Jump to content

Infected laptop


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by dirtylaptop (administrator) on DIRTYLAPTOP-PC on 07-10-2014 17:39:29
Running from C:\Users\dirtylaptop\Documents\Installation Files\Malware Removal Process
Loaded Profiles: dirtylaptop & UpdatusUser (Available profiles: dirtylaptop & UpdatusUser & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Users\dirtylaptop\AppData\Local\Autobahn\nexdef.exe
(ASUS) C:\Windows\AsScrPro.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [961184 2011-08-02] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [798880 2011-08-02] (Atheros Commnucations)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-09-18] (Realtek Semiconductor)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-10-16] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [sonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [91096 2013-04-22] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-05-25] (cyberlink)
HKLM-x32\...\Run: [updatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-11-24] (CyberLink Corp.)
HKLM-x32\...\Run: [sMessaging] => C:\Users\dirtylaptop\AppData\Local\Strongvault Online Backup\SMessaging.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PowerDVD13Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2097091744-3840588065-2079525431-1000\...\Run: [Google Update] => C:\Users\dirtylaptop\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-02-04] (Google Inc.)
HKU\S-1-5-21-2097091744-3840588065-2079525431-1000\...\Run: [qupdate] => C:/Program Files (x86)/Adobe/update4.exe
HKU\S-1-5-21-2097091744-3840588065-2079525431-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2097091744-3840588065-2079525431-1000\...\Run: [GoogleChromeAutoLaunch_824B6746DD3385702D8273F393D4F2FD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-22] (Google Inc.)
HKU\S-1-5-21-2097091744-3840588065-2079525431-1000\...\MountPoints2: {2b7b2f9d-4efc-11e1-ad81-806e6f6e6963} - D:\InstAll.exe
HKU\S-1-5-21-2097091744-3840588065-2079525431-1000\...\MountPoints2: {38ecdceb-26c1-11e4-b591-c860004148c4} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2097091744-3840588065-2079525431-1000\...\MountPoints2: {e7db5b33-02f6-11e4-9a0d-c860004148c4} - F:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
AppInit_DLLs: , C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-10] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk
ShortcutTarget: TrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
Startup: C:\Users\dirtylaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\dirtylaptop\AppData\Local\Autobahn\nexdef.exe ()
Startup: C:\Users\dirtylaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x43B3459F7BF6CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - {4D45FF93-6D8C-CA59-9D67-090F64A1A480} URL = 
SearchScopes: HKLM-x32 - DefaultScope {CB409EBC-2B02-4F0B-B7DF-BF5E4261C029} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2A2865D4-FBE6-05D0-99C2-3920D952E095} URL = 
SearchScopes: HKCU - DefaultScope {CB409EBC-2B02-4F0B-B7DF-BF5E4261C029} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN20228316308739317&UM=2
SearchScopes: HKCU - {4D45FF93-6D8C-CA59-9D67-090F64A1A480} URL = 
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\dirtylaptop\AppData\Roaming\Mozilla\Firefox\Profiles\39x2i4ys.default
FF DefaultSearchEngine: Mysearchdial
FF SelectedSearchEngine: Mysearchdial
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dnld2msd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyEtCyEzz0CyEtByDtByBtN0D0Tzu0CyCtCtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=966035953&ir=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\dirtylaptop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\dirtylaptop\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\dirtylaptop\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\dirtylaptop\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: LWAPlugin15.8 -> C:\Users\dirtylaptop\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF user.js: detected! => C:\Users\dirtylaptop\AppData\Roaming\Mozilla\Firefox\Profiles\39x2i4ys.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\dirtylaptop\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dirtylaptop\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\dirtylaptop\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\dirtylaptop\AppData\Roaming\Mozilla\Firefox\Profiles\39x2i4ys.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\dirtylaptop\AppData\Roaming\Mozilla\Firefox\Profiles\39x2i4ys.default\searchplugins\Mysearchdial.xml
FF Extension: WhiteSmoke New  - C:\Users\dirtylaptop\AppData\Roaming\Mozilla\Firefox\Profiles\39x2i4ys.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [2013-08-04]
FF Extension: MySearchDial - C:\Users\dirtylaptop\AppData\Roaming\Mozilla\Firefox\Profiles\39x2i4ys.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2013-11-14]
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF Extension: No Name - C:\Users\dirtylaptop\AppData\Roaming\Mozilla\Firefox\Profiles\39x2i4ys.default\extensions\plugin@getwebcake.com.xpi [Not Found]
FF Extension: No Name - C:\Users\dirtylaptop\AppData\Roaming\Mozilla\Firefox\Profiles\39x2i4ys.default\extensions\ffxtlbr@mysearchdial.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\ff [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-02-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-03]
CHR Extension: (YouTube) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-04]
CHR Extension: (Google Search) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-04]
CHR Extension: (Google+) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2013-09-13]
CHR Extension: (Google Calendar) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-09-13]
CHR Extension: (Pandora) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-09-13]
CHR Extension: (Grooveshark Remote) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpifhknilaflibiifjhhofddbbchmhh [2013-09-13]
CHR Extension: (Pin It Button) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-02]
CHR Extension: (Google Keep - notes and lists) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-09-13]
CHR Extension: (Kindle Cloud Reader) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-01-05]
CHR Extension: (Google Play Music) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-09-13]
CHR Extension: (Dropbox) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-09-13]
CHR Extension: (SoundCloud) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2013-09-13]
CHR Extension: (OneDrive) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2013-09-13]
CHR Extension: (MuteTab) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc [2014-01-20]
CHR Extension: (Google Wallet) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Picasa) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2013-09-13]
CHR Extension: (Outlook.com) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-09-13]
CHR Extension: (Gmail) - C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-04]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\DIRTYL~1\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-09-02]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\dirtylaptop\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-04]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\DIRTYL~1\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\dirtylaptop\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-04]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\DIRTYL~1\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-09-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-08-02] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [103584 2011-08-02] (Atheros Commnucations) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1839616 2011-01-14] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [249856 2011-02-14] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [16768 2011-09-20] (ASUSTek Computer Inc.)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\000.fcl [130320 2013-04-25] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-07 17:39 - 2014-10-07 17:39 - 00000000 ____D () C:\FRST
2014-10-07 09:16 - 2014-10-07 09:16 - 01388288 _____ () C:\Windows\Minidump\100714-19827-01.dmp
2014-10-06 23:15 - 2014-10-07 17:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 23:14 - 2014-10-06 23:14 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-06 23:14 - 2014-10-06 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-06 23:14 - 2014-10-06 23:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-06 23:14 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-06 23:14 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 18:05 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 18:05 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 01:55 - 2014-09-30 01:56 - 01225320 _____ () C:\Windows\Minidump\093014-21294-01.dmp
2014-09-28 11:49 - 2014-09-28 11:50 - 01168632 _____ () C:\Windows\Minidump\092814-27768-01.dmp
2014-09-25 13:51 - 2014-09-25 13:51 - 01226152 _____ () C:\Windows\Minidump\092514-26098-01.dmp
2014-09-25 09:21 - 2014-09-25 09:21 - 01160248 _____ () C:\Windows\Minidump\092514-21481-01.dmp
2014-09-23 15:33 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 15:33 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-12 03:12 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:12 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 03:12 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:12 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:12 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 03:12 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 03:12 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:12 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:12 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 03:12 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:12 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 03:12 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 03:12 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 03:12 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:12 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:12 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 03:12 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 03:12 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 03:12 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 03:12 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 03:12 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 03:12 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:12 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 03:12 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 03:12 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 03:12 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 03:12 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 03:12 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 03:12 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:12 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:12 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 03:12 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 03:12 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:12 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 03:12 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 03:12 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 03:12 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 03:12 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:12 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:12 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:12 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 03:12 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 03:12 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 03:12 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 03:12 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 03:12 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:12 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 03:12 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:12 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 03:12 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 03:12 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 03:12 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:12 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 03:12 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 03:12 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 03:12 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 03:00 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 03:00 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 13:22 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 13:22 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 13:21 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 13:21 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 13:21 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 13:21 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 13:21 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 13:21 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 13:21 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 13:21 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 13:21 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 10:08 - 2014-09-09 10:08 - 01159936 _____ () C:\Windows\Minidump\090914-27518-01.dmp
2014-09-07 09:38 - 2014-09-07 09:39 - 01318440 _____ () C:\Windows\Minidump\090714-27424-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-07 17:36 - 2013-01-04 09:30 - 00000000 ____D () C:\Users\dirtylaptop\Documents\Installation Files
2014-10-07 17:32 - 2012-02-03 23:56 - 01389142 _____ () C:\Windows\WindowsUpdate.log
2014-10-07 16:56 - 2013-06-06 17:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-07 16:56 - 2013-01-31 19:00 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097091744-3840588065-2079525431-1000UA.job
2014-10-07 16:56 - 2013-01-31 19:00 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097091744-3840588065-2079525431-1000Core.job
2014-10-07 16:52 - 2012-02-04 00:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-07 16:52 - 2012-02-04 00:50 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-07 15:11 - 2014-01-01 18:18 - 00000000 ___RD () C:\Users\dirtylaptop\Google Drive
2014-10-07 14:12 - 2009-07-13 21:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-07 14:12 - 2009-07-13 21:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 14:03 - 2009-07-13 21:51 - 00096475 _____ () C:\Windows\setupact.log
2014-10-07 14:02 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-07 09:16 - 2013-01-07 20:02 - 1110329452 _____ () C:\Windows\MEMORY.DMP
2014-10-07 09:16 - 2013-01-07 20:02 - 00000000 ____D () C:\Windows\Minidump
2014-10-06 23:15 - 2012-02-04 00:51 - 00000000 ____D () C:\Users\dirtylaptop\AppData\Roaming\Malwarebytes
2014-10-06 23:14 - 2012-02-04 00:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-06 23:14 - 2012-02-04 00:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-30 14:44 - 2012-02-04 00:48 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-09-30 14:37 - 2009-07-13 22:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-26 11:07 - 2013-01-14 07:15 - 00000000 ____D () C:\Users\dirtylaptop\Documents\Resume
2014-09-26 10:33 - 2013-01-12 08:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-25 16:04 - 2009-07-13 22:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 20:36 - 2012-02-04 00:57 - 00208834 _____ () C:\Windows\PFRO.log
2014-09-21 23:42 - 2013-01-04 19:53 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-17 17:10 - 2013-01-26 14:06 - 00000000 ____D () C:\Users\dirtylaptop\AppData\Local\CrashDumps
2014-09-17 12:45 - 2014-01-20 15:04 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-09-12 13:56 - 2013-06-06 17:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-12 13:56 - 2013-06-06 17:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-12 13:56 - 2013-06-06 17:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-12 04:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 03:11 - 2013-01-04 09:58 - 00775974 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 03:10 - 2013-08-16 07:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:10 - 2012-02-04 00:56 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-12 03:10 - 2012-02-04 00:55 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-12 03:10 - 2012-02-04 00:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-12 03:10 - 2012-02-04 00:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-12 03:01 - 2013-01-04 01:41 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 03:00 - 2014-07-03 13:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
 
Some content of TEMP:
====================
C:\Users\dirtylaptop\AppData\Local\Temp\26278_updater.exe
C:\Users\dirtylaptop\AppData\Local\Temp\67058uninstall.exe
C:\Users\dirtylaptop\AppData\Local\Temp\73083uninstall.exe
C:\Users\dirtylaptop\AppData\Local\Temp\BackupSetup.exe
C:\Users\dirtylaptop\AppData\Local\Temp\COMAP.EXE
C:\Users\dirtylaptop\AppData\Local\Temp\dlLogic.exe
C:\Users\dirtylaptop\AppData\Local\Temp\handbrake-setup.exe
C:\Users\dirtylaptop\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\dirtylaptop\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\dirtylaptop\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\dirtylaptop\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\dirtylaptop\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\dirtylaptop\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\dirtylaptop\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\dirtylaptop\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\dirtylaptop\AppData\Local\Temp\Sqlite3.dll
C:\Users\dirtylaptop\AppData\Local\Temp\Strongvault.exe
C:\Users\dirtylaptop\AppData\Local\Temp\tbWhit.dll
C:\Users\dirtylaptop\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\dirtylaptop\AppData\Local\Temp\UpdUninstall.exe
C:\Users\dirtylaptop\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\dirtylaptop\AppData\Local\Temp\_is4884.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-17 19:53
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by dirtylaptop at 2014-10-07 17:40:47
Running from C:\Users\dirtylaptop\Documents\Installation Files\Malware Removal Process
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.16 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Music Maker (HKLM-x32\...\MAGIX_MSI_mm17_silver_asus) (Version: 17.0.2.22 - MAGIX AG)
ASUS Music Maker (x32 Version: 17.0.2.22 - MAGIX AG) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{33B98264-A889-4913-A0CA-C364A75032B3}) (Version: 1.1.45 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.4 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4710 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4710 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.23 - asus)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0013 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.8.0.29039 - BitTorrent Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.90 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator 2.2 (HKLM-x32\...\MP Navigator 2.2) (Version:  - )
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version:  - )
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.0.1123_32710 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.0.1123_32710 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3327 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3327 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5223.54 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.5223.54 - CyberLink Corp.) Hidden
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{0E1FE502-7536-4155-BBC6-7BE8E465DE08}) (Version: 2.1.29.0 - MAGIX AG)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
Fresco Logic USB3.0 Host Controller (HKLM\...\{01E66AC4-B28B-494C-993D-3CD17020BEBC}) (Version: 3.5.4.0 - Fresco Logic Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Lync Web App Plug-in (HKLM\...\{5D1ED7AA-DF83-40E4-B6D1-2455A4A97E9E}) (Version: 15.8.8308.420 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.6122.5000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6131.5001 - Microsoft Corporation)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 22.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NexDef Plug-in (HKLM-x32\...\Autobahn) (Version:  - )
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 7.2.17 (Version: 7.2.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 7.2.17 (Version: 7.2.17 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 7.2.17 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.1 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
PowerDVD (HKLM-x32\...\InstallShield_{8C20787A-7402-4FA7-BF25-6E5750930FDC}) (Version: 10.00.0000 - CyberLink Corp.)
PowerDVD (x32 Version: 10.00.0000 - CyberLink Corp.) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.05.19 - NVIDIA Corporation) Hidden
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
System Requirements Lab for Intel (HKLM-x32\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TweetDeck (HKLM-x32\...\{533B3480-EAB6-44DD-B2E4-715E958210E0}) (Version: 2.1.0 - Twitter, Inc.)
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
VLC Codec Pack 2.0.5 (HKLM-x32\...\VLC - Codec Pack) (Version: 2.0.5 - VLC Codec Pack)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
Wireless Console 3 (HKLM-x32\...\{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}) (Version: 3.0.24 - ASUS)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2097091744-3840588065-2079525431-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\dirtylaptop\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2097091744-3840588065-2079525431-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2097091744-3840588065-2079525431-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\dirtylaptop\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2097091744-3840588065-2079525431-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\dirtylaptop\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
12-09-2014 10:00:13 Windows Update
15-09-2014 03:40:58 Windows Backup
15-09-2014 19:34:51 Windows Update
18-09-2014 22:44:07 Windows Update
23-09-2014 22:33:12 Windows Update
24-09-2014 04:11:29 Windows Backup
24-09-2014 21:19:14 Windows Modules Installer
28-09-2014 19:01:18 Windows Update
02-10-2014 01:13:49 Windows Update
02-10-2014 17:49:58 Windows Update
06-10-2014 21:16:36 Windows Update
07-10-2014 04:52:33 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04775A3A-866E-4F7D-AA06-FA0878C89187} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2010-11-23] (CyberLink)
Task: {0E123512-7182-413C-BFAB-A4FD0DB72597} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {0F8EB717-71AC-4C27-A87B-44345D16AAD9} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-05-31] (ASUS)
Task: {10DF5FAC-F1AA-4F54-A4CD-B6B2C9D28EDA} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-09-20] (ASUSTek Computer Inc.)
Task: {1A0BA9FF-CF9A-4510-B305-ADDD23E4CAC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04] (Google Inc.)
Task: {3C8F3587-B8F3-4B3F-AEA5-78736DDA12AB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {6FA9F100-3FD2-4155-B7A4-7619B5C1CD7D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {70206EB4-85B7-4896-A5BB-AA2038295017} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04] (Google Inc.)
Task: {7747FD13-6D74-487E-BBC9-73BFD3C3422C} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {8183E098-F3D7-46D3-99FC-C72FDE8DBF55} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS)
Task: {87BBF373-1BC0-4F94-B25B-F62513E6307C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {8DF652D9-D5E1-42A1-A149-B98A3968E512} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9C85863A-0DB3-44F6-BFBD-6226E4021B8E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {A33C2B5E-2C43-4024-91D3-DB95DB7C2BC0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2097091744-3840588065-2079525431-1000Core => C:\Users\dirtylaptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04] (Google Inc.)
Task: {B1911401-B316-4F44-BECD-E3A2D0135E84} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {D0CF92FC-6C96-483D-A146-8632BA8F1779} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {D75F1EED-7208-4F16-989C-3AFFCFD25219} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {EA5695BF-060B-4A72-9784-3BC8AC3A4951} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe [2010-07-29] ()
Task: {ECE5A37E-BEFF-4541-9611-399593AF7C7B} - System32\Tasks\Searchya => C:\Users\DIRTYL~1\AppData\Roaming\Searchya\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F86BAE49-06AC-47AF-A5A4-049D322EAD6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2097091744-3840588065-2079525431-1000UA => C:\Users\dirtylaptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097091744-3840588065-2079525431-1000Core.job => C:\Users\dirtylaptop\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097091744-3840588065-2079525431-1000UA.job => C:\Users\dirtylaptop\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-04 19:52 - 2013-10-23 01:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-31 08:51 - 2013-07-27 01:48 - 00267040 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libzmq.dll
2012-02-04 00:07 - 2011-07-26 00:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-24 13:04 - 2013-02-24 13:04 - 00704008 _____ () C:\Windows\SysWOW64\C2MP\TrayMenu.exe
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2012-02-04 00:32 - 2007-11-30 12:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2011-08-11 08:27 - 2011-08-11 08:27 - 15490560 _____ () C:\Users\dirtylaptop\AppData\Local\Autobahn\nexdef.exe
2012-02-04 00:44 - 2011-02-14 22:35 - 00249856 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-13 14:33 - 2011-09-13 14:33 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2014-09-24 20:54 - 2014-09-22 21:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 20:54 - 2014-09-22 21:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2011-08-11 08:27 - 2011-08-11 08:27 - 00020480 _____ () C:\Users\dirtylaptop\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2011-08-11 08:27 - 2011-08-11 08:27 - 00069632 _____ () C:\Users\dirtylaptop\AppData\Local\Autobahn\rt\bin\java.dll
2011-08-11 08:27 - 2011-08-11 08:27 - 00126976 _____ () C:\Users\dirtylaptop\AppData\Local\Autobahn\rt\bin\zip.dll
2011-08-11 08:27 - 2011-08-11 08:27 - 00159744 _____ () C:\Users\dirtylaptop\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2014-09-24 20:54 - 2014-09-22 21:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 20:54 - 2014-09-22 21:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 20:54 - 2014-09-22 21:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2011-05-30 14:48 - 2011-05-30 14:48 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-10-07 14:03 - 2014-10-07 14:03 - 00098816 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\win32api.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00110080 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\pywintypes27.dll
2014-10-07 14:03 - 2014-10-07 14:03 - 00364544 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\pythoncom27.dll
2014-10-07 14:03 - 2014-10-07 14:03 - 00045568 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\_socket.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 01160704 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\_ssl.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00320512 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\win32com.shell.shell.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00713216 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\_hashlib.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 01175040 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\wx._core_.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00805888 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\wx._gdi_.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00811008 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\wx._windows_.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 01062400 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\wx._controls_.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00735232 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\wx._misc_.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00128512 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\_elementtree.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00127488 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\pyexpat.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00557056 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\pysqlite2._sqlite.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00007168 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\hashobjs_ext.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00087552 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\_ctypes.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00119808 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\win32file.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00108544 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\win32security.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00018432 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\win32event.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00038912 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\win32inet.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00070656 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\wx._html2.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00167936 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\win32gui.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00011264 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\win32crypt.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00027136 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\_multiprocessing.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00686080 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\unicodedata.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00122368 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\wx._wizard.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00010240 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\select.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00024064 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\win32pipe.pyd
2014-10-07 14:04 - 2014-10-07 14:04 - 00025600 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\win32pdh.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00525640 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\windows._lib_cacheinvalidation.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00035840 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\win32process.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00017408 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\win32profile.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00022528 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\win32ts.pyd
2014-10-07 14:03 - 2014-10-07 14:03 - 00078336 _____ () C:\Users\dirtylaptop\AppData\Local\Temp\_MEI8242\wx._animate.pyd
2014-09-24 20:54 - 2014-09-22 21:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2097091744-3840588065-2079525431-500 - Administrator - Disabled)
dirtylaptop (S-1-5-21-2097091744-3840588065-2079525431-1000 - Administrator - Enabled) => C:\Users\dirtylaptop
Guest (S-1-5-21-2097091744-3840588065-2079525431-501 - Limited - Enabled) => C:\Users\Guest.dirtylaptop-PC
HomeGroupUser$ (S-1-5-21-2097091744-3840588065-2079525431-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2097091744-3840588065-2079525431-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Module
Description: Bluetooth Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/07/2014 03:52:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9033
 
Error: (10/07/2014 03:52:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9033
 
Error: (10/07/2014 03:52:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/07/2014 03:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019
 
Error: (10/07/2014 03:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019
 
Error: (10/07/2014 03:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/07/2014 03:52:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020
 
Error: (10/07/2014 03:52:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020
 
Error: (10/07/2014 03:52:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/07/2014 03:52:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6022
 
 
System errors:
=============
Error: (10/07/2014 02:02:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:58:17 PM on ‎10/‎7/‎2014 was unexpected.
 
Error: (10/07/2014 09:19:24 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:18:13 AM on ‎10/‎7/‎2014 was unexpected.
 
Error: (10/07/2014 09:16:34 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000003, 0xfffffa8008009a10, 0xfffff80000b9c3d8, 0xfffffa800edfe5f0)C:\Windows\MEMORY.DMP100714-19827-01
 
Error: (10/07/2014 09:16:34 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:35:40 AM on ‎10/‎7/‎2014 was unexpected.
 
Error: (10/02/2014 10:45:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:01:39 PM on ‎10/‎1/‎2014 was unexpected.
 
Error: (09/30/2014 02:47:23 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (09/30/2014 02:39:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
%%1056
 
Error: (09/30/2014 02:38:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: 
%%1056
 
Error: (09/30/2014 02:38:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: 
%%1056
 
Error: (09/30/2014 02:37:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (10/07/2014 03:52:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9033
 
Error: (10/07/2014 03:52:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9033
 
Error: (10/07/2014 03:52:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/07/2014 03:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019
 
Error: (10/07/2014 03:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019
 
Error: (10/07/2014 03:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/07/2014 03:52:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020
 
Error: (10/07/2014 03:52:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020
 
Error: (10/07/2014 03:52:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/07/2014 03:52:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6022
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 46%
Total physical RAM: 8097.06 MB
Available physical RAM: 4292.47 MB
Total Pagefile: 16192.3 MB
Available Pagefile: 11745.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:354.24 GB) (Free:245.94 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:344.3 GB) (Free:49.8 GB) NTFS
Drive f: (SEANNS DELL) (Removable) (Total:0.12 GB) (Free:0.06 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5133B78F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=354.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=344.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 123 MB) (Disk ID: 97B22286)
Partition 1: (Active) - (Size=122 MB) - (Type=06)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review



****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

*EXTRA NOTES*


  •    
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
       
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)



Post the log in next reply please...

Kevin
 

Link to post
Share on other sites

Thanks for the update and logs, continue please:

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is Ticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns...

 

Thanks,

 

Kevin...

 

Link to post
Share on other sites

I have some Browser freezes and blue screens still. Combofix and ESET scan paster below

 

ComboFix 14-10-04.01 - dirtylaptop 10/09/2014  11:50:13.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8097.5807 [GMT -7:00]
Running from: c:\users\dirtylaptop\Desktop\ComboFix.exe
Command switches used :: c:\users\dirtylaptop\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-09 to 2014-10-09  )))))))))))))))))))))))))))))))
.
.
2014-10-09 18:55 . 2014-10-09 18:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-10-09 18:55 . 2014-10-09 18:55 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-10-09 18:55 . 2014-10-09 18:55 -------- d-----w- c:\users\Guest.dirtylaptop-PC\AppData\Local\temp
2014-10-09 18:55 . 2014-10-09 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-08 20:19 . 2014-10-08 20:19 -------- d-----w- c:\users\dirtylaptop\AppData\Roaming\Foxit Software
2014-10-08 01:09 . 2014-10-08 01:09 -------- d-----w- c:\users\Public\Foxit Software
2014-10-08 01:09 . 2014-10-08 01:09 -------- d-----w- c:\program files (x86)\Foxit Software
2014-10-08 00:39 . 2014-10-08 00:41 -------- d-----w- C:\FRST
2014-10-07 23:14 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7369DCD4-5E1C-40DF-9249-140614D3928F}\mpengine.dll
2014-10-07 06:15 . 2014-10-09 17:29 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-07 06:14 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-07 06:14 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-07 06:14 . 2014-10-07 06:14 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-06 21:17 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-02 01:14 . 2014-09-16 23:39 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9115C8D8-812B-47B7-BC9A-FA144B004994}\gapaengine.dll
2014-10-02 01:05 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-02 01:05 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-23 22:33 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-23 22:33 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-12 10:00 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-12 10:00 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-11 20:22 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-11 20:22 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-11 20:21 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-11 20:21 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-11 20:21 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-11 20:21 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-11 20:21 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-11 20:21 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-11 20:21 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-11 20:21 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-11 20:21 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-08 19:48 . 2012-02-04 07:48 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2014-09-22 06:42 . 2013-01-05 02:53 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-16 23:39 . 2012-01-06 08:00 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-12 20:56 . 2013-06-07 00:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-12 20:56 . 2013-06-07 00:41 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-12 10:01 . 2013-01-04 08:41 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-23 02:07 . 2014-09-04 00:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-04 00:07 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-09-04 00:07 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-11 17:14 . 2014-08-11 17:14 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 09:35 . 2014-07-25 09:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 06:47 . 2014-07-25 06:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-18 01:05 . 2014-07-18 01:05 269008 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-07-18 01:05 . 2012-08-31 06:03 125584 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-14 02:02 . 2014-08-16 04:50 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-16 04:50 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
"GoogleChromeAutoLaunch_824B6746DD3385702D8273F393D4F2FD"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-09-23 852808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-10-17 47616]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2013-04-22 91096]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-05-25 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]
.
c:\users\dirtylaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - c:\users\dirtylaptop\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TrayMenu.lnk - c:\windows\SysWOW64\C2MP\TrayMenu.exe vlc.ico [2013-2-24 704008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2013/09/02 17:18];c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\000.fcl;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\000.fcl [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys;c:\windows\SYSNATIVE\drivers\NMgamingms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 03:52 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-07 20:56]
.
2014-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 07:50]
.
2014-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 07:50]
.
2014-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097091744-3840588065-2079525431-1000Core.job
- c:\users\dirtylaptop\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-01 07:50]
.
2014-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097091744-3840588065-2079525431-1000UA.job
- c:\users\dirtylaptop\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-01 07:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-08-02 961184]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-08-02 798880]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-09-19 2278504]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-21 1832760]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 442328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\dirtylaptop\AppData\Roaming\Mozilla\Firefox\Profiles\39x2i4ys.default\
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-09  11:57:26
ComboFix-quarantined-files.txt  2014-10-09 18:57
ComboFix2.txt  2014-10-08 21:01
.
Pre-Run: 273,404,342,272 bytes free
Post-Run: 273,081,339,904 bytes free
.
- - End Of File - - D9C36E7860AC00F65AE7DED9074A8A48
 
ESET Scan:
 
 
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Conduit\CT3289847\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined
C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 Win32/AdWare.1ClickDownload.AT application cleaned by deleting - quarantined
C:\Users\dirtylaptop\Documents\Installation Files\Chrome_Setup.exe a variant of Win32/AdWare.iBryte.K.gen application cleaned by deleting - quarantined
C:\Users\dirtylaptop\Documents\Installation Files\Adobe Illustrator 10\ADOBE_ILLUSTRATOR_CS5.1_[thethingy]__secure.exe Win32/TopMedia.B potentially unwanted application deleted - quarantined
C:\Users\dirtylaptop\Documents\Installation Files\Blue Ray\cbsidlm-cbsi134-Leawo_Bluray_Player-BP-75914628.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\dirtylaptop\Documents\Installation Files\Blue Ray\cbsidlm-tr1_14-Full_Player-SEO-75902229 (1).exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\dirtylaptop\Documents\Installation Files\Blue Ray\vlc.codec.pack.v2.0.5.1.setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\dirtylaptop\Documents\Installation Files\DVD Rippers\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Users\dirtylaptop\Documents\Installation Files\Firefox\mozilla firefox setup.exe a variant of Win32/Soft32Downloader.D potentially unwanted application deleted - quarantined
C:\Users\dirtylaptop\Documents\Installation Files\ImgBurn\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\dirtylaptop\Documents\Installation Files\Open Office\openoffice setup.exe a variant of Win32/Soft32Downloader.C potentially unwanted application deleted - quarantined
C:\Users\dirtylaptop\Documents\Installation Files\Print2FAx\cbsidlm-tr1_10a-iPrint2Fax-SEO-10072860.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\dirtylaptop\Documents\Installation Files\VLC media player\vlc media player setup.exe Win32/InstallCore.KN potentially unwanted application deleted - quarantined
 
Link to post
Share on other sites

Thanks for the update and the new logs, continue please:

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues/concerns.

 

Thanks,

 

Kevin...

Link to post
Share on other sites

# AdwCleaner v3.311 - Report created 11/10/2014 at 18:24:49

# Updated 30/09/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : dirtylaptop - DIRTYLAPTOP-PC

# Running from : C:\Users\dirtylaptop\Desktop\adwcleaner_3.311.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\MyPC Backup

Folder Deleted : C:\Users\dirtylaptop\AppData\Local\Conduit

Folder Deleted : C:\Users\dirtylaptop\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\dirtylaptop\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\dirtylaptop\AppData\Roaming\SearchYa

Folder Deleted : C:\Users\dirtylaptop\AppData\Roaming\Strongvault

File Deleted : C:\Users\dirtylaptop\AppData\Roaming\Mozilla\Firefox\Profiles\39x2i4ys.default\user.js

File Deleted : C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Deleted : C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

 

***** [ Scheduled Tasks ] *****

 

Task Deleted : Searchya

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\searchya

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\SOFTWARE\BetterSurf

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\InstallCore

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17280

 

 

-\\ Mozilla Firefox v22.0 (en-US)

 

[ File : C:\Users\dirtylaptop\AppData\Roaming\Mozilla\Firefox\Profiles\39x2i4ys.default\prefs.js ]

 

Line Deleted : user_pref("CT3289847.FF19Solved", "true");

Line Deleted : user_pref("CT3289847.UserID", "UN20489894835581255");

Line Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3289847.fullUserID", "UN20489894835581255.IN.20130804173255");

Line Deleted : user_pref("CT3289847.installDate", "04/08/2013 17:32:55");

Line Deleted : user_pref("CT3289847.installSessionId", "{A5E963E8-AF9B-4F7D-9CAE-75E37C3A3CFB}");

Line Deleted : user_pref("CT3289847.installSp", "false");

Line Deleted : user_pref("CT3289847.installerVersion", "1.5.4.5");

Line Deleted : user_pref("CT3289847.keyword", "true");

Line Deleted : user_pref("CT3289847.originalHomepage", "about:home");

Line Deleted : user_pref("CT3289847.originalSearchAddressUrl", "");

Line Deleted : user_pref("CT3289847.originalSearchEngine", "");

Line Deleted : user_pref("CT3289847.originalSearchEngineName", "");

Line Deleted : user_pref("CT3289847.searchRevert", "true");

Line Deleted : user_pref("CT3289847.searchUserMode", "2");

Line Deleted : user_pref("CT3289847.smartbar.homepage", "true");

Line Deleted : user_pref("CT3289847.versionFromInstaller", "10.16.9.6");

Line Deleted : user_pref("CT3289847.xpeMode", "0");

Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

Line Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");

Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");

Line Deleted : user_pref("extensions.enabledAddons", "plugin%40getwebcake.com:1.00.01,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0");

Line Deleted : user_pref("extensions.irmysearch.aflt", "dnld2msd");

Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyEtCyEzz0CyEtByDtByBtN0D0Tzu0CyCtCtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q");

Line Deleted : user_pref("extensions.irmysearch.cr", "966035953");

Line Deleted : user_pref("extensions.irmysearch.instlRef", "");

Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");

Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN20489894835581255&UM=2&SearchSource=13");

Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN20489894835581255&UM=2&q=");

Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");

Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289847");

Line Deleted : user_pref("smartbar.machineId", "MQG+G97G/41Z3PE2PEXFDK5IGZOGB7X8RXN9BWBMO7K4XKQ2AB4YDGEXA/LIH6WLKBRDOWUIAXVDL/PRFV0KUG");

 

-\\ Google Chrome v37.0.2062.124

 

[ File : C:\Users\dirtylaptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Guest.dirtylaptop-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff

 

*************************

 

AdwCleaner[R0].txt - [7007 octets] - [11/10/2014 18:18:56]

AdwCleaner[R1].txt - [7067 octets] - [11/10/2014 18:24:05]

AdwCleaner[s0].txt - [6975 octets] - [11/10/2014 18:24:49]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7035 octets] ##########

 


 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.15, December 2012

Started On Fri Jan 04 00:41:21 2013

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 04 00:41:51 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.16, January 2013

Started On Wed Jan 09 07:13:29 2013

->Scan ERROR: resource process://pid:1144 (code 0x00000005 (5))

->Scan ERROR: resource process://pid:9100 (code 0x00000490 (1168))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 09 07:15:54 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.17, February 2013

Started On Thu Feb 14 03:06:00 2013

->Scan ERROR: resource process://pid:5524 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 14 03:08:41 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.18, March 2013

Started On Thu Mar 14 08:05:02 2013

->Scan ERROR: resource process://pid:9960 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:7656 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:8480 (code 0x00000490 (1168))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 14 08:08:17 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.19, April 2013

Started On Wed Apr 10 03:01:43 2013

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 10 03:03:05 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.20, May 2013

Started On Thu May 16 08:17:23 2013

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu May 16 08:19:34 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.21, June 2013

Started On Sun Jun 16 10:13:18 2013

->Scan ERROR: resource process://pid:28464 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sun Jun 16 10:15:38 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.22, July 2013

Started On Thu Jul 11 10:23:32 2013

->Scan ERROR: resource process://pid:5440 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 11 10:25:01 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)

Started On Fri Aug 16 07:57:47 2013

 

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 16 07:59:31 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)

Started On Fri Sep 13 05:36:22 2013

 

Engine: 1.1.9800.0

Signatures: 1.157.932.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 13 05:37:57 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)

Started On Wed Oct 16 19:10:39 2013

 

Engine: 1.1.9901.0

Signatures: 1.159.530.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 16 19:13:24 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Thu Nov 14 21:30:32 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 14 21:34:32 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)

Started On Thu Jan 02 10:12:26 2014

 

Engine: 1.1.10100.0

Signatures: 1.163.1013.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 02 10:16:16 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)

Started On Mon Jan 20 12:44:59 2014

 

Engine: 1.1.10201.0

Signatures: 1.165.1273.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 20 12:48:59 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)

Started On Mon Feb 24 17:30:59 2014

 

Engine: 1.1.10201.0

Signatures: 1.165.3163.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 24 17:35:02 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)

Started On Thu Mar 13 17:25:04 2014

 

Engine: 1.1.10302.0

Signatures: 1.167.1001.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 13 17:30:14 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)

Started On Sat Apr 19 15:27:20 2014

 

Engine: 1.1.10401.0

Signatures: 1.169.1258.0

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)

Started On Thu Jul 03 13:56:16 2014

 

Engine: 1.1.10600.0

Signatures: 1.175.1113.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 03 13:57:27 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)

Started On Mon Jul 14 09:27:53 2014

 

Engine: 1.1.10701.0

Signatures: 1.177.949.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Jul 14 09:31:13 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)

Started On Sun Aug 17 17:25:55 2014

 

Engine: 1.1.10802.0

Signatures: 1.179.1796.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 17 17:29:46 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)

Started On Fri Sep 12 03:01:18 2014

 

Engine: 1.1.10904.0

Signatures: 1.183.882.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 12 03:10:06 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)

Started On Sat Oct 11 18:37:17 2014

 

Engine: 1.1.10904.0

Signatures: 1.183.882.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sat Oct 11 18:47:18 2014

 

 

Return code: 0 (0x0)

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.2 (10.09.2014:1)

OS: Windows 7 Home Premium x64

Ran by dirtylaptop on Sat 10/11/2014 at 18:31:18.76

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CB409EBC-2B02-4F0B-B7DF-BF5E4261C029}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\dirtylaptop\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\dirtylaptop\appdata\local\stronghold_llc"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\dirtylaptop\AppData\Roaming\mozilla\firefox\profiles\39x2i4ys.default\minidumps [16 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 10/11/2014 at 18:34:43.81

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


Link to post
Share on other sites

What is the current status of your system, any remaining issues or concerns? if none continue:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

Any remnant files/logs from tools we have used can be deleted…

 

Give an update on current status...

 

Thanks,

 

Kevin..

Link to post
Share on other sites

Thanks for the help. I am not sure if my remaining problems are from malware or from faulty hardware. I still get a lot of blue screens that says its from driver issues, but I have had this problem almost from the day I bought this laptop. Any idea about good sites to work through possible hardware/driver problems for Asus?

Link to post
Share on other sites

Can you zip up and attach this folder: C:\Windows\Minidump

 

Also run this please:

 

Please download VEW by Vino Rosso  from HERE and save it to your Desktop.

  • Double-click VEW.exe. to start, Vista and Windows 7/8 users Right Click and select "Run as Administrator"
  • Under 'Select log to query...check the boxes for both Application and System.
  • Under 'Select type to list... select both Error and Critical.
  • Click the radio button for 'Number of events...Type 10 in the 1 to 20 box.
  • Then click the Run button.
  • Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient.


 
Please post the Output log in your next reply.
 

Link to post
Share on other sites

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 14/10/2014 7:59:16 PM

 

Note: All dates below are in the format dd/mm/yyyy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 15/10/2014 12:02:09 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x000223e0 Faulting process id: 0x1468 Faulting application start time: 0x01cfe80a67a90187 Faulting application path: C:\Users\dirtylaptop\AppData\Local\Google\Update\GoogleUpdate.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 815bc4b0-53fe-11e4-b308-c860004148c4

 

Log: 'Application' Date/Time: 14/10/2014 6:48:41 PM

Type: Error Category: 0

Event: 100 Source: Bonjour Service

Task Scheduling Error: m->NextScheduledSPRetry 38195472

 

Log: 'Application' Date/Time: 14/10/2014 6:48:41 PM

Type: Error Category: 0

Event: 100 Source: Bonjour Service

Task Scheduling Error: m->NextScheduledEvent 38195472

 

Log: 'Application' Date/Time: 14/10/2014 6:48:41 PM

Type: Error Category: 0

Event: 100 Source: Bonjour Service

Task Scheduling Error: Continuously busy for more than a second

 

Log: 'Application' Date/Time: 14/10/2014 8:12:16 AM

Type: Error Category: 0

Event: 100 Source: Bonjour Service

Task Scheduling Error: m->NextScheduledSPRetry 10016

 

Log: 'Application' Date/Time: 14/10/2014 8:12:16 AM

Type: Error Category: 0

Event: 100 Source: Bonjour Service

Task Scheduling Error: m->NextScheduledEvent 10016

 

Log: 'Application' Date/Time: 14/10/2014 8:12:16 AM

Type: Error Category: 0

Event: 100 Source: Bonjour Service

Task Scheduling Error: Continuously busy for more than a second

 

Log: 'Application' Date/Time: 14/10/2014 8:12:15 AM

Type: Error Category: 0

Event: 100 Source: Bonjour Service

Task Scheduling Error: m->NextScheduledSPRetry 9017

 

Log: 'Application' Date/Time: 14/10/2014 8:12:15 AM

Type: Error Category: 0

Event: 100 Source: Bonjour Service

Task Scheduling Error: m->NextScheduledEvent 9017

 

Log: 'Application' Date/Time: 14/10/2014 8:12:15 AM

Type: Error Category: 0

Event: 100 Source: Bonjour Service

Task Scheduling Error: Continuously busy for more than a second

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 14/10/2014 8:01:00 PM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

 

Log: 'System' Date/Time: 14/10/2014 2:22:02 AM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

 

Log: 'System' Date/Time: 14/10/2014 12:19:40 AM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

 

Log: 'System' Date/Time: 12/10/2014 7:30:35 PM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

 

Log: 'System' Date/Time: 12/10/2014 4:53:19 PM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 14/10/2014 8:04:36 PM

Type: Error Category: 0

Event: 7032 Source: Service Control Manager

The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.

 

Log: 'System' Date/Time: 14/10/2014 8:04:36 PM

Type: Error Category: 0

Event: 7032 Source: Service Control Manager

The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.

 

Log: 'System' Date/Time: 14/10/2014 8:04:36 PM

Type: Error Category: 0

Event: 7032 Source: Service Control Manager

The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error:  An instance of the service is already running.

 

Log: 'System' Date/Time: 14/10/2014 8:03:36 PM

Type: Error Category: 0

Event: 7032 Source: Service Control Manager

The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.

 

Log: 'System' Date/Time: 14/10/2014 8:02:36 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Log: 'System' Date/Time: 14/10/2014 8:02:36 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Log: 'System' Date/Time: 14/10/2014 8:02:36 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Log: 'System' Date/Time: 14/10/2014 8:02:36 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Internet Connection Sharing (ICS) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Log: 'System' Date/Time: 14/10/2014 8:02:36 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Log: 'System' Date/Time: 14/10/2014 8:02:36 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Secondary Logon service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Link to post
Share on other sites

Download Portable Windows Repair (all in one) from one of the following:

 

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html

http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

 

Unzip the contents into a newly created folder on your desktop.

 

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

 

 

tweak1.jpg

 

From the main GUI do the following:

 

 

Select Tab 3 and allow it to run Disk check

 

 

tweak2.jpg

 

Select Tab 4 and allow it to run SFC

 

 

tweak3.jpg

 

Select Tab 5 and Create System Restore Point

 

 

tweak4.jpg

 

Select Start Repairs tab => Click the Start

 

 

tweak5.jpg

 

The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start...

 

 

tweak6.jpg

 

DON'T use the computer while each scan is in progress.

 

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log

 

 

tweak7.jpg

 

 

Let me see that log, does that make any difference to the crashes.....

 

Kevin...

Link to post
Share on other sites

I had hoped your suggested operations had helped resolve the problems I have had with this computer since I had bought it new in the Winter of 2012, however I had several of the other symptoms of malfunction present themselves just now. Upon waking up the laptop from slumber, it soon had Chrome freeze for a few minutes before I forced it to close. The only other application open was a request from Malwarebytes updater requesting I update the software, to which I said yes and then waited about 20 minutes while the application never progressed and appeared to be frozen as well. I tried to cancel the update and when it did not respond, I used the Windows menu to execute a restart. The restart got to the logging off message screen and stalled there for about 10 minutes before the screen went black and would not wake up to key press or any other action, although the had drive was still spinning and the power lights all remained on. This is typical of previous symptoms. Almost as frequently the computer goes to blue screen. I would love to have somone offer advice on how I might pursue a possible fix after the 12 month warranty has passed on this Asus laptop, especially since I had sent it into them in that 12 month window and all they did was replace the Hard Drive. My concern is that it is a Motherboard manufacturing error and I am without any recourse of having the $1000 dollars I spent on this laptop somehow made good on with a laptop that works for more than a few hours before freezing and resting in a broken state until restart. Any ideas where I could begin to investigate my options?

Link to post
Share on other sites

I understand your frustrations, especially when these issues have been ongoing for so long. The dump files and event logs are not really giving a definte cause, they do seem to indicate a possible hardware issue, I`m not an expert in this type of issue. Do the following, W7 Guys will help for sure...

 

Use this link: http://www.sevenforums.com/ and register at the Windows 7 forum, once registered go to the BSOD section: http://www.sevenforums.com/bsod-help-support/ and open a thread, give them the history such as you gave in your last reply, also attach the minidump folder that you attached in reply #11 here.

 

Apologies I cannot help further, please come back and let me know how you progress at the Windows 7 forum..

 

Thanks,

 

Kevin...

Link to post
Share on other sites

yep I agree, I`m predominantly malware removal so am a bit lacking on the technical side of things. Minidumps can give a good indication if they give an exact driver, yours don`t they just repeat ntoskrnl.exe as the probable fault. If you look at the following link you`ll understand what I mean...

 

http://en.wikipedia.org/wiki/Ntoskrnl.exe

 

Thanks,

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.