () C:\Users\Wesley\Documents\Thumbs.db
2014-08-23 14:47 - 2014-09-13 15:06 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 13:22 - 2013-03-10 21:04 - 00000000 ____D () C:\Users\Wesley\Documents\Bluetooth Folder
2014-08-22 13:19 - 2014-08-22 13:19 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-22 13:19 - 2014-08-22 13:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVAST Software
2014-08-22 13:18 - 2014-08-22 13:18 - 00002249 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk
2014-08-22 13:18 - 2014-03-01 23:35 - 00000401 _____ () C:\Users\Guest\AppData\Roaming\sp_data.sys

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Wesley\AppData\Local\Temp\1363615952638_DriverUtils.dll
C:\Users\Wesley\AppData\Local\Temp\360AD32.tmp360net.dll
C:\Users\Wesley\AppData\Local\Temp\360sd_min_1204C.exe
C:\Users\Wesley\AppData\Local\Temp\BackupSetup.exe
C:\Users\Wesley\AppData\Local\Temp\bdfilters.dll
C:\Users\Wesley\AppData\Local\Temp\BuenoSearchTB.exe
C:\Users\Wesley\AppData\Local\Temp\dump.dll
C:\Users\Wesley\AppData\Local\Temp\fc9c3d6316da4a5cfdcf4e4f5e662a96.dll
C:\Users\Wesley\AppData\Local\Temp\FunshionURLGetFileSize.dll
C:\Users\Wesley\AppData\Local\Temp\gma.dll
C:\Users\Wesley\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Wesley\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Wesley\AppData\Local\Temp\kuwo_fengxingjm2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130307to130320.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130320to130321.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130321to130325.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130325to130403.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130403to130404.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130404to130411.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130411to130503.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130503to130504.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130504to130513.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130513to130521.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130521to130530.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130530to130619.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130619to130620.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130620to130716.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130716to130717v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130717to130801.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130801to130827.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130827to130911.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130911to130913.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130913to131016.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131016to131104v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131104to131114.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131114to131127v3.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131127to131217v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131217to140110.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140110to140121v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140121to140212v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140212to140214.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140214to140220.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140220to140306.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140306to140307.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140307to140325.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140325to140401v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140401to140409.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140409to140410.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140410to140429.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140429to140430.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140430to140513.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140513to140529.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140529to140610v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140610to140624.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140624to140708v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140708to140722.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140722to140805.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140805to140819.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140819to140903.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140903to140916.exe
C:\Users\Wesley\AppData\Local\Temp\NetCrawlUntemp.exe
C:\Users\Wesley\AppData\Local\Temp\NEWDE61.tmp.exe
C:\Users\Wesley\AppData\Local\Temp\NGMDll.dll
C:\Users\Wesley\AppData\Local\Temp\NGMResource.dll
C:\Users\Wesley\AppData\Local\Temp\NGMSetup.exe
C:\Users\Wesley\AppData\Local\Temp\ose00000.exe
C:\Users\Wesley\AppData\Local\Temp\setup.exe
C:\Users\Wesley\AppData\Local\Temp\setup_7.0.0.1020.exe
C:\Users\Wesley\AppData\Local\Temp\Setup_fengxingtg.exe
C:\Users\Wesley\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Wesley\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Wesley\AppData\Local\Temp\Tmp1402997744_Greenil.dll
C:\Users\Wesley\AppData\Local\Temp\Tmp1405430620_Greenil.dll
C:\Users\Wesley\AppData\Local\Temp\uhhgwnmv.dll
C:\Users\Wesley\AppData\Local\Temp\unicows.dll
C:\Users\Wesley\AppData\Local\Temp\update_2_166.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_167.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_168.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_169.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_170.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_171.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_172.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_173.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_174.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_175.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_176.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_177.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_178.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_179.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_180.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_181.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_182.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_183.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_184.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_185.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_186.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_187.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_188.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_189.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_190.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_191.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_192.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_193.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_194.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_195.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_196.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_197.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_198.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_199.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_200.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_201.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_202.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_203.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_204.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_205.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_206.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_207.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_208.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_209.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_210.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_211.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_212.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_213.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_214.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_215.exe
C:\Users\Wesley\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-18 00:51

==================== End Of Log ============================

 

 

 

 

This is the Addition.txt

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by Wesley at 2014-09-21 21:15:21
Running from C:\Users\Wesley\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.7 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Epson E-Web Print (HKLM-x32\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION)
EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Garena - BlackShot (HKLM-x32\...\BlackShot) (Version: 2.165 - Garena Online Pte Ltd.)
Garena - League of Legends (HKLM-x32\...\LoL) (Version:  - Garena Online Pte Ltd.)
Garena Plus (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto: Vice City (HKLM-x32\...\Steam App 12110) (Version:  - Rockstar Games)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.12.12 (Version: 1.12.12 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sleeping Dogs version 1.4 (HKLM-x32\...\Sleeping Dogs_is1) (Version: 1.4 - )
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
Soldier Front 2 (HKLM-x32\...\Steam App 239660) (Version:  - Dragonfly)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yu-Gi-Oh! Forbidden Memories (HKLM-x32\...\Yu-Gi-Oh! Forbidden Memories_is1) (Version:  - PSX Emulador)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-09-2014 07:01:21 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 13:26 - 2012-07-26 13:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00472DEB-E607-4D23-B4C0-182E6702AB3D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-11] (AVAST Software)
Task: {11457FDE-FDF1-4A61-A398-B2980B97C16E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {1722A097-8787-41C1-8177-3259641088F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1C14D8BD-544A-4545-92E4-DFE33B819A1D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2ADAB7B7-8D51-4993-9511-77499FEEAC28} - System32\Tasks\gg_uac_daemon_Wesley => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {45CA8C91-64E1-4A02-97A8-F0C3A28507B8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {596A9ED5-4B55-4926-AD67-C6F860D64A7E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {60F84A75-6290-4DA2-92F8-E8A22A5AD43E} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-23] (ASUSTeK Computer Inc.)
Task: {7113455F-C08C-4DCB-BAF2-A41725F9F27E} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-25] (ASUS)
Task: {7A4BA57F-BEB1-40FB-B112-E8EA2413FB60} - System32\Tasks\FSPlatform1 => C:\Users\Wesley\funshion\funshiontools\FSPAP.exe
Task: {928BF324-D898-4EB1-8A64-B40EA02F86C4} - System32\Tasks\FSPlatform => C:\Users\Wesley\funshion\funshiontools\FSPAP.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BD66E86D-9DFF-46EF-BC5D-4B78E40C4A0D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CCD5AA84-0FAC-4AA6-89F4-898C8DD11437} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-11-01] (AsusTek)
Task: {D3ED31A9-7DBB-4379-8080-C7852C9F70EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.)
Task: {D60CCC94-64B4-4E5A-A9CC-B4ACD86785B6} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-19] (ASUSTek Computer Inc.)
Task: {D8E83BC2-C663-42B3-89CA-08E3918736B6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {E944EC81-CB9A-4974-907D-E6517D2A70BF} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-07] (ASUS)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FSPlatform.job => C:\Users\Wesley\funshion\funshiontools\FSPAP.exe
Task: C:\Windows\Tasks\FSPlatform1.job => C:\Users\Wesley\funshion\funshiontools\FSPAP.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-14 20:52 - 2012-09-17 17:27 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-09-03 16:55 - 2013-07-10 19:54 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2012-08-25 09:26 - 2012-08-25 09:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-05 17:59 - 2012-08-24 07:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-20 02:01 - 2014-09-20 02:01 - 02864128 _____ () C:\Program Files\AVAST Software\Avast\defs\14091901\algo.dll
2014-09-21 03:09 - 2014-09-21 03:09 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092001\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-14 21:02 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-02-07 17:11 - 2013-08-23 17:10 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2012-09-12 06:01 - 2012-09-12 06:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-12-14 20:52 - 2012-09-17 17:27 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-06-11 18:37 - 2014-06-11 18:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-19 13:56 - 2014-09-19 13:56 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00174368 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
2014-02-28 11:33 - 2014-02-28 11:33 - 00041248 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32api.pyd
2014-02-28 11:32 - 2014-02-28 11:32 - 00059680 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pywintypes27.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00119072 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pythoncom27.dll
2014-02-28 11:33 - 2014-02-28 11:33 - 00020256 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_multiprocessing.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00025376 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32service.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00022816 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\servicemanager.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00018208 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32event.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00027424 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_socket.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00277280 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_ssl.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00113952 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_hashlib.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00016672 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\select.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00040736 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_ctypes.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00023328 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32process.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00020256 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32ts.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00018720 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32profile.pyd
2014-02-28 11:33 - 2014-02-28 11:33 - 00042784 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32security.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run32: => "Funshion"
HKCU\...\StartupApproved\Run: => "Funshion"
HKCU\...\StartupApproved\Run: => "Skype"
HKCU\...\StartupApproved\Run: => "Steam"
HKCU\...\StartupApproved\Run: => "iCloudServices"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2014 04:58:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: League of Legends.exe, version: 4.16.0.253, time stamp: 0x54137361
Faulting module name: League of Legends.exe, version: 4.16.0.253, time stamp: 0x54137361
Exception code: 0xc0000409
Fault offset: 0x00880bda
Faulting process id: 0x1814
Faulting application start time: 0xLeague of Legends.exe0
Faulting application path: League of Legends.exe1
Faulting module path: League of Legends.exe2
Report Id: League of Legends.exe3
Faulting package full name: League of Legends.exe4
Faulting package-relative application ID: League of Legends.exe5

Error: (09/19/2014 03:01:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.

System Error:
The system cannot find the file specified.
.

Error: (09/18/2014 02:38:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (09/18/2014 00:52:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (09/17/2014 11:59:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9200.16579, time stamp: 0x51636a5d
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d34d8
Exception code: 0xc0000409
Fault offset: 0x000000000000a3b2
Faulting process id: 0x1c8c
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3
Faulting package full name: SearchProtocolHost.exe4
Faulting package-relative application ID: SearchProtocolHost.exe5

Error: (09/17/2014 02:38:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: lpksetup.exe, version: 6.2.9200.16420, time stamp: 0x505aa4b0
Faulting module name: SHELL32.dll, version: 6.2.9200.16882, time stamp: 0x5334f23b
Exception code: 0xc0000409
Fault offset: 0x00000000002a11a3
Faulting process id: 0x714
Faulting application start time: 0xlpksetup.exe0
Faulting application path: lpksetup.exe1
Faulting module path: lpksetup.exe2
Report Id: lpksetup.exe3
Faulting package full name: lpksetup.exe4
Faulting package-relative application ID: lpksetup.exe5

Error: (09/17/2014 02:38:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusTPCenter.exe, version: 1.0.0.43, time stamp: 0x50879199
Faulting module name: npggNT64.des_unloaded, version: 0.0.0.0, time stamp: 0x51de6c0e
Exception code: 0xc0000005
Fault offset: 0x00000000458b0733
Faulting process id: 0x1d50
Faulting application start time: 0xAsusTPCenter.exe0
Faulting application path: AsusTPCenter.exe1
Faulting module path: AsusTPCenter.exe2
Report Id: AsusTPCenter.exe3
Faulting package full name: AsusTPCenter.exe4
Faulting package-relative application ID: AsusTPCenter.exe5

Error: (09/17/2014 02:38:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusTPLoader.exe, version: 1.0.13.0, time stamp: 0x5087952f
Faulting module name: npggNT64.des_unloaded, version: 0.0.0.0, time stamp: 0x51de6c0e
Exception code: 0xc0000005
Fault offset: 0x00000000458b0733
Faulting process id: 0x197c
Faulting application start time: 0xAsusTPLoader.exe0
Faulting application path: AsusTPLoader.exe1
Faulting module path: AsusTPLoader.exe2
Report Id: AsusTPLoader.exe3
Faulting package full name: AsusTPLoader.exe4
Faulting package-relative application ID: AsusTPLoader.exe5

Error: (09/17/2014 02:30:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusTPHelper.exe, version: 1.0.11.0, time stamp: 0x50796d2e
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d34d8
Exception code: 0xc0000409
Fault offset: 0x000000000000a3b2
Faulting process id: 0x21d8
Faulting application start time: 0xAsusTPHelper.exe0
Faulting application path: AsusTPHelper.exe1
Faulting module path: AsusTPHelper.exe2
Report Id: AsusTPHelper.exe3
Faulting package full name: AsusTPHelper.exe4
Faulting package-relative application ID: AsusTPHelper.exe5

Error: (09/17/2014 02:17:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9200.16579, time stamp: 0x51636a5d
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d34d8
Exception code: 0xc0000409
Fault offset: 0x000000000000a3b2
Faulting process id: 0x1abc
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3
Faulting package full name: SearchProtocolHost.exe4
Faulting package-relative application ID: SearchProtocolHost.exe5


System errors:
=============
Error: (09/21/2014 09:09:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (09/21/2014 04:55:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (09/21/2014 03:22:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (09/21/2014 03:09:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (09/21/2014 02:21:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (09/20/2014 04:39:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/20/2014 04:38:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/20/2014 04:32:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/20/2014 04:32:58 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/20/2014 04:32:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 15%
Total physical RAM: 12165.52 MB
Available physical RAM: 10279.57 MB
Total Pagefile: 13893.52 MB
Available Pagefile: 11826.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:50.05 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:179.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F306CAF5)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs in your next reply, also give an update on any remaining issues or cocnerns..

 

Thanks,

 

Kevin

 

 

 

 

 

Fixlist.txt

Link to post
Share on other sites
higherguy2

higherguy2

Posted
  • Author
Posted

Hi sorry for the late reply :) Below are the logs that you requested!

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014
Ran by Wesley at 2014-09-25 21:54:39 Run:1
Running from C:\Users\Wesley\Downloads
Loaded Profile: Wesley (Available profiles: UpdatusUser & Wesley & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
ShellIconOverlayIdentifiers: FunOverlay -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\MogulKahn.dll (Funshion)
C:\Users\Public\Fundata
C:\Users\Public\FunAcce
S2 FunshionSvr; C:\Users\Wesley\funshion\funshiontools\FunshionSvr.dll [X]
C:\Users\Wesley\funshion
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\D:\Garena Plus\Room\safedrv.sys [X]
U0 msahci; No ImagePath
U2 TMAgent; No ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\ProgramData\SetStretch.exe
C:\Users\Wesley\AppData\Local\Temp\1363615952638_DriverUtils.dll
C:\Users\Wesley\AppData\Local\Temp\360AD32.tmp360net.dll
C:\Users\Wesley\AppData\Local\Temp\360sd_min_1204C.exe
C:\Users\Wesley\AppData\Local\Temp\BackupSetup.exe
C:\Users\Wesley\AppData\Local\Temp\bdfilters.dll
C:\Users\Wesley\AppData\Local\Temp\BuenoSearchTB.exe
C:\Users\Wesley\AppData\Local\Temp\dump.dll
C:\Users\Wesley\AppData\Local\Temp\fc9c3d6316da4a5cfdcf4e4f5e662a96.dll
C:\Users\Wesley\AppData\Local\Temp\FunshionURLGetFileSize.dll
C:\Users\Wesley\AppData\Local\Temp\gma.dll
C:\Users\Wesley\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Wesley\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Wesley\AppData\Local\Temp\kuwo_fengxingjm2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130307to130320.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130320to130321.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130321to130325.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130325to130403.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130403to130404.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130404to130411.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130411to130503.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130503to130504.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130504to130513.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130513to130521.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130521to130530.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130530to130619.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130619to130620.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130620to130716.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130716to130717v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130717to130801.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130801to130827.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130827to130911.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130911to130913.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130913to131016.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131016to131104v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131104to131114.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131114to131127v3.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131127to131217v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131217to140110.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140110to140121v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140121to140212v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140212to140214.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140214to140220.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140220to140306.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140306to140307.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140307to140325.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140325to140401v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140401to140409.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140409to140410.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140410to140429.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140429to140430.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140430to140513.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140513to140529.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140529to140610v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140610to140624.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140624to140708v2.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140708to140722.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140722to140805.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140805to140819.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140819to140903.exe
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140903to140916.exe
C:\Users\Wesley\AppData\Local\Temp\NetCrawlUntemp.exe
C:\Users\Wesley\AppData\Local\Temp\NEWDE61.tmp.exe
C:\Users\Wesley\AppData\Local\Temp\NGMDll.dll
C:\Users\Wesley\AppData\Local\Temp\NGMResource.dll
C:\Users\Wesley\AppData\Local\Temp\NGMSetup.exe
C:\Users\Wesley\AppData\Local\Temp\ose00000.exe
C:\Users\Wesley\AppData\Local\Temp\setup.exe
C:\Users\Wesley\AppData\Local\Temp\setup_7.0.0.1020.exe
C:\Users\Wesley\AppData\Local\Temp\Setup_fengxingtg.exe
C:\Users\Wesley\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Wesley\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Wesley\AppData\Local\Temp\Tmp1402997744_Greenil.dll
C:\Users\Wesley\AppData\Local\Temp\Tmp1405430620_Greenil.dll
C:\Users\Wesley\AppData\Local\Temp\uhhgwnmv.dll
C:\Users\Wesley\AppData\Local\Temp\unicows.dll
C:\Users\Wesley\AppData\Local\Temp\update_2_166.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_167.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_168.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_169.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_170.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_171.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_172.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_173.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_174.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_175.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_176.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_177.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_178.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_179.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_180.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_181.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_182.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_183.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_184.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_185.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_186.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_187.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_188.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_189.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_190.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_191.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_192.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_193.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_194.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_195.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_196.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_197.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_198.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_199.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_200.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_201.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_202.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_203.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_204.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_205.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_206.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_207.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_208.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_209.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_210.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_211.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_212.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_213.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_214.exe
C:\Users\Wesley\AppData\Local\Temp\update_2_215.exe
C:\Users\Wesley\AppData\Local\Temp\vcredist_x64.exe
Task: C:\Windows\Tasks\FSPlatform.job => C:\Users\Wesley\funshion\funshiontools\FSPAP.exe
Task: C:\Windows\Tasks\FSPlatform1.job => C:\Users\Wesley\funshion\funshiontools\FSPAP.exe
Emptytemp:
End


*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\FunOverlay" => Key deleted successfully.
"HKCR\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}" => Key deleted successfully.
C:\Users\Public\Fundata => Moved successfully.

"C:\Users\Public\FunAcce" directory move:

C:\Users\Public\FunAcce\BaseData\20140919.daw => Moved successfully.
C:\Users\Public\FunAcce\BaseData\20140920.daw => Moved successfully.
C:\Users\Public\FunAcce\BaseData\20140921.daw => Moved successfully.
C:\Users\Public\FunAcce\BaseData\20140923.daw => Moved successfully.
C:\Users\Public\FunAcce\BaseData\20140924.daw => Moved successfully.
Could not move "C:\Users\Public\FunAcce\BaseData\20140925.daw" => Scheduled to move on reboot.
Could not move "C:\Users\Public\FunAcce" directory. => Scheduled to move on reboot.

FunshionSvr => Service deleted successfully.
"C:\Users\Wesley\funshion" => File/Directory not found.
EagleX64 => Service deleted successfully.
GGSAFERDriver => Service deleted successfully.
msahci => Service deleted successfully.
TMAgent => Service deleted successfully.
xhunter1 => Service deleted successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\1363615952638_DriverUtils.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\360AD32.tmp360net.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\360sd_min_1204C.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\bdfilters.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\BuenoSearchTB.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\dump.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\fc9c3d6316da4a5cfdcf4e4f5e662a96.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\FunshionURLGetFileSize.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\gma.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\kuwo_fengxingjm2.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130307to130320.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130320to130321.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130321to130325.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130325to130403.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130403to130404.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130404to130411.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130411to130503.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130503to130504.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130504to130513.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130513to130521.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130521to130530.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130530to130619.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130619to130620.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130620to130716.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130716to130717v2.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130717to130801.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130801to130827.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130827to130911.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130911to130913.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_130913to131016.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131016to131104v2.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131104to131114.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131114to131127v3.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131127to131217v2.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_131217to140110.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140110to140121v2.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140121to140212v2.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140212to140214.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140214to140220.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140220to140306.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140306to140307.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140307to140325.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140325to140401v2.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140401to140409.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140409to140410.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140410to140429.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140429to140430.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140430to140513.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140513to140529.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140529to140610v2.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140610to140624.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140624to140708v2.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140708to140722.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140722to140805.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140805to140819.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140819to140903.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\lol_patch_140903to140916.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\NetCrawlUntemp.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\NEWDE61.tmp.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\NGMDll.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\NGMResource.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\NGMSetup.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\setup_7.0.0.1020.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\Setup_fengxingtg.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\Tmp1402997744_Greenil.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\Tmp1405430620_Greenil.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\uhhgwnmv.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\unicows.dll => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_166.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_167.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_168.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_169.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_170.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_171.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_172.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_173.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_174.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_175.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_176.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_177.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_178.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_179.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_180.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_181.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_182.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_183.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_184.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_185.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_186.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_187.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_188.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_189.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_190.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_191.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_192.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_193.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_194.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_195.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_196.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_197.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_198.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_199.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_200.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_201.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_202.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_203.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_204.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_205.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_206.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_207.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_208.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_209.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_210.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_211.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_212.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_213.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_214.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\update_2_215.exe => Moved successfully.
C:\Users\Wesley\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Windows\Tasks\FSPlatform.job => Moved successfully.
C:\Windows\Tasks\FSPlatform1.job => Moved successfully.
EmptyTemp: => Removed 3.7 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-25 22:01:35)<=

C:\Users\Public\FunAcce\BaseData\20140925.daw => Is moved successfully.
C:\Users\Public\FunAcce => Is moved successfully.

==== End of Fixlog ====

 

Scanning history

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 25/9/2014
Scan Time: 11:46:09 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.25.08
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Wesley

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415234
Time Elapsed: 13 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

ADWcleaner

 

# AdwCleaner v3.310 - Report created 25/09/2014 at 23:28:25
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Wesley - WESLEY
# Running from : C:\Users\Wesley\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\SNT
Folder Deleted : C:\ProgramData\topapp soft
Folder Deleted : C:\ProgramData\savve ona
Folder Deleted : C:\Program Files (x86)\Movies Toolbar
Folder Deleted : C:\Program Files (x86)\NetCrawl
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Public\Util
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch
Folder Deleted : C:\Users\Wesley\AppData\Local\apn
Folder Deleted : C:\Users\Wesley\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Wesley\AppData\Local\iLivid
Folder Deleted : C:\Users\Wesley\AppData\Local\torch
Folder Deleted : C:\Users\Wesley\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Wesley\AppData\Roaming\SkypEmoticons
Folder Deleted : C:\Users\Wesley\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\6bneoeyuei@civqdzrqs.net
Folder Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\Extensions\w_yuy@vmkvfcdwl.com
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cndlhaidmhoeaklbmeiaboogeljmeipn
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjodcdicgneoabbifcimjnoimbdpnng
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\invalidprefs.js
File Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\searchplugins\bingp.xml
File Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-698646803
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\ilividmoviestoolbar181
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividmoviestoolbar181IE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages]

-\\ Mozilla Firefox v32.0.2 (x86 en-US)

[ File : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\7zmqo0hs.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.fastosearch.info/?pid=1565&r=2014/05/31&hid=11376473371288606056&lg=EN&cc=SG&unqvl=55&l=1&q=");
Line Deleted : user_pref("extensions.E6aJVuoK16yE.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
Line Deleted : user_pref("extensions.YjEPGB9Uwxe.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
Line Deleted : user_pref("extensions.p9br549.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]

-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11313 octets] - [25/09/2014 23:14:26]
AdwCleaner[s0].txt - [10996 octets] - [25/09/2014 23:28:25]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11057 octets] ##########
 

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 8 x64
Ran by Wesley on Thu 25/09/2014 at 23:36:44.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawlUntemp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawlUntemp_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawl_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawl_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateNetCrawl_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateNetCrawl_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilNetCrawl_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilNetCrawl_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\NetCrawlUntemp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\NetCrawlUntemp_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\NetCrawl_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\NetCrawl_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilNetCrawl_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilNetCrawl_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{31B33E44-F140-4F30-9509-A7F1285C9BCB}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Wesley\AppData\Roaming\mozilla\firefox\profiles\7zmqo0hs.default\prefs.js

user_pref("extensions.p9br549.url", "hxxp://toolkitsetusa.info/sync2/?q=hfZ9ofV9CShEAen0rjk7qihTB6lKDzt4olqztNtVh7n0rjnEqjrFrjrHqjs5tMFHhd9Fqda4rTkFrHkEqdkMDMlGojUMAe4Uojk5rTk
Emptied folder: C:\Users\Wesley\AppData\Roaming\mozilla\firefox\profiles\7zmqo0hs.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 25/09/2014 at 23:42:10.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for the logs... We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Select "Change" next to Current scan targets A new window will open, select any extra drives, Flash drives etc as required.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Let me see that log in your next reply, also if any remaining issues or concerns....

 

Kevin

Link to post
Share on other sites
higherguy2

higherguy2

Posted
  • Author
Posted

Hi these are the list of threats found!

 

C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir    a variant of Win64/Systweak.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Wesley\AppData\Local\Temp\NetCrawlUntemp.exe.xBAD    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\FRST\Quarantine\C\Users\Wesley\AppData\Local\Temp\NEWDE61.tmp.exe.xBAD    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\FRST\Quarantine\C\Users\Wesley\AppData\Local\Temp\setup.exe.xBAD    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\ProgramData\InstallMate\{31A1A8D4-BDA4-480A-AAE1-F586EA428A22}\Custom.dll    Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{31A1A8D4-BDA4-480A-AAE1-F586EA428A22}\Custom.dll    Win32/InstalleRex.M potentially unwanted application
C:\Users\Wesley\Downloads\ccsetup417.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll    a variant of Win32/Toolbar.Linkury.G potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe    Win64/Toolbar.DefaultTab.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe    Win32/Toolbar.DefaultTab.E potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll    Win64/Toolbar.DefaultTab.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe    Win32/Toolbar.DefaultTab.E potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe    Win64/Toolbar.DefaultTab.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe    Win32/Toolbar.DefaultTab.E potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll    Win64/Toolbar.DefaultTab.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe    Win32/Toolbar.DefaultTab.E potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll    a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\Datamngr.dll    a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe    a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe    a variant of Win32/Toolbar.SearchSuite.O potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\IEBHO.dll    a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\Internet Explorer Settings.exe    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll    a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe    a variant of Win32/Toolbar.Visicom.C potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll    a variant of Win32/Toolbar.Visicom.B potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll    a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
D:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultstb.dll    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultstb64.dll    a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
D:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll    a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\x64\Datamngr.dll    a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\x64\IEBHO.dll    a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\x64\Internet Explorer Settings.exe    a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
D:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll    a variant of Win64/Toolbar.SearchSuite.C potentially unwanted application
 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Uninstall the following Toolbar:

D:\Program Files (x86)\Movies Toolbar

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\ProgramData\InstallMateC:\Users\All Users\InstallMateC:\Users\Wesley\Downloads\ccsetup417.exe    C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll  C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll   C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll   C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll   C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll   C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe  C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe    C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe    C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll    C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll    C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll  C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe   :Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Post the log from OTM, also let me know if there are any remaining issues or concerns....

 

Kevin..

Link to post
Share on other sites
higherguy2

higherguy2

Posted
  • Author
Posted

Hi this is the OTM log that you requested! :)

 

All processes killed
========== FILES ==========
C:\ProgramData\InstallMate\{31A1A8D4-BDA4-480A-AAE1-F586EA428A22} folder moved successfully.
C:\ProgramData\InstallMate\3250EE1D folder moved successfully.
C:\ProgramData\InstallMate folder moved successfully.
File/Folder C:\Users\All Users\InstallMate not found.
C:\Users\Wesley\Downloads\ccsetup417.exe moved successfully.
DllUnregisterServer procedure not found in C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe moved successfully.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll not found.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll not found.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll not found.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll not found.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe not found.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe not found.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe not found.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll not found.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll not found.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: HomeGroupUser$
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Wesley
->Temp folder emptied: 9691993 bytes
->Temporary Internet Files folder emptied: 4588376 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 373140557 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 700 bytes
 
%systemdrive% .tmp files removed: 1597847024 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 146013716 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 24144751 bytes
 
Total Files Cleaned = 2,056.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 09272014_230428

Files moved on Reboot...
C:\Users\Wesley\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

If no remaining issues or concerns are we ok to close out.....

 

Kevin..

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.