CPU running high untill task manager or process explorer is opened

[Para]

Hi i am having an issue with my cpu usage it is running at 50-70% sometimes higher unless i open task manager then with in 1-2 secounds i will watch it drop back to normal 2-5% i don't know how to slove this issue. So far i have run security scans with trendmicro and mcafee but they have found no problems. I have also noticed that my internet speed drops alot sometimes for no reason that i can see, i dont know if it is the same issue or something alse.

 

any assistance will be much appreciated

 

here is my computer's basic running system

 

Windows 8.1

Processor: AMD FX-8350 Eight-Core Processor 4.30GHz

RAM: 16GB

System Type: 64-bit Operating System, x64-based processor

 

p.s I know very little about these kinds of problems

thank you

[Psychotic]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 

• Run FRST.
• Don´t change one of the checkboxes and hit Scan.
• Logfiles are created on your desktop.
• Poste the FRST.txt and (after the first scan only!) the Addition.txt.
  

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

• Double click the aswMBR.exe icon, and click Run.
• There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
• When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
• Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
• Click the Scan button to start the scan once the update has finished downloading
• On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
  

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

[Para]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(© 2015 Microsoft Corporation) C:\Users\temhe_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sysinternals - www.sysinternals.com) C:\Users\temhe_000\Documents\ProcessExplorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\temhe_000\AppData\Local\Temp\procexp64.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(BitTorrent Inc.) C:\Users\temhe_000\AppData\Roaming\BitTorrent\BitTorrent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266688 2015-05-04] (Trend Micro Inc.)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2020952 2015-05-05] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-21] (Trend Micro Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-15] (Raptr, Inc)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-07] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [43871968 2015-06-27] (Dropbox, Inc.)
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282304 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [bingSvc] => C:\Users\temhe_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [steam] => D:\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [EADM] => D:\Origin\Origin.exe [3632112 2015-06-30] (Electronic Arts)
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [Akamai NetSession Interface] => "C:\Users\temhe_000\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-06-21] (Overwolf LTD)
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [4711000 2015-06-02] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-1800742781-42368032-4135958153-1004\...\Run: [HydraVisionDesktopManager] => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-05-12]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-06-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-05-12]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1424922214&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1424922214&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1424922214&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1424922214&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C&q={searchTerms}
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-au
HKU\S-1-5-21-1800742781-42368032-4135958153-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1800742781-42368032-4135958153-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1800742781-42368032-4135958153-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1800742781-42368032-4135958153-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C&ts=1424922239&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1800742781-42368032-4135958153-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C&ts=1424922239&type=default&q={searchTerms}
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-05-05] (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-07-01] (Trend Micro Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\TmBpIe64.dll [2015-05-21] (Trend Micro Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-05-05] (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-26] (Oracle Corporation)
BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-07-01] (Trend Micro Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\TmBpIe32.dll [2015-05-21] (Trend Micro Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-26] (Oracle Corporation)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-05-05] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-05-05] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\TmBpIe64.dll [2015-05-21] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\TmBpIe32.dll [2015-05-21] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-07-01] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-07-01] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2014-07-21] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2014-07-21] (Trend Micro Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-06-13] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-06-13] (Initex)
Winsock: Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-06-13] (Initex)
Winsock: Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-06-13] (Initex)
Winsock: Catalog9 15 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-06-13] (Initex)
Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464 2015-06-13] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464 2015-06-13] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464 2015-06-13] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464 2015-06-13] (Initex)
Winsock: Catalog9-x64 15 C:\Windows\system32\WTFastDrv.dll [79464 2015-06-13] (Initex)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{1CCBB7F8-A53B-4FAC-B11B-F57AF707F6FA}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8103ABD3-E500-441C-95E5-C3DD0398D7F6}: [DhcpNameServer] 10.0.0.138
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1424922214&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C

FireFox:
========
FF ProfilePath: C:\Users\temhe_000\AppData\Roaming\Mozilla\Firefox\Profiles\7cdpjbag.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-10] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-10] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\firefoxextension [2015-06-18]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-03-08]
FF HKLM-x32\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
FF Extension: Trend Micro Password Manager Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2015-03-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-04-12]
FF HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-25] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-05] (Dropbox, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2004488 2015-06-30] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1000688 2015-06-21] (Overwolf LTD)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187328 2015-05-04] (Trend Micro Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-06-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-27] ()
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [333848 2015-05-05] (Trend Micro Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [X]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
S3 kbfilter; C:\Windows\system32\DRIVERS\kbfilter.sys [67408 2015-01-30] (Trend Micro Inc.)
S0 megasas2; C:\Windows\System32\drivers\megasas2.sys [60656 2013-06-28] (LSI Corporation)
S0 rcraid; C:\Windows\System32\drivers\rcraid.sys [533680 2013-09-13] (AMD, Inc.)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [122432 2015-04-24] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [307344 2015-04-24] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-10] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [106296 2014-07-10] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [37904 2014-07-10] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [93616 2015-04-24] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [407864 2014-07-10] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [106296 2014-07-01] (Trend Micro Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S4 {291bfea4-019b-41de-a68d-736bec29b080}Gw64;  [X]
S4 {a55667f1-a319-4629-a8b6-a68d9d3313ee}Gw64;  [X]
S4 {d3faa606-99ad-4927-8f30-167a217dc4db}Gw64;  [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 23:06 - 2015-07-13 23:06 - 00027037 _____ C:\Users\temhe_000\Downloads\FRST.txt
2015-07-13 23:06 - 2015-07-13 23:06 - 00000000 ____D C:\FRST
2015-07-13 23:05 - 2015-07-13 23:05 - 02133504 _____ (Farbar) C:\Users\temhe_000\Downloads\FRST64.exe
2015-07-13 21:01 - 2015-07-13 21:23 - 00000000 ____D C:\Users\temhe_000\Desktop\The Forger (2014)
2015-07-13 18:32 - 2015-07-13 19:00 - 00000000 ____D C:\Users\temhe_000\Desktop\The Interview (2014) [1080p]
2015-07-13 17:58 - 2015-07-13 17:58 - 00003486 _____ C:\Windows\System32\Tasks\{A04C9703-9FFD-4A70-83E0-2769C96852C1}
2015-07-13 16:22 - 2015-07-13 16:22 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-07-13 16:22 - 2015-07-13 16:22 - 00001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-07-13 16:22 - 2015-07-13 16:22 - 00001154 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-07-13 16:22 - 2015-07-13 16:22 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2015-07-13 16:15 - 2015-07-13 22:11 - 00000000 ____D C:\ProgramData\SecTaskMan
2015-07-13 15:53 - 2015-07-13 15:53 - 00000000 ____D C:\Users\temhe_000\Documents\ProcessExplorer
2015-07-11 00:07 - 2015-07-11 00:07 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\Trove
2015-07-10 22:27 - 2015-07-11 19:33 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Glyph
2015-07-10 22:27 - 2015-07-10 22:28 - 00000000 ____D C:\ProgramData\Glyph
2015-07-10 22:27 - 2015-07-10 22:27 - 00000646 _____ C:\Users\temhe_000\Desktop\Glyph.lnk
2015-07-10 22:27 - 2015-07-10 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-07-06 19:11 - 2015-07-06 19:13 - 00000000 ____D C:\Users\temhe_000\Desktop\Screeny
2015-07-05 18:52 - 2015-07-13 14:16 - 00000000 ___RD C:\Users\temhe_000\Dropbox
2015-07-05 18:52 - 2015-07-05 18:52 - 00001249 _____ C:\Users\temhe_000\Desktop\Dropbox.lnk
2015-07-05 18:52 - 2015-07-05 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-05 18:51 - 2015-07-05 18:51 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\Dropbox
2015-07-05 18:50 - 2015-07-13 22:55 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-05 18:50 - 2015-07-13 18:55 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-05 18:50 - 2015-07-05 18:52 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-07-05 18:50 - 2015-07-05 18:50 - 00003894 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-05 18:50 - 2015-07-05 18:50 - 00003658 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-05 18:49 - 2015-07-13 14:16 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Dropbox
2015-07-05 18:49 - 2015-07-05 18:49 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-05 16:34 - 2015-07-06 19:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-04 14:51 - 2015-07-04 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-07-04 14:51 - 2015-07-04 14:51 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-07-01 11:35 - 2015-07-01 11:37 - 00000000 ____D C:\Users\temhe_000\Desktop\Local in melbourne
2015-06-29 10:53 - 2015-07-04 14:51 - 00001954 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-06-29 10:53 - 2015-07-04 14:51 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-06-29 10:53 - 2015-06-29 10:53 - 00000000 ____D C:\ProgramData\McAfee
2015-06-29 10:23 - 2015-06-29 10:23 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Macromedia
2015-06-29 00:49 - 2015-06-29 00:50 - 00000023 _____ C:\Users\temhe_000\Desktop\New Text Document.txt
2015-06-23 16:52 - 2015-07-06 23:23 - 00000000 ____D C:\Users\temhe_000\Desktop\Series
2015-06-23 16:36 - 2015-06-23 16:36 - 00000177 _____ C:\Users\rosem_000\Desktop\Personal - Online Banking  ANZ.url
2015-06-22 19:26 - 2015-06-22 19:26 - 00000000 ____D C:\Crash
2015-06-22 15:19 - 2015-06-22 15:19 - 00000650 _____ C:\Users\temhe_000\Desktop\PlanetSide 2.lnk
2015-06-22 15:19 - 2015-06-22 15:19 - 00000650 _____ C:\Users\temhe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
2015-06-22 15:19 - 2015-06-22 15:19 - 00000000 ____D C:\Users\temhe_000\AppData\Local\SCE
2015-06-21 02:26 - 2015-06-21 02:26 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2015-06-21 02:12 - 2015-06-21 02:12 - 00000000 ____D C:\Users\temhe_000\AppData\Local\PunkBuster
2015-06-20 21:42 - 2015-06-20 21:43 - 00000000 ____D C:\Users\temhe_000\Documents\Battlefield 4
2015-06-20 21:41 - 2015-06-20 21:41 - 00000000 ____D C:\Users\temhe_000\AppData\Local\ESN
2015-06-20 21:40 - 2015-06-20 21:40 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-06-20 21:37 - 2015-07-06 19:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-20 21:37 - 2015-06-20 21:38 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\Mozilla
2015-06-20 21:37 - 2015-06-20 21:38 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Mozilla
2015-06-20 21:37 - 2015-06-20 21:37 - 00001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-20 21:37 - 2015-06-20 21:37 - 00001166 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-20 21:37 - 2015-06-20 21:37 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-19 18:03 - 2015-06-19 18:03 - 00000548 _____ C:\Users\temhe_000\Desktop\World of Warships.lnk
2015-06-19 18:03 - 2015-06-19 18:03 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-06-16 19:45 - 2015-06-16 19:45 - 00000000 ____D C:\ProgramData\WarThunder
2015-06-13 10:08 - 2015-06-13 10:08 - 00000000 ____D C:\Users\rosem_000\AppData\Local\Adobe
2015-06-13 00:45 - 2015-06-13 00:45 - 00000998 _____ C:\Users\Public\Desktop\WTFast.lnk
2015-06-13 00:45 - 2015-06-13 00:45 - 00000000 ____D C:\Users\temhe_000\AppData\Local\AAA_Internet_Publishing,_
2015-06-13 00:45 - 2015-06-13 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast
2015-06-13 00:45 - 2015-06-13 00:45 - 00000000 ____D C:\Program Files (x86)\WTFast
2015-06-13 00:45 - 2015-04-08 15:15 - 00079464 _____ (Initex) C:\Windows\system32\WTFastDrv.dll
2015-06-13 00:45 - 2015-04-08 15:15 - 00072296 _____ (Initex) C:\Windows\SysWOW64\WTFastDrv.dll
2015-06-13 00:45 - 2015-04-08 15:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 23:02 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-13 22:36 - 2015-02-24 23:02 - 01761759 _____ C:\Windows\WindowsUpdate.log
2015-07-13 22:08 - 2015-05-02 19:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 21:28 - 2015-05-15 15:35 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\BitTorrent
2015-07-13 20:42 - 2015-02-25 10:18 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3E5ED26C-DD0F-461A-B7C6-2303AD0B0067}
2015-07-13 19:09 - 2014-03-18 20:03 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-13 18:45 - 2015-04-01 17:39 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\.minecraft
2015-07-13 18:40 - 2015-02-25 10:03 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1800742781-42368032-4135958153-1003
2015-07-13 18:34 - 2015-05-24 18:31 - 00007650 _____ C:\Users\temhe_000\AppData\Local\Resmon.ResmonCfg
2015-07-13 18:12 - 2014-06-12 13:09 - 00000000 ____D C:\ProgramData\Temp
2015-07-13 18:03 - 2014-06-12 13:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-13 18:03 - 2014-06-12 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2015-07-13 18:03 - 2014-06-12 13:09 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-07-13 17:33 - 2015-04-02 16:57 - 00000000 ___HD C:\TMRescueDisk
2015-07-13 14:15 - 2015-02-25 10:01 - 00000000 __RDO C:\Users\temhe_000\OneDrive
2015-07-10 23:08 - 2015-05-02 19:43 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-10 22:41 - 2013-08-23 01:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-10 22:08 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-07 07:24 - 2013-08-23 01:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-07 07:24 - 2013-08-23 01:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 22:48 - 2013-08-23 00:46 - 00073697 _____ C:\Windows\setupact.log
2015-07-05 18:52 - 2015-02-25 09:57 - 00000000 ____D C:\Users\temhe_000
2015-07-05 03:51 - 2015-04-14 13:15 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\Skype
2015-07-03 13:53 - 2015-05-02 19:43 - 00000000 ____D C:\Users\temhe_000\Documents\888poker
2015-07-03 04:28 - 2015-05-23 23:29 - 00000000 ____D C:\ProgramData\Origin
2015-07-02 21:51 - 2015-05-27 22:12 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-07-02 21:51 - 2015-05-27 22:12 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-07-02 00:53 - 2015-04-14 13:25 - 00000000 ____D C:\Users\temhe_000\Documents\Youcam
2015-06-30 18:27 - 2015-05-31 19:13 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\TS3Client
2015-06-29 18:38 - 2015-03-08 12:00 - 00000010 _____ C:\Users\temhe_000\AppData\Local\sponge.last.runtime.cache
2015-06-29 13:14 - 2015-05-31 19:14 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-06-29 10:55 - 2015-03-04 13:44 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Adobe
2015-06-23 16:56 - 2015-06-10 17:17 - 00000000 ____D C:\Users\temhe_000\Desktop\Movies
2015-06-23 16:37 - 2015-05-01 21:26 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1800742781-42368032-4135958153-1004
2015-06-23 16:22 - 2015-05-01 21:26 - 00000000 ____D C:\Users\rosem_000\OneDrive
2015-06-22 15:19 - 2015-02-25 11:08 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-06-20 21:42 - 2015-05-23 23:33 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Origin
2015-06-20 21:42 - 2015-05-23 23:29 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-06-20 21:38 - 2015-05-16 20:28 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\Raptr
2015-06-19 17:36 - 2013-08-22 23:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-19 17:34 - 2015-03-08 10:55 - 00003540 _____ C:\Windows\System32\Tasks\Trend Micro Inspect of Platinum
2015-06-19 17:34 - 2014-03-18 19:54 - 14425922 _____ C:\Windows\PFRO.log
2015-06-19 17:34 - 2013-08-23 00:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-19 17:34 - 2013-08-22 23:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-18 18:47 - 2015-05-12 20:50 - 00000000 ____D C:\Users\temhe_000\AppData\Local\WinZip
2015-06-16 20:14 - 2015-05-16 21:12 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Warframe
2015-06-13 10:12 - 2015-05-01 21:29 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6F798860-9952-403E-8E6D-BF43F1019501}
2015-06-13 10:08 - 2015-05-01 21:17 - 00000000 ____D C:\Users\rosem_000\AppData\Roaming\Adobe
2015-06-13 09:54 - 2015-05-01 21:30 - 00000000 __SHD C:\Users\rosem_000\AppData\Local\EmieUserList
2015-06-13 09:54 - 2015-05-01 21:30 - 00000000 __SHD C:\Users\rosem_000\AppData\Local\EmieSiteList
2015-06-13 09:54 - 2015-05-01 21:30 - 00000000 __SHD C:\Users\rosem_000\AppData\Local\EmieBrowserModeList

==================== Files in the root of some directories =======

2015-03-05 04:42 - 2015-03-05 04:42 - 0000036 _____ () C:\Users\temhe_000\AppData\Local\housecall.guid.cache
2015-05-16 02:04 - 2015-05-16 02:04 - 0012633 _____ () C:\Users\temhe_000\AppData\Local\recently-used.xbel
2015-05-24 18:31 - 2015-07-13 18:34 - 0007650 _____ () C:\Users\temhe_000\AppData\Local\Resmon.ResmonCfg
2015-03-08 12:00 - 2015-06-29 18:38 - 0000010 _____ () C:\Users\temhe_000\AppData\Local\sponge.last.runtime.cache
2014-06-12 12:03 - 2014-06-12 12:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\rosem_000\AppData\Local\Temp\tmp5F0E.exe
C:\Users\temhe_000\AppData\Local\Temp\procexp64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

==================== Accounts: =============================

Administrator (S-1-5-21-1800742781-42368032-4135958153-500 - Administrator - Disabled)
Guest (S-1-5-21-1800742781-42368032-4135958153-501 - Limited - Disabled)
rosem_000 (S-1-5-21-1800742781-42368032-4135958153-1004 - Limited - Enabled) => C:\Users\rosem_000
temhe_000 (S-1-5-21-1800742781-42368032-4135958153-1003 - Administrator - Enabled) => C:\Users\temhe_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Maximum Security (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Maximum Security (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

888poker (HKLM-x32\...\888poker) (Version:  - )
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Alliance of Valiant Arms (HKLM-x32\...\Alliance of Valiant Arms) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BitTorrent (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
CyberLink Power2Go 7 (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3328 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9729 - CyberLink Corp.)
CyberLink YouCam 3.1 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.29 - Dropbox, Inc.) Hidden
Farming Simulator 15 (HKLM-x32\...\FarmingSimulator2015INT_is1) (Version: 1.2.0.0 - GIANTS Software)
GIANTS Editor 6.0.3 64-bit (HKLM-x32\...\giants_editor_6.0.3_win64_is1) (Version: 6.0.3 - GIANTS Software GmbH)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1800742781-42368032-4135958153-1004\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.86.89.0 - Overwolf Ltd.)
PlanetSide 2 (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7154 - Realtek Semiconductor Corp.)
Security Task Manager 2.1 (HKLM-x32\...\Security Task Manager) (Version: 2.1 - Neuber Software)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\Steam App 323370) (Version:  - En Masse Entertainment)
Trend Micro DirectPass (Version: 1.9.0.1094 - Trend Micro Inc.) Hidden
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.1176 - Trend Micro Inc.)
Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden
Trove North America (HKLM-x32\...\Glyph Trove North America) (Version:  - Trion Worlds, Inc.)
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
War Thunder Launcher 1.0.1.530 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Warframe (HKLM-x32\...\{6D431C84-968F-4665-9BA4-A6087D8FB5B9}) (Version: 1.0.0 - Digital Extremes)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.6.464 - Initex & AAA Internet Publishing)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1800742781-42368032-4135958153-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\FileSyncApi64.dll No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-1800742781-42368032-4135958153-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\FileSyncApi64.dll No Fi (the data entry has 2 more characters).

==================== Restore Points =========================

25-06-2015 16:16:24 Scheduled Checkpoint
02-07-2015 15:01:18 Installed VirtualDJ 8
10-07-2015 22:41:30 Windows Update
13-07-2015 16:17:01 Uninstall "Casino.com"

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {393AEA18-38C0-4AE1-8BC1-ECFFA9C5667D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {3DDEEBA7-3208-4B47-BD0A-AD191369FCF0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)
Task: {49F7313C-2BDA-486E-B96B-D58DD94DAC6E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-05] (Dropbox, Inc.)
Task: {7C2C1D91-F4A2-44D6-9FA1-637B27EA1B7B} - \Microsoft OneDrive Auto Update Task-S-1-5-21-1800742781-42368032-4135958153-500 No Task File <==== ATTENTION
Task: {88555C9B-BA38-4C45-A9CF-3837AE953384} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe [2015-05-04] (Trend Micro Inc.)
Task: {B127009B-0E53-493B-B340-C6D642D2099B} - System32\Tasks\{A04C9703-9FFD-4A70-83E0-2769C96852C1} => pcalua.exe -a C:\Users\temhe_000\AppData\Local\Casino.com\internalCasinoSetupUninstall1435299124951_na_en.exe -c  /executeuninstall /trafficsource='533969' /profile='18' /userid='DDFE5A7275C04814AEE75D91A116DE77' /skinid='casinocom_new_notif' /fallbackfolder=''
Task: {DF74DD28-A6B9-4D73-B578-9A3CC27E58DD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {EE30C1E0-0F2F-4E1E-90AE-3DB8897305B9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-05] (Dropbox, Inc.)
Task: {F18ACDF8-4C43-458C-8353-E693C580E382} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-10] (Adobe Systems Incorporated)
Task: {F73ADBB8-71B7-42EB-ADC3-23214A8363F6} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-06-21] (Overwolf LTD)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 

[Psychotic]

These logs are incomplete.

Please post the complete logs in separate code areas, as instructed.

[Para]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by temhe_000 (administrator) on TEM on 13-07-2015 23:06:23
Running from C:\Users\temhe_000\Downloads
Loaded Profiles: temhe_000 & rosem_000 (Available Profiles: temhe_000 & rosem_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(© 2015 Microsoft Corporation) C:\Users\temhe_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sysinternals - www.sysinternals.com) C:\Users\temhe_000\Documents\ProcessExplorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\temhe_000\AppData\Local\Temp\procexp64.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(BitTorrent Inc.) C:\Users\temhe_000\AppData\Roaming\BitTorrent\BitTorrent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266688 2015-05-04] (Trend Micro Inc.)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2020952 2015-05-05] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-21] (Trend Micro Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-15] (Raptr, Inc)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-07] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [43871968 2015-06-27] (Dropbox, Inc.)
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282304 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [bingSvc] => C:\Users\temhe_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [steam] => D:\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [EADM] => D:\Origin\Origin.exe [3632112 2015-06-30] (Electronic Arts)
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [Akamai NetSession Interface] => "C:\Users\temhe_000\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-06-21] (Overwolf LTD)
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [4711000 2015-06-02] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-1800742781-42368032-4135958153-1004\...\Run: [HydraVisionDesktopManager] => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-05-12]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-06-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-05-12]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1424922214&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1424922214&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1424922214&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1424922214&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C&q={searchTerms}
HKU\S-1-5-21-1800742781-42368032-4135958153-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-au
HKU\S-1-5-21-1800742781-42368032-4135958153-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1800742781-42368032-4135958153-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1800742781-42368032-4135958153-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1800742781-42368032-4135958153-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C&ts=1424922239&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1800742781-42368032-4135958153-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.key-find.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C&ts=1424922239&type=default&q={searchTerms}
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-05-05] (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-07-01] (Trend Micro Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\TmBpIe64.dll [2015-05-21] (Trend Micro Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-05-05] (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-26] (Oracle Corporation)
BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-07-01] (Trend Micro Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\TmBpIe32.dll [2015-05-21] (Trend Micro Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-26] (Oracle Corporation)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-05-05] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-05-05] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\TmBpIe64.dll [2015-05-21] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\TmBpIe32.dll [2015-05-21] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-07-01] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-07-01] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2014-07-21] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2014-07-21] (Trend Micro Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-06-13] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-06-13] (Initex)
Winsock: Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-06-13] (Initex)
Winsock: Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-06-13] (Initex)
Winsock: Catalog9 15 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-06-13] (Initex)
Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464 2015-06-13] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464 2015-06-13] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464 2015-06-13] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464 2015-06-13] (Initex)
Winsock: Catalog9-x64 15 C:\Windows\system32\WTFastDrv.dll [79464 2015-06-13] (Initex)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{1CCBB7F8-A53B-4FAC-B11B-F57AF707F6FA}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8103ABD3-E500-441C-95E5-C3DD0398D7F6}: [DhcpNameServer] 10.0.0.138
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1424922214&from=cor&uid=KINGSTONXSV300S37A240G_50026B724606378C

FireFox:
========
FF ProfilePath: C:\Users\temhe_000\AppData\Roaming\Mozilla\Firefox\Profiles\7cdpjbag.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-10] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-10] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\firefoxextension [2015-06-18]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1022\9.1.1022\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-03-08]
FF HKLM-x32\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
FF Extension: Trend Micro Password Manager Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2015-03-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-04-12]
FF HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-25] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-05] (Dropbox, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2004488 2015-06-30] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1000688 2015-06-21] (Overwolf LTD)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187328 2015-05-04] (Trend Micro Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-06-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-27] ()
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [333848 2015-05-05] (Trend Micro Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [X]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
S3 kbfilter; C:\Windows\system32\DRIVERS\kbfilter.sys [67408 2015-01-30] (Trend Micro Inc.)
S0 megasas2; C:\Windows\System32\drivers\megasas2.sys [60656 2013-06-28] (LSI Corporation)
S0 rcraid; C:\Windows\System32\drivers\rcraid.sys [533680 2013-09-13] (AMD, Inc.)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [122432 2015-04-24] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [307344 2015-04-24] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-10] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [106296 2014-07-10] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [37904 2014-07-10] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [93616 2015-04-24] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [407864 2014-07-10] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [106296 2014-07-01] (Trend Micro Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S4 {291bfea4-019b-41de-a68d-736bec29b080}Gw64;  [X]
S4 {a55667f1-a319-4629-a8b6-a68d9d3313ee}Gw64;  [X]
S4 {d3faa606-99ad-4927-8f30-167a217dc4db}Gw64;  [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 23:06 - 2015-07-13 23:06 - 00027037 _____ C:\Users\temhe_000\Downloads\FRST.txt
2015-07-13 23:06 - 2015-07-13 23:06 - 00000000 ____D C:\FRST
2015-07-13 23:05 - 2015-07-13 23:05 - 02133504 _____ (Farbar) C:\Users\temhe_000\Downloads\FRST64.exe
2015-07-13 21:01 - 2015-07-13 21:23 - 00000000 ____D C:\Users\temhe_000\Desktop\The Forger (2014)
2015-07-13 18:32 - 2015-07-13 19:00 - 00000000 ____D C:\Users\temhe_000\Desktop\The Interview (2014) [1080p]
2015-07-13 17:58 - 2015-07-13 17:58 - 00003486 _____ C:\Windows\System32\Tasks\{A04C9703-9FFD-4A70-83E0-2769C96852C1}
2015-07-13 16:22 - 2015-07-13 16:22 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-07-13 16:22 - 2015-07-13 16:22 - 00001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-07-13 16:22 - 2015-07-13 16:22 - 00001154 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-07-13 16:22 - 2015-07-13 16:22 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2015-07-13 16:15 - 2015-07-13 22:11 - 00000000 ____D C:\ProgramData\SecTaskMan
2015-07-13 15:53 - 2015-07-13 15:53 - 00000000 ____D C:\Users\temhe_000\Documents\ProcessExplorer
2015-07-11 00:07 - 2015-07-11 00:07 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\Trove
2015-07-10 22:27 - 2015-07-11 19:33 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Glyph
2015-07-10 22:27 - 2015-07-10 22:28 - 00000000 ____D C:\ProgramData\Glyph
2015-07-10 22:27 - 2015-07-10 22:27 - 00000646 _____ C:\Users\temhe_000\Desktop\Glyph.lnk
2015-07-10 22:27 - 2015-07-10 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-07-06 19:11 - 2015-07-06 19:13 - 00000000 ____D C:\Users\temhe_000\Desktop\Screeny
2015-07-05 18:52 - 2015-07-13 14:16 - 00000000 ___RD C:\Users\temhe_000\Dropbox
2015-07-05 18:52 - 2015-07-05 18:52 - 00001249 _____ C:\Users\temhe_000\Desktop\Dropbox.lnk
2015-07-05 18:52 - 2015-07-05 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-05 18:51 - 2015-07-05 18:51 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\Dropbox
2015-07-05 18:50 - 2015-07-13 22:55 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-05 18:50 - 2015-07-13 18:55 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-05 18:50 - 2015-07-05 18:52 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-07-05 18:50 - 2015-07-05 18:50 - 00003894 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-05 18:50 - 2015-07-05 18:50 - 00003658 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-05 18:49 - 2015-07-13 14:16 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Dropbox
2015-07-05 18:49 - 2015-07-05 18:49 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-05 16:34 - 2015-07-06 19:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-04 14:51 - 2015-07-04 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-07-04 14:51 - 2015-07-04 14:51 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-07-01 11:35 - 2015-07-01 11:37 - 00000000 ____D C:\Users\temhe_000\Desktop\Local in melbourne
2015-06-29 10:53 - 2015-07-04 14:51 - 00001954 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-06-29 10:53 - 2015-07-04 14:51 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-06-29 10:53 - 2015-06-29 10:53 - 00000000 ____D C:\ProgramData\McAfee
2015-06-29 10:23 - 2015-06-29 10:23 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Macromedia
2015-06-29 00:49 - 2015-06-29 00:50 - 00000023 _____ C:\Users\temhe_000\Desktop\New Text Document.txt
2015-06-23 16:52 - 2015-07-06 23:23 - 00000000 ____D C:\Users\temhe_000\Desktop\Series
2015-06-23 16:36 - 2015-06-23 16:36 - 00000177 _____ C:\Users\rosem_000\Desktop\Personal - Online Banking  ANZ.url
2015-06-22 19:26 - 2015-06-22 19:26 - 00000000 ____D C:\Crash
2015-06-22 15:19 - 2015-06-22 15:19 - 00000650 _____ C:\Users\temhe_000\Desktop\PlanetSide 2.lnk
2015-06-22 15:19 - 2015-06-22 15:19 - 00000650 _____ C:\Users\temhe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
2015-06-22 15:19 - 2015-06-22 15:19 - 00000000 ____D C:\Users\temhe_000\AppData\Local\SCE
2015-06-21 02:26 - 2015-06-21 02:26 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2015-06-21 02:12 - 2015-06-21 02:12 - 00000000 ____D C:\Users\temhe_000\AppData\Local\PunkBuster
2015-06-20 21:42 - 2015-06-20 21:43 - 00000000 ____D C:\Users\temhe_000\Documents\Battlefield 4
2015-06-20 21:41 - 2015-06-20 21:41 - 00000000 ____D C:\Users\temhe_000\AppData\Local\ESN
2015-06-20 21:40 - 2015-06-20 21:40 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-06-20 21:37 - 2015-07-06 19:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-20 21:37 - 2015-06-20 21:38 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\Mozilla
2015-06-20 21:37 - 2015-06-20 21:38 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Mozilla
2015-06-20 21:37 - 2015-06-20 21:37 - 00001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-20 21:37 - 2015-06-20 21:37 - 00001166 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-20 21:37 - 2015-06-20 21:37 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-19 18:03 - 2015-06-19 18:03 - 00000548 _____ C:\Users\temhe_000\Desktop\World of Warships.lnk
2015-06-19 18:03 - 2015-06-19 18:03 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-06-16 19:45 - 2015-06-16 19:45 - 00000000 ____D C:\ProgramData\WarThunder
2015-06-13 10:08 - 2015-06-13 10:08 - 00000000 ____D C:\Users\rosem_000\AppData\Local\Adobe
2015-06-13 00:45 - 2015-06-13 00:45 - 00000998 _____ C:\Users\Public\Desktop\WTFast.lnk
2015-06-13 00:45 - 2015-06-13 00:45 - 00000000 ____D C:\Users\temhe_000\AppData\Local\AAA_Internet_Publishing,_
2015-06-13 00:45 - 2015-06-13 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast
2015-06-13 00:45 - 2015-06-13 00:45 - 00000000 ____D C:\Program Files (x86)\WTFast
2015-06-13 00:45 - 2015-04-08 15:15 - 00079464 _____ (Initex) C:\Windows\system32\WTFastDrv.dll
2015-06-13 00:45 - 2015-04-08 15:15 - 00072296 _____ (Initex) C:\Windows\SysWOW64\WTFastDrv.dll
2015-06-13 00:45 - 2015-04-08 15:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 23:02 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-13 22:36 - 2015-02-24 23:02 - 01761759 _____ C:\Windows\WindowsUpdate.log
2015-07-13 22:08 - 2015-05-02 19:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 21:28 - 2015-05-15 15:35 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\BitTorrent
2015-07-13 20:42 - 2015-02-25 10:18 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3E5ED26C-DD0F-461A-B7C6-2303AD0B0067}
2015-07-13 19:09 - 2014-03-18 20:03 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-13 18:45 - 2015-04-01 17:39 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\.minecraft
2015-07-13 18:40 - 2015-02-25 10:03 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1800742781-42368032-4135958153-1003
2015-07-13 18:34 - 2015-05-24 18:31 - 00007650 _____ C:\Users\temhe_000\AppData\Local\Resmon.ResmonCfg
2015-07-13 18:12 - 2014-06-12 13:09 - 00000000 ____D C:\ProgramData\Temp
2015-07-13 18:03 - 2014-06-12 13:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-13 18:03 - 2014-06-12 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2015-07-13 18:03 - 2014-06-12 13:09 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-07-13 17:33 - 2015-04-02 16:57 - 00000000 ___HD C:\TMRescueDisk
2015-07-13 14:15 - 2015-02-25 10:01 - 00000000 __RDO C:\Users\temhe_000\OneDrive
2015-07-10 23:08 - 2015-05-02 19:43 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-10 22:41 - 2013-08-23 01:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-10 22:08 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-07 07:24 - 2013-08-23 01:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-07 07:24 - 2013-08-23 01:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 22:48 - 2013-08-23 00:46 - 00073697 _____ C:\Windows\setupact.log
2015-07-05 18:52 - 2015-02-25 09:57 - 00000000 ____D C:\Users\temhe_000
2015-07-05 03:51 - 2015-04-14 13:15 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\Skype
2015-07-03 13:53 - 2015-05-02 19:43 - 00000000 ____D C:\Users\temhe_000\Documents\888poker
2015-07-03 04:28 - 2015-05-23 23:29 - 00000000 ____D C:\ProgramData\Origin
2015-07-02 21:51 - 2015-05-27 22:12 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-07-02 21:51 - 2015-05-27 22:12 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-07-02 00:53 - 2015-04-14 13:25 - 00000000 ____D C:\Users\temhe_000\Documents\Youcam
2015-06-30 18:27 - 2015-05-31 19:13 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\TS3Client
2015-06-29 18:38 - 2015-03-08 12:00 - 00000010 _____ C:\Users\temhe_000\AppData\Local\sponge.last.runtime.cache
2015-06-29 13:14 - 2015-05-31 19:14 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-06-29 10:55 - 2015-03-04 13:44 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Adobe
2015-06-23 16:56 - 2015-06-10 17:17 - 00000000 ____D C:\Users\temhe_000\Desktop\Movies
2015-06-23 16:37 - 2015-05-01 21:26 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1800742781-42368032-4135958153-1004
2015-06-23 16:22 - 2015-05-01 21:26 - 00000000 ____D C:\Users\rosem_000\OneDrive
2015-06-22 15:19 - 2015-02-25 11:08 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-06-20 21:42 - 2015-05-23 23:33 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Origin
2015-06-20 21:42 - 2015-05-23 23:29 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-06-20 21:38 - 2015-05-16 20:28 - 00000000 ____D C:\Users\temhe_000\AppData\Roaming\Raptr
2015-06-19 17:36 - 2013-08-22 23:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-19 17:34 - 2015-03-08 10:55 - 00003540 _____ C:\Windows\System32\Tasks\Trend Micro Inspect of Platinum
2015-06-19 17:34 - 2014-03-18 19:54 - 14425922 _____ C:\Windows\PFRO.log
2015-06-19 17:34 - 2013-08-23 00:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-19 17:34 - 2013-08-22 23:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-18 18:47 - 2015-05-12 20:50 - 00000000 ____D C:\Users\temhe_000\AppData\Local\WinZip
2015-06-16 20:14 - 2015-05-16 21:12 - 00000000 ____D C:\Users\temhe_000\AppData\Local\Warframe
2015-06-13 10:12 - 2015-05-01 21:29 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6F798860-9952-403E-8E6D-BF43F1019501}
2015-06-13 10:08 - 2015-05-01 21:17 - 00000000 ____D C:\Users\rosem_000\AppData\Roaming\Adobe
2015-06-13 09:54 - 2015-05-01 21:30 - 00000000 __SHD C:\Users\rosem_000\AppData\Local\EmieUserList
2015-06-13 09:54 - 2015-05-01 21:30 - 00000000 __SHD C:\Users\rosem_000\AppData\Local\EmieSiteList
2015-06-13 09:54 - 2015-05-01 21:30 - 00000000 __SHD C:\Users\rosem_000\AppData\Local\EmieBrowserModeList

==================== Files in the root of some directories =======

2015-03-05 04:42 - 2015-03-05 04:42 - 0000036 _____ () C:\Users\temhe_000\AppData\Local\housecall.guid.cache
2015-05-16 02:04 - 2015-05-16 02:04 - 0012633 _____ () C:\Users\temhe_000\AppData\Local\recently-used.xbel
2015-05-24 18:31 - 2015-07-13 18:34 - 0007650 _____ () C:\Users\temhe_000\AppData\Local\Resmon.ResmonCfg
2015-03-08 12:00 - 2015-06-29 18:38 - 0000010 _____ () C:\Users\temhe_000\AppData\Local\sponge.last.runtime.cache
2014-06-12 12:03 - 2014-06-12 12:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\rosem_000\AppData\Local\Temp\tmp5F0E.exe
C:\Users\temhe_000\AppData\Local\Temp\procexp64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

[Para]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by temhe_000 at 2015-07-13 23:06:45
Running from C:\Users\temhe_000\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1800742781-42368032-4135958153-500 - Administrator - Disabled)
Guest (S-1-5-21-1800742781-42368032-4135958153-501 - Limited - Disabled)
rosem_000 (S-1-5-21-1800742781-42368032-4135958153-1004 - Limited - Enabled) => C:\Users\rosem_000
temhe_000 (S-1-5-21-1800742781-42368032-4135958153-1003 - Administrator - Enabled) => C:\Users\temhe_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Maximum Security (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Maximum Security (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

888poker (HKLM-x32\...\888poker) (Version:  - )
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Alliance of Valiant Arms (HKLM-x32\...\Alliance of Valiant Arms) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BitTorrent (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
CyberLink Power2Go 7 (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3328 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9729 - CyberLink Corp.)
CyberLink YouCam 3.1 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.29 - Dropbox, Inc.) Hidden
Farming Simulator 15 (HKLM-x32\...\FarmingSimulator2015INT_is1) (Version: 1.2.0.0 - GIANTS Software)
GIANTS Editor 6.0.3 64-bit (HKLM-x32\...\giants_editor_6.0.3_win64_is1) (Version: 6.0.3 - GIANTS Software GmbH)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1800742781-42368032-4135958153-1004\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.86.89.0 - Overwolf Ltd.)
PlanetSide 2 (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7154 - Realtek Semiconductor Corp.)
Security Task Manager 2.1 (HKLM-x32\...\Security Task Manager) (Version: 2.1 - Neuber Software)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\Steam App 323370) (Version:  - En Masse Entertainment)
Trend Micro DirectPass (Version: 1.9.0.1094 - Trend Micro Inc.) Hidden
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.1176 - Trend Micro Inc.)
Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden
Trove North America (HKLM-x32\...\Glyph Trove North America) (Version:  - Trion Worlds, Inc.)
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
War Thunder Launcher 1.0.1.530 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Warframe (HKLM-x32\...\{6D431C84-968F-4665-9BA4-A6087D8FB5B9}) (Version: 1.0.0 - Digital Extremes)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.6.464 - Initex & AAA Internet Publishing)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1800742781-42368032-4135958153-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\FileSyncApi64.dll No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-1800742781-42368032-4135958153-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\FileSyncApi64.dll No Fi (the data entry has 2 more characters).

==================== Restore Points =========================

25-06-2015 16:16:24 Scheduled Checkpoint
02-07-2015 15:01:18 Installed VirtualDJ 8
10-07-2015 22:41:30 Windows Update
13-07-2015 16:17:01 Uninstall "Casino.com"

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {393AEA18-38C0-4AE1-8BC1-ECFFA9C5667D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {3DDEEBA7-3208-4B47-BD0A-AD191369FCF0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)
Task: {49F7313C-2BDA-486E-B96B-D58DD94DAC6E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-05] (Dropbox, Inc.)
Task: {7C2C1D91-F4A2-44D6-9FA1-637B27EA1B7B} - \Microsoft OneDrive Auto Update Task-S-1-5-21-1800742781-42368032-4135958153-500 No Task File <==== ATTENTION
Task: {88555C9B-BA38-4C45-A9CF-3837AE953384} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe [2015-05-04] (Trend Micro Inc.)
Task: {B127009B-0E53-493B-B340-C6D642D2099B} - System32\Tasks\{A04C9703-9FFD-4A70-83E0-2769C96852C1} => pcalua.exe -a C:\Users\temhe_000\AppData\Local\Casino.com\internalCasinoSetupUninstall1435299124951_na_en.exe -c  /executeuninstall /trafficsource='533969' /profile='18' /userid='DDFE5A7275C04814AEE75D91A116DE77' /skinid='casinocom_new_notif' /fallbackfolder=''
Task: {DF74DD28-A6B9-4D73-B578-9A3CC27E58DD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {EE30C1E0-0F2F-4E1E-90AE-3DB8897305B9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-05] (Dropbox, Inc.)
Task: {F18ACDF8-4C43-458C-8353-E693C580E382} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-10] (Adobe Systems Incorporated)
Task: {F73ADBB8-71B7-42EB-ADC3-23214A8363F6} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-06-21] (Overwolf LTD)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 

[Psychotic]

FRST.txt is good, but you need to post the complete addition.txt as well

[Para]

this is every that has been saved in addition.txt file but both files were deleted my trendmicro and i had to restore to get them back i dont know if addition was cut for some reason. sorry by the way

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by temhe_000 at 2015-07-13 23:06:45
Running from C:\Users\temhe_000\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1800742781-42368032-4135958153-500 - Administrator - Disabled)
Guest (S-1-5-21-1800742781-42368032-4135958153-501 - Limited - Disabled)
rosem_000 (S-1-5-21-1800742781-42368032-4135958153-1004 - Limited - Enabled) => C:\Users\rosem_000
temhe_000 (S-1-5-21-1800742781-42368032-4135958153-1003 - Administrator - Enabled) => C:\Users\temhe_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Maximum Security (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Maximum Security (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

888poker (HKLM-x32\...\888poker) (Version:  - )
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Alliance of Valiant Arms (HKLM-x32\...\Alliance of Valiant Arms) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BitTorrent (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
CyberLink Power2Go 7 (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3328 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9729 - CyberLink Corp.)
CyberLink YouCam 3.1 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.29 - Dropbox, Inc.) Hidden
Farming Simulator 15 (HKLM-x32\...\FarmingSimulator2015INT_is1) (Version: 1.2.0.0 - GIANTS Software)
GIANTS Editor 6.0.3 64-bit (HKLM-x32\...\giants_editor_6.0.3_win64_is1) (Version: 6.0.3 - GIANTS Software GmbH)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1800742781-42368032-4135958153-1004\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.86.89.0 - Overwolf Ltd.)
PlanetSide 2 (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7154 - Realtek Semiconductor Corp.)
Security Task Manager 2.1 (HKLM-x32\...\Security Task Manager) (Version: 2.1 - Neuber Software)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\Steam App 323370) (Version:  - En Masse Entertainment)
Trend Micro DirectPass (Version: 1.9.0.1094 - Trend Micro Inc.) Hidden
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.1176 - Trend Micro Inc.)
Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden
Trove North America (HKLM-x32\...\Glyph Trove North America) (Version:  - Trion Worlds, Inc.)
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
War Thunder Launcher 1.0.1.530 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Warframe (HKLM-x32\...\{6D431C84-968F-4665-9BA4-A6087D8FB5B9}) (Version: 1.0.0 - Digital Extremes)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-1800742781-42368032-4135958153-1003\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.6.464 - Initex & AAA Internet Publishing)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1800742781-42368032-4135958153-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\FileSyncApi64.dll No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-1800742781-42368032-4135958153-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\FileSyncApi64.dll No Fi (the data entry has 2 more characters).

==================== Restore Points =========================

25-06-2015 16:16:24 Scheduled Checkpoint
02-07-2015 15:01:18 Installed VirtualDJ 8
10-07-2015 22:41:30 Windows Update
13-07-2015 16:17:01 Uninstall "Casino.com"

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {393AEA18-38C0-4AE1-8BC1-ECFFA9C5667D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {3DDEEBA7-3208-4B47-BD0A-AD191369FCF0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)
Task: {49F7313C-2BDA-486E-B96B-D58DD94DAC6E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-05] (Dropbox, Inc.)
Task: {7C2C1D91-F4A2-44D6-9FA1-637B27EA1B7B} - \Microsoft OneDrive Auto Update Task-S-1-5-21-1800742781-42368032-4135958153-500 No Task File <==== ATTENTION
Task: {88555C9B-BA38-4C45-A9CF-3837AE953384} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe [2015-05-04] (Trend Micro Inc.)
Task: {B127009B-0E53-493B-B340-C6D642D2099B} - System32\Tasks\{A04C9703-9FFD-4A70-83E0-2769C96852C1} => pcalua.exe -a C:\Users\temhe_000\AppData\Local\Casino.com\internalCasinoSetupUninstall1435299124951_na_en.exe -c  /executeuninstall /trafficsource='533969' /profile='18' /userid='DDFE5A7275C04814AEE75D91A116DE77' /skinid='casinocom_new_notif' /fallbackfolder=''
Task: {DF74DD28-A6B9-4D73-B578-9A3CC27E58DD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {EE30C1E0-0F2F-4E1E-90AE-3DB8897305B9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-05] (Dropbox, Inc.)
Task: {F18ACDF8-4C43-458C-8353-E693C580E382} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-10] (Adobe Systems Incorporated)
Task: {F73ADBB8-71B7-42EB-ADC3-23214A8363F6} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-06-21] (Overwolf LTD)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 

[Psychotic]

Please deactivate your Trendmicro, rescan with FRST (create a new addition.txt as well) and attach both files.

When finished, run the scan with aswMBR as instructed and attach the log, too.

 

Reactivate Trendmicro, when ready.

[Para]

All .txt files from scans

FRST.txt

aswMBR.txt

Addition.txt

[Psychotic]

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Trend Micro Maximum Security or Windows Defender
.

 

 

 

 

Going over your logs I noticed that you have BitTorrent installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
• They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
• Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
• The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

• Download the attached fixlist.txt and save it to the location where FRST is saved to.
• Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

• If not existing, please download Malwarebytes Anti-Malware to your desktop.
• Double-click the downloaded setup file and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

 

 

 

fixlist.txt

[Para]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14/07/2015
Scan Time: 6:52 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.14.02
Rootkit Database: v2015.07.10.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: temhe_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388349
Time Elapsed: 6 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 22
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork, Quarantined, [dcceab36533764d2a5dec83a6b98b64a],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [cddd964ba0ea62d4df45d73dde25a45c],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [1f8b5d84aae057dfa603de6cce356b95],
PUP.Optional.KeyFind.A, HKLM\SOFTWARE\WOW6432NODE\key-findSoftware, Quarantined, [8525bc256129003639338d8005fe8d73],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [e5c5f9e8f9919d9942bdde9a5ea60ef2],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, Quarantined, [abffd20fcbbfbb7b6f715fb1d62d47b9],
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [f3b7c61b553587aff9af335e58ac24dc],
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, Quarantined, [3b6ff3ee0b7f310570397b16ba4ae11f],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [d3d72fb2296140f67196ac62cc37fc04],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [2783de037e0c37ff8e7848c6e71cd22e],
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [2585c120f09acb6b0c7edd3ea45f867a],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [9614d60bb9d1cc6a9a6b19f547bc9070],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{4ef60154}, Quarantined, [cae0e5fccdbd92a420e891fd5da7af51],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, [4d5d578adfab88aef6060422946f6d93],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [4763de0352383ff715bc99844db6d32d],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [901a4b9679116ccaced9fa970ff5946c],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-1800742781-42368032-4135958153-1003\SOFTWARE\HomeTab, Quarantined, [c0ea558ca7e368ce559dfd38976c649c],
PUP.Optional.InstallCore.C, HKU\S-1-5-21-1800742781-42368032-4135958153-1003\SOFTWARE\InstallCore, Quarantined, [1a908e536c1e48ee5053058cf60e659b],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1800742781-42368032-4135958153-1003\SOFTWARE\SearchProtectWS, Quarantined, [2e7c0cd5098195a153b69876986be21e],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1800742781-42368032-4135958153-1003\SOFTWARE\WajIntEnhance, Quarantined, [3f6bc71abdcd60d65d84da3690735ea2],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-1800742781-42368032-4135958153-1003\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [ecbe8859ddadeb4b3176d6bb3dc703fd],
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-1800742781-42368032-4135958153-1003\SOFTWARE\OPTIMIZER PRO, Quarantined, [6d3dc819cfbbca6cb99e296650b4d52b],

Registry Values: 2
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, Quarantined, [4d5d578adfab88aef6060422946f6d93]
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-1800742781-42368032-4135958153-1003\SOFTWARE\OPTIMIZER PRO|AdsBuyNowURL, http://www.safeshopgate.com/r?s=121000600&g=B5B0D722-954D-618E-AAC1-C0891E1FCA7B, Quarantined, [6d3dc819cfbbca6cb99e296650b4d52b]

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.OptimizerPro.A, C:\Users\temhe_000\Documents\Optimizer Pro, Quarantined, [d2d86a774c3e40f64c09e8a79c68c23e],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, [fab03ba6642637ff3eb32ab7c73b0000],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [fab03ba6642637ff3eb32ab7c73b0000],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarantined, [fcae7b66afdb01351bdc42b30bf74fb1],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarantined, [fcae7b66afdb01351bdc42b30bf74fb1],

Files: 3
PUP.Optional.OptimizerPro.A, C:\Users\temhe_000\Documents\Optimizer Pro\CookiesException.txt, Quarantined, [d2d86a774c3e40f64c09e8a79c68c23e],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [fab03ba6642637ff3eb32ab7c73b0000],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, Quarantined, [fcae7b66afdb01351bdc42b30bf74fb1],

Physical Sectors: 0
(No malicious items detected)


(end)

Fixlog.txt

[Psychotic]

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[Para]

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe    a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll    a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe    a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe    a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe    a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe    a variant of Win32/Systweak.L potentially unwanted application
 

[Psychotic]

These files aren´t malware but contain ecurity risks,  I´d delete the relevant program immediately - your choice.

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
• Hit Clean
• When the run is finished, it will open up a text file
• Please post its contents within your next reply
• You´ll find the log file at C:\AdwCleaner[s1].txt also
  

Delete junk with JRT

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.
  

SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.
  

[Para]

There was no [s1].txt (only [s0] & [R0] i was not shure and added them as attachment

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.7 (07.13.2015:1)
OS: Windows 8.1 x64
Ran by temhe_000 on Tue 14/07/2015 at 22:07:53.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\temhe_000\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin



~~~ FireFox

Emptied folder: C:\Users\temhe_000\AppData\Roaming\mozilla\firefox\profiles\7cdpjbag.default\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 14/07/2015 at 22:09:21.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AdwCleanerR0.txt

AdwCleanerS0.txt

[Para]

 Results of screen317's Security Check version 1.005  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Trend Micro Maximum Security   
Windows Defender               
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 45  
 Adobe Flash Player     18.0.0.203  
 Adobe Reader XI  
 Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro Titanium plugin Pt\PtSvcHost.exe
 Trend Micro Titanium plugin Pt\PtWatchDog.exe
 Trend Micro TMIDS PwmSvc.exe  
 Trend Micro Titanium plugin Pt\PtSessionAgent.exe
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

[Psychotic]

Are any problems left now or may I post the final reply?

[Para]

i am still having the same issue cpu is really high unless task manager is open

[Psychotic]

Please download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• If any threats are found, don´t click the Cleanup button - rather save the log and post it up in your topic.
  

[Para]

Scan Finished: No malware found!

[Para]

i have been uninstalling everything that you recomended aswell as a few other programs and deleting junk files after a reboot the problem seems to have stopped, I have speccy and process explorer running to monitor whats happening on the computer and all seems fine, but im not shure what has caused it to stop, i feel that this topic can be closed and if i have any more issues i will be back in touch.

 

thank you so much for your help i dont think i would have solved this problem with out you, well havnt really solved anything because i dont know what stopped it lol, im putting in a donation after this post for all help you have given me and other's.

[Psychotic]

You´re welcome!

 

 

Recommendations: How to protect yourself

• System Updates
  Please ensure to have automatic updates activated in your control panel.
  For further information and a tutorial, see this Microsoft Support article.
• Protection
  What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
  Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
  
  • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
    It will filter unwanted advertising out of the website´s content.
  • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
    It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
    In addition, before accessing a dangerous classified web site, a warning screen is displayed.
    

  
  [*]Up to date Software
  Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
  

  • Secunia Personal Software Inspector - checks if your software has updates available.
  • SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser.
    

  [*]Backup
  Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
  The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
  

  • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
  • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
  • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
    

  
  
  

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!