Jump to content

Browsers having Ad's Pricechop Extension constantly


Ernst
 Share

Recommended Posts

Hello,

 

I have ran Malwarebytes multiple times, and it has always detected the mentioned malware. After selecting quarantine and restarting my PC. The mentioned issue still appears. Disabling the add-on through the browser does not work, as it restarts itself when I reopen the browser.

 

Below are both of the logs from running FRST.

 

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014

Ran by Ernst (administrator) on ERNST-PC on 24-10-2014 19:08:31
Running from C:\Users\Ernst\Downloads
Loaded Profile: Ernst (Available profiles: Ernst)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Spotify Ltd) C:\Users\Ernst\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Ernst\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII2E.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Akamai Technologies, Inc.) C:\Users\Ernst\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Unknown Inc) C:\Users\Ernst\Desktop\Mousybot\MousyBot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-12] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-05] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-03] ()
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-06] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-3027588665-1485473133-3475537432-1000\...\Run: [spotify Web Helper] => C:\Users\Ernst\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-26] (Spotify Ltd)
HKU\S-1-5-21-3027588665-1485473133-3475537432-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Ernst\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3027588665-1485473133-3475537432-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII2E.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3027588665-1485473133-3475537432-1000\...\MountPoints2: {d036f1f4-34b4-11e4-843a-74f06dcc9c56} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-08-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.search.us.com/v/2/?guid={0A63077B-D607-4387-A0EC-6A08992641FB}&serpv=5
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: WebDetectorBHO Class -> {43BEAFD9-E005-483D-A367-146BA6C8A32E} -> C:\Users\Ernst\AppData\Local\Tudou\FeisuTudou\tudouDetector.dll (土豆网)
BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} ->  No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{54B892A5-0642-4254-98E1-B595AF7E8964}: [NameServer] 8.8.4.4,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\h8ept498.default-1388174032709
FF NewTab: about:blank
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.google.com
FF NetworkProxy: "backup.ftp", "175.143.108.123"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "175.143.108.123"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "175.143.108.123"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "146.82.236.151"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "146.82.236.151"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "146.82.236.151"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "146.82.236.151"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Ernst\AppData\Roaming\rcru\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ernst\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Users\Ernst\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Charles Autoconfiguration - C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\h8ept498.default-1388174032709\Extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66} [2014-10-14]
FF Extension: DownloadHelper - C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\h8ept498.default-1388174032709\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Adblock Plus - C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\h8ept498.default-1388174032709\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-18]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-03-01]
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (pricechOp) - C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihlknogfdcbopnmmmegahiokppaiomj [2014-07-13]
CHR Extension: (Flip this) - C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\donljlliiecjcagcenoeohjmabfegkph [2014-02-08]
CHR Extension: (AdBlock) - C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-27]
CHR Extension: (ChromeReload) - C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo [2013-07-27]
CHR Extension: (Google Wallet) - C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] ()
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]
S4 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [116736 2010-01-30] (ATI Technologies, Inc.) [File not signed]
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-23] ( )
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-07] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-07] ()
S3 CLVirtualBus01; system32\DRIVERS\CLVirtualBus01.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 19:08 - 2014-10-24 19:09 - 00021676 _____ () C:\Users\Ernst\Downloads\FRST.txt
2014-10-24 19:08 - 2014-10-24 19:08 - 00000000 ____D () C:\FRST
2014-10-24 19:07 - 2014-10-24 19:07 - 02112000 _____ (Farbar) C:\Users\Ernst\Downloads\FRST64.exe
2014-10-22 22:43 - 2014-10-22 23:28 - 2371526643 _____ () C:\Users\Ernst\Desktop\Gayasianporn.biz.Gay_Thai_-_Full_Body_Massage.mp4
2014-10-22 01:45 - 2014-10-22 11:06 - 1024439188 _____ () C:\Users\Ernst\Downloads\Gayasianporn.biz.Gay_Thai_-_Full_Body_Massage.avi
2014-10-15 14:41 - 2014-10-15 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-15 08:57 - 2014-10-15 19:19 - 1137628762 _____ () C:\Users\Ernst\Downloads\Gayasianporn.GBD_257.wmv
2014-10-14 17:40 - 2014-10-15 07:41 - 1523857409 _____ () C:\Users\Ernst\Downloads\Gayasianporn.biz.Tyson_Sportus_Demons_Attack_2.avi
2014-10-14 07:22 - 2014-10-14 07:22 - 00000000 ____D () C:\Users\Ernst\AppData\Roaming\Charles
2014-10-14 02:30 - 2014-10-14 02:42 - 72436549 _____ () C:\Users\Ernst\Desktop\Niko Reeves Massage.flv
2014-10-14 02:15 - 2013-05-01 18:58 - 17381325 _____ () C:\Users\Ernst\Desktop\Gayasianporn.biz.Amateur_Thai_guys_1.3.DAT
2014-10-14 02:15 - 2013-05-01 18:58 - 11957613 _____ () C:\Users\Ernst\Desktop\Gayasianporn.biz.Amateur_Thai_guys_1.2.DAT
2014-10-14 01:36 - 2014-10-14 16:54 - 1679110710 _____ () C:\Users\Ernst\Downloads\Gayasianporn.Thick_Cocks_Club.avi
2014-10-14 01:31 - 2014-10-14 04:09 - 677383878 _____ () C:\Users\Ernst\Downloads\Gayasianporn.Taiwanese_Guys.avi
2014-10-05 17:25 - 2014-10-05 17:25 - 00064000 _____ () C:\Users\Ernst\Downloads\civunma-jeqrt-14-p-tables.xls
2014-10-05 15:59 - 2014-10-05 17:11 - 484940233 _____ () C:\Users\Ernst\Desktop\The Normal Heart.flv
2014-10-04 22:26 - 2014-10-04 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-10-04 22:26 - 2014-10-04 22:26 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-10-04 22:25 - 2014-10-06 18:49 - 00000000 ____D () C:\ProgramData\EPSON
2014-10-04 22:25 - 2011-04-18 18:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMI2E.DLL
2014-10-04 22:25 - 2011-03-13 18:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BI2E.DLL
2014-10-04 22:25 - 2007-04-09 16:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-10-04 00:46 - 2014-10-04 00:46 - 00002803 _____ () C:\Users\Public\Desktop\EPubsoft Kindle MOBI AZW DRM Removal.lnk
2014-10-04 00:46 - 2014-10-04 00:46 - 00000000 ____D () C:\Users\Ernst\Documents\Epubsoft
2014-10-04 00:46 - 2014-10-04 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2014-10-04 00:46 - 2014-10-04 00:46 - 00000000 ____D () C:\ProgramData\Epubsoft
2014-10-04 00:46 - 2014-10-04 00:46 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT
2014-10-04 00:44 - 2014-10-04 00:44 - 00000000 ____D () C:\Users\Ernst\Desktop\Gai Mizuki - Over Love Over
2014-10-04 00:32 - 2014-10-04 00:45 - 00000000 ____D () C:\Users\Ernst\Documents\My Kindle Content
2014-10-04 00:32 - 2014-10-04 00:32 - 00002000 _____ () C:\Users\Ernst\Desktop\Kindle.lnk
2014-10-04 00:32 - 2014-10-04 00:32 - 00000000 ____D () C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-10-04 00:32 - 2014-10-04 00:32 - 00000000 ____D () C:\Users\Ernst\AppData\Local\Amazon
2014-10-04 00:32 - 2014-10-04 00:32 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-10-03 15:24 - 2014-10-03 17:48 - 407248674 _____ () C:\Users\Ernst\Desktop\The Case Against 8.flv
2014-09-30 01:16 - 2014-09-30 01:16 - 00009460 _____ () C:\Users\Ernst\Downloads\[kickass.to]x.men.days.of.future.past.2014.720p.brrip.x264.yify.torrent
2014-09-27 14:58 - 2014-09-27 16:42 - 71024382 _____ () C:\Users\Ernst\Desktop\Asian jock moaning at end of edge session .mp4
2014-09-26 01:04 - 2014-10-22 01:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 19:06 - 2014-06-27 23:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 19:05 - 2014-06-27 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 19:05 - 2014-06-27 23:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 19:05 - 2013-07-27 18:52 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 18:48 - 2011-03-01 15:26 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 16:48 - 2011-03-01 15:26 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 07:07 - 2011-03-01 15:13 - 02072265 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 23:33 - 2013-11-02 04:15 - 00002756 _____ () C:\Windows\System32\Tasks\AutoKMSDaily
2014-10-23 23:33 - 2013-11-02 04:14 - 00000218 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2014-10-23 23:33 - 2013-10-05 02:27 - 00151552 _____ () C:\Windows\KMSEmulator.exe
2014-10-23 02:11 - 2013-09-04 15:51 - 00000000 ____D () C:\Users\Ernst\AppData\Roaming\VidCoder
2014-10-22 03:04 - 2009-07-14 12:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 03:04 - 2009-07-14 12:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 01:36 - 2013-07-27 19:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-21 23:36 - 2009-07-14 13:13 - 00798570 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 23:33 - 2013-10-05 02:28 - 00000216 _____ () C:\Windows\Tasks\AutoKMS.job
2014-10-21 23:32 - 2013-10-19 15:24 - 00018802 _____ () C:\Windows\setupact.log
2014-10-21 23:32 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 05:10 - 2014-01-02 10:36 - 00000514 _____ () C:\Users\Ernst\Desktop\rmb so far list.txt
2014-10-15 09:01 - 2014-07-13 08:05 - 00000000 ____D () C:\Users\Ernst\Desktop\Mousybot
2014-10-12 06:20 - 2013-07-27 18:48 - 00000000 ____D () C:\Windows\pss
2014-10-12 01:51 - 2013-08-28 05:18 - 00000000 ____D () C:\Users\Ernst\AppData\Roaming\BitComet
2014-10-08 15:11 - 2013-10-20 23:59 - 00068698 _____ () C:\Windows\PFRO.log
2014-10-08 15:11 - 2011-03-01 16:06 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-10-06 18:33 - 2011-03-01 16:04 - 00002206 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-10-06 18:32 - 2009-07-29 14:03 - 00000000 ____D () C:\Windows\Panther
2014-10-04 00:50 - 2013-07-25 23:25 - 00000000 ____D () C:\Users\Ernst\Desktop\Desktop Shortcuts
2014-10-02 15:53 - 2013-07-27 19:22 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 11:11 - 2014-06-27 23:10 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-06-27 23:10 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2013-07-27 18:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-27 00:55 - 2011-03-01 15:32 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-27 00:54 - 2014-08-25 20:40 - 00000000 ____D () C:\Users\Ernst\Tracing
 
Some content of TEMP:
====================
C:\Users\Ernst\AppData\Local\Temp\1_Offer_2.exe
C:\Users\Ernst\AppData\Local\Temp\6_Offer_4.exe
C:\Users\Ernst\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Ernst\AppData\Local\Temp\ExPromo.exe
C:\Users\Ernst\AppData\Local\Temp\ffmpeg16.exe
C:\Users\Ernst\AppData\Local\Temp\FreemakeVideoConverter_4.1.3.15.exe
C:\Users\Ernst\AppData\Local\Temp\htmlayout.dll
C:\Users\Ernst\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Ernst\AppData\Local\Temp\tmpC477.exe
C:\Users\Ernst\AppData\Local\Temp\vcredist_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 00:50
 
==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014

Ran by Ernst at 2014-10-24 19:10:10
Running from C:\Users\Ernst\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AMD Accelerated Video Transcoding (Version: 13.10.100.30604 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{C62150B2-D4EE-A87D-F2AF-94E94F71AB6A}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80604.1838 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.12 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{41545534-2D56-3700-76A7-A758B70C0300}) (Version: 12.3.0.849 - APN, LLC) <==== ATTENTION
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.9 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0030 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.3.585 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
BitComet 1.36 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.36 - CometNetwork)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version:  - Oberon Media Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Charles 3.8.1 (HKLM\...\{6D2BEDF9-06CA-42FF-B6C2-EB6B935041D3}) (Version: 3.8.1.2 - XK72 Ltd)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Child of Light (HKLM-x32\...\Q2hpbGRvZkxpZ2h0_is1) (Version: 1 - )
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.7 - ASUS)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Daum PotPlayer 1.5.39036 (HKLM-x32\...\PotPlayer) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
EPubsoft Kindle MOBI AZW DRM Removal 8.3.5 (HKLM-x32\...\{61F7C273-C127-49ED-B2D4-D9A421ECEBE4}) (Version: 8.3.5 - EPUBSOFT)
ETDWare PS/2-x64 7.0.5.12_WHQL (HKLM\...\Elantech) (Version: 7.0.5.12 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GetFLV 9.5.6.9 (HKLM-x32\...\GetFLV_is1) (Version:  - GetFLV, Inc.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Luxor 3 (HKLM-x32\...\Luxor 3) (Version:  - Oberon Media Inc.)
Macro Recorder 5.7.4 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.4 - Jitbit Software)
Magic DVD Ripper V8.1.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version:  - Magic DVD Software, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPEG2 Codec(libmpeg2/mad) (HKLM-x32\...\MPEG2 Codec(libmpeg2/mad)) (Version:  - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Ó°ÒôºÐ×Ó(MediaBox) 1.2.0.353 (HKLM-x32\...\MediaBox) (Version: 1.2.0.353 - Hensence.com)
Ragnarok Online2 (HKLM-x32\...\{3C6A9286-2A4B-43DF-A322-01ABFFDCD248}) (Version: 2.00.0000 - Gravity)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.6-1.0.8500.17 - raidcall.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.6200 - SRS Labs, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
The AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - The AdBlocker) <==== ATTENTION
Tom Clancy`s Splinter Cell® Blacklist™ (HKLM-x32\...\Tom Clancy`s Splinter Cell® Blacklist™_is1) (Version: 1.01 - R.G. Revenants)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.01 - Ubisoft)
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro Titanium Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VidCoder 1.4.25 (x86) (HKLM-x32\...\VidCoder_is1) (Version: 1.4.25 - RandomEngy)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403) (HKLM\...\F9FD5BBF579A4BFD40D38BE291F731666B27DC28) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (06/11/2009 6.2.0.9500) (HKLM\...\0E74EB10C05C955C24243E6D3120CDC972FC5B1D) (Version: 06/11/2009 6.2.0.9500 - Broadcom)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.2 - ASUS)
Winkawaks 1.61 (HKLM-x32\...\Winkawaks 1.61) (Version:  - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.0.3 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.17 - ASUS)
World of Goo (HKLM-x32\...\World of Goo) (Version:  - Oberon Media Inc.)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {4352C65B-1C9C-4033-88CD-827EDAB8753B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5E71E12D-C0CA-40EA-BF00-4B39EE8B3133} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-12-01] ()
Task: {6457B261-28C7-499C-9837-F78F68D27955} - System32\Tasks\4705 => Wscript.exe C:\Users\Ernst\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {7757E2A7-2660-49E6-9FEA-91F470A2A72E} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-03] (ASUS)
Task: {792E1C65-1853-4A11-976A-FB3A44FF9DDF} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {7A1B8006-C242-4863-AF47-26C761D71C2B} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe [2013-10-05] ()
Task: {7E19946C-59EF-4DF9-8975-141BBBA7BDC0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-10-05] ()
Task: {8934D2B2-A844-4CC0-9369-A3E59F85FE0B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-23] (Piriform Ltd)
Task: {C29042D7-2117-44BD-A2A7-102D021A4E05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DD21F9B4-B0FF-4AEB-AAE9-CA6C444B5B25} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-08-01] (ASUS)
Task: {E9F4C443-8281-435D-93C6-1986B201C004} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-05-29] (ATK)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-05-17 06:34 - 2014-05-17 06:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2011-03-01 15:39 - 2010-09-17 16:52 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2011-03-01 15:39 - 2010-09-17 16:52 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-08-03 08:54 - 2009-08-03 08:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-03-01 16:04 - 2007-12-01 03:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-04-03 11:21 - 2008-10-01 15:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-01-12 02:27 - 2010-01-12 02:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2010-05-06 10:22 - 2010-05-06 10:22 - 00108544 _____ () C:\Program Files\P4G\OvrClk.dll
2010-07-03 05:36 - 2010-07-03 05:36 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-17 08:11 - 2014-05-17 08:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-05-17 08:37 - 2014-05-17 08:37 - 00506664 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll
2009-11-03 06:20 - 2009-11-03 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-03 06:23 - 2009-11-03 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-13 18:43 - 2014-06-05 21:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 18:43 - 2014-06-05 21:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-13 18:43 - 2014-06-05 21:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 18:43 - 2014-06-05 21:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 18:43 - 2014-06-05 21:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-12 00:27 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
2014-10-15 14:41 - 2014-10-15 14:41 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ernst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Æô¶¯·ÉËÙÍÁ¶¹.lnk => C:\Windows\pss\Æô¶¯·ÉËÙÍÁ¶¹.lnk.Startup
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Player\DelayPluginI.exe
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: Spotify => "C:\Users\Ernst\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Ernst\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: Syncables => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
MSCONFIG\startupreg: Trend Micro Titanium => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: VizorHtmlDialog.exe => "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3027588665-1485473133-3475537432-500 - Administrator - Disabled)
Ernst (S-1-5-21-3027588665-1485473133-3475537432-1000 - Administrator - Enabled) => C:\Users\Ernst
Guest (S-1-5-21-3027588665-1485473133-3475537432-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/24/2014 00:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (10/23/2014 00:00:03 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (10/22/2014 04:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (10/22/2014 03:02:06 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (10/21/2014 10:07:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PotPlayerMini.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2bdc
 
Start Time: 01cfed384dfd8a07
 
Termination Time: 9
 
Application Path: C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe
 
Report Id: 982f212f-592b-11e4-bc61-74f06dcc9c56
 
Error: (10/21/2014 05:53:16 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (10/21/2014 00:21:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (10/17/2014 00:46:42 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (10/16/2014 00:02:16 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (10/15/2014 09:41:05 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
 
System errors:
=============
Error: (10/21/2014 11:49:37 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{54B892A5-0642-4254-98E1-B595AF7E8964}.
The backup browser is stopping.
 
Error: (10/21/2014 11:34:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (10/21/2014 11:32:20 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The ATKGFNEX Service service depends the following service: ASMMAP64. This service might not be installed.
 
Error: (10/12/2014 06:15:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/12/2014 06:15:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TeamViewer 8 service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (10/12/2014 06:14:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 8 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
 
Error: (10/12/2014 06:14:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
 
Error: (10/12/2014 06:14:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/08/2014 03:13:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (10/08/2014 03:11:25 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The ATKGFNEX Service service depends the following service: ASMMAP64. This service might not be installed.
 
 
Microsoft Office Sessions:
=========================
Error: (10/24/2014 00:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (10/23/2014 00:00:03 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (10/22/2014 04:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
 
Error: (10/22/2014 03:02:06 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (10/21/2014 10:07:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PotPlayerMini.exe0.0.0.02bdc01cfed384dfd8a079C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe982f212f-592b-11e4-bc61-74f06dcc9c56
 
Error: (10/21/2014 05:53:16 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
 
Error: (10/21/2014 00:21:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (10/17/2014 00:46:42 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (10/16/2014 00:02:16 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (10/15/2014 09:41:05 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-27 00:16:24.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-27 00:16:16.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 76%
Total physical RAM: 3947.53 MB
Available physical RAM: 945.21 MB
Total Pagefile: 7893.25 MB
Available Pagefile: 3260.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:248.96 GB) (Free:68.31 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (New Volume) (Fixed) (Total:195.31 GB) (Free:44.67 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=249 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


Post MBAM report for my analysis.

You have got the new variant which alters the Chrome internals.

JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.

Link to post
Share on other sites

Hey there, here are the below 3 logs you requested for.

 

MBAM

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 10/24/2014
Scan Time: 7:45:54 PM
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.24.04
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ernst
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346539
Time Elapsed: 29 min, 26 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.GboxApp.A, C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.gboxapp.com/",), ,[04801503b1cbf83ec4e0441aaa5bd42c]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ernst on Fri 10/24/2014 at 19:44:17.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Ernst\AppData\Roaming\mozilla\firefox\profiles\h8ept498.default-1388174032709\prefs.js
 
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("extensions.RGo.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||u
user_pref("extensions.eoosx.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1|
user_pref("extensions.eoosx.url", "hxxp://getjpi2.info/sync2/?q=hfZ9ofV9CShEAen0pjg4tMqLDe49CNU0jlUMCMlNhd9Fqda6rjrEqdn7rjrMBzqUojw9rdUEqHw5rdaHpih7hfs0pihPBMn0pdUHpja8qjY4pdg
user_pref("extensions.fEaGMHc2Pw1.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\
user_pref("extensions.hww.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||u
user_pref("extensions.iZf4.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||
user_pref("extensions.qkPr.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||
Emptied folder: C:\Users\Ernst\AppData\Roaming\mozilla\firefox\profiles\h8ept498.default-1388174032709\minidumps [43 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/24/2014 at 19:54:46.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Adwcleaner

 

# AdwCleaner v4.001 - Report created 24/10/2014 at 19:39:15

# DB v2014-10-23.2
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ernst - ERNST-PC
# Running from : C:\Users\Ernst\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : APNMCP
[#] Service Deleted : hshld
[#] Service Deleted : hsswd
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Ernst\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Ernst\AppData\Roaming\EZDownloader
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Ernst\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\Fun22SavE
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihlknogfdcbopnmmmegahiokppaiomj
Folder Deleted : C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihlknogfdcbopnmmmegahiokppaiomj
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihlknogfdcbopnmmmegahiokppaiomj
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihlknogfdcbopnmmmegahiokppaiomj
[!] Folder Deleted : C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihlknogfdcbopnmmmegahiokppaiomj
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihlknogfdcbopnmmmegahiokppaiomj
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihlknogfdcbopnmmmegahiokppaiomj
[!] Folder Deleted : C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihlknogfdcbopnmmmegahiokppaiomj
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihlknogfdcbopnmmmegahiokppaiomj
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_itools-iphone-manager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_itools-iphone-manager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0D4A4BC-F7CD-436E-B1FA-25637BA0F5BE}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Email Notifier
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\hotspotshield
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16496
 
 
-\\ Mozilla Firefox v33.0 (x86 en-US)
 
 
-\\ Google Chrome v35.0.1916.153
 
 
*************************
 
AdwCleaner[R0].txt - [8306 octets] - [24/10/2014 19:32:51]
AdwCleaner[s0].txt - [7492 octets] - [24/10/2014 19:39:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7552 octets] ##########
 

 

Link to post
Share on other sites

Are you running a pirated version of MS Office?

 

 

EDIT::

No, it hasn't. You only think that, but bare In mind what I told you prior. You have a new variant, which won't go away so easily. The lack of symptoms doesn't mean that your machine is fully operational.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.