Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BOO/Cidox.B virus on my computer. Help!


  • This topic is locked This topic is locked
5 replies to this topic

#1 benrc17

benrc17

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 26 May 2014 - 12:54 AM

Hi, since the past 24 hours my laptop keeps receiving security alerts from Avira antivirus on a virus called BOO/Cidox.B.. I tried manual fix by following instructions posted on many sites but still fail to remove the issue. My laptop is functioning really slow since it got infected. other than the cidox I also sometimes receive alerts on TR/Kazy.385756 .. I read on some of the forums which mentioned about using kaspersky TDSS killer but I don't know where to start. Can somebody help me?



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 28 May 2014 - 05:38 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 benrc17

benrc17
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 28 May 2014 - 02:48 PM

Hi, thank you for reaching. 

 

Here is the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by user (administrator) on USER-PC on 28-05-2014 15:43:30
Running from C:\Users\user\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\Run: [Facebook Update] => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-06] (Facebook Inc.)
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-09] (Google Inc.)
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\MountPoints2: {4caf46db-d95b-11e1-9267-0008cacc33cb} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\MountPoints2: {5a946db8-ba43-11e2-b470-001e101f1ca3} - H:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\MountPoints2: {5cdcc5dc-b976-11e2-9c03-0008cacc33cb} - F:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\MountPoints2: {5cdcc5ea-b976-11e2-9c03-0008cacc33cb} - F:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\MountPoints2: {7b2a185f-dbe8-11e2-ab4a-0008cacc33cb} - F:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\MountPoints2: {94bc59ed-9cb5-11e3-b296-0008cacc33cb} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\MountPoints2: {d9d71f50-e478-11e1-8298-0008cacc33cb} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\MountPoints2: {efe52d14-e847-11e2-87bd-0008cacc33cb} - F:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\MountPoints2: {efe52d34-e847-11e2-87bd-0008cacc33cb} - F:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1000\...\MountPoints2: {efe52d52-e847-11e2-87bd-0008cacc33cb} - F:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-4250529003-396123966-962534335-1001\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1001\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1001\...\MountPoints2: {4caf46db-d95b-11e1-9267-0008cacc33cb} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-4250529003-396123966-962534335-1001\...\MountPoints2: {5a946db8-ba43-11e2-b470-001e101f1ca3} - H:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1001\...\MountPoints2: {5cdcc5dc-b976-11e2-9c03-0008cacc33cb} - F:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1001\...\MountPoints2: {5cdcc5ea-b976-11e2-9c03-0008cacc33cb} - F:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1001\...\MountPoints2: {7b2a185f-dbe8-11e2-ab4a-0008cacc33cb} - F:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1001\...\MountPoints2: {94bc59ed-9cb5-11e3-b296-0008cacc33cb} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4250529003-396123966-962534335-1001\...\MountPoints2: {d9d71f50-e478-11e1-8298-0008cacc33cb} - G:\unlock.exe autoplay=true
HKU\S-1-5-21-4250529003-396123966-962534335-1001\...\MountPoints2: {efe52d14-e847-11e2-87bd-0008cacc33cb} - F:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1001\...\MountPoints2: {efe52d34-e847-11e2-87bd-0008cacc33cb} - F:\AutoRun.exe
HKU\S-1-5-21-4250529003-396123966-962534335-1001\...\MountPoints2: {efe52d52-e847-11e2-87bd-0008cacc33cb} - F:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241984 2011-10-16] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~3\browse~2\261095~1.52\{c16c1~1\browse~1.dll => "c:\progra~3\browse~2\261095~1.52\{c16c1~1\browse~1.dll" File Not Found
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpage.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10214&bi=400
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=10214&bi=400
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={FC5B977D-3514-400B-AA1D-61AE3BDE3DF0}&mid=45ebac51fb4d47d28cfcd1418c28da38-fd9a1ff5d28b6705064eacd3da3619ffb4c03a96&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2014-04-16 03:17:48&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.chatzum.com/?q={SearchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.autocompletepro.com/?si=10214&bi=400&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6R90ClD534&loc=skw&search={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} -  No File
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\JAVA\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\JAVA\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 166.102.165.11 166.102.165.13
Tcpip\..\Interfaces\{4FD45285-C148-43A9-8BBD-751D29C49F49}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6BFF86AB-6190-4D55-B9D1-B6FA807B35D9}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A2936438-CD1B-4030-8954-63447C6ABD2E}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{E2CEB5C3-51A0-4B21-B411-A35754D3DA4B}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{ED04FFDA-DA77-4FFE-BDA9-465E5C8C42CF}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6biuy0ob.default
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.1: Search the web (Babylon)
FF SelectedSearchEngine: search
FF Homepage: hxxp://mysearch.avg.com?cid={FC5B977D-3514-400B-AA1D-61AE3BDE3DF0}&mid=45ebac51fb4d47d28cfcd1418c28da38-fd9a1ff5d28b6705064eacd3da3619ffb4c03a96&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2014-04-16 03:17:48&v=18.0.5.292&pid=safeguard&sg=&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF Homepage: hxxp://startpage.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - D:\JAVA\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - D:\JAVA\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Users\user\Documents\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6biuy0ob.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6biuy0ob.default\searchplugins\BabylonMngr.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6biuy0ob.default\searchplugins\chatzum.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6biuy0ob.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6biuy0ob.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: General Crawler - C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-08-20]
FF Extension: LAV Splitter Properties - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6biuy0ob.default\Extensions\{A18F3AD4-4F36-2E9A-A9B6-DE043824A41E} [2014-05-26]
FF Extension: Wired-Marker - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6biuy0ob.default\Extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} [2013-03-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ []
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-10]
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.512
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.512 [2014-05-08]
FF HKCU\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
 
Chrome: 
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-20]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2014-05-20]
CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Surf Canyon\surfcanyon.crx [2014-05-20]
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\user\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2012-08-20]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-08-20]
CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx [2012-08-20]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-10-10]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-08-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\user\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx [2014-04-11]
CHR StartMenuInternet: Google Chrome - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S4 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S4 vToolbarUpdater18.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-08] (AVG Secure Search)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S4 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-28] (Atheros)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-08] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 GGSAFERDriver; \??\C:\Users\user\Documents\Garena Plus\Room\safedrv.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-28 15:43 - 2014-05-28 15:44 - 00029274 _____ () C:\Users\user\Downloads\FRST.txt
2014-05-28 15:43 - 2014-05-28 15:43 - 00000000 ____D () C:\FRST
2014-05-28 15:42 - 2014-05-28 15:42 - 02066944 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-05-28 01:05 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-28 01:05 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-28 01:05 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-28 01:05 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-28 01:04 - 2014-05-28 01:05 - 00004065 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-28 01:02 - 2014-05-28 01:02 - 00921512 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u55.exe
2014-05-28 01:00 - 2014-05-28 01:00 - 00229168 _____ (Fusion Install ) C:\Users\user\Downloads\Setup.exe
2014-05-27 17:58 - 2014-05-27 17:58 - 00000000 _____ () C:\Windows\SysWOW64\shoB368.tmp
2014-05-27 17:03 - 2014-05-27 17:03 - 00000000 ____D () C:\Users\user\Downloads\tdsskiller tool (cidox remover)
2014-05-27 17:02 - 2014-05-27 17:03 - 00000000 ____D () C:\Users\user\Downloads\vba anti rootkit tool
2014-05-27 12:44 - 2014-05-27 12:44 - 00000144 _____ () C:\Windows\SysWOW64\Avira.OE.ServiceHost.log
2014-05-26 11:52 - 2014-05-26 11:53 - 00000000 ____D () C:\Users\user\AppData\Local\URmedia
2014-05-26 03:11 - 2014-05-26 03:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-26 01:19 - 2014-05-26 01:28 - 636341008 _____ (Avira GmbH) C:\Users\user\Downloads\rescue-system.exe
2014-05-25 16:57 - 2014-05-25 16:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\Avira
2014-05-25 16:49 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-25 16:49 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-25 16:49 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-25 16:31 - 2014-05-25 16:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\user\Desktop\PHIL 010
2014-05-24 23:48 - 2014-05-24 23:48 - 00000000 _____ () C:\Windows\SysWOW64\shoE48B.tmp
2014-05-22 21:40 - 2014-05-22 21:40 - 00000000 ____D () C:\Users\user\Desktop\CAS 100A
2014-05-18 23:17 - 2014-05-18 23:30 - 00000000 ____D () C:\Users\user\Downloads\www.torrenting.com - Game of Thrones S04E07 HDTV XviD-FUM
2014-05-18 23:09 - 2014-05-18 23:09 - 09332956 _____ () C:\Users\user\AppData\Roaming\USER-PC.exe
2014-05-18 22:10 - 2014-05-25 09:46 - 00000000 ____D () C:\Users\user\Downloads\Game of Thrones S04E07 HDTV x264-KILLERS.mp4
2014-05-15 18:30 - 2014-05-15 18:31 - 00000000 ____D () C:\Users\user\Downloads\Arrow S02E23 HDTV x264-LOL[ettv]
2014-05-15 18:19 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 18:19 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 18:19 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 18:19 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 18:19 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 18:19 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 18:08 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 18:08 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 18:08 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 18:08 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 18:07 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 18:07 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 18:07 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 18:07 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 18:07 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 18:07 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 18:07 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 18:07 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 18:07 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 18:07 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 18:07 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 18:07 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 18:07 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 18:07 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 18:07 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 18:07 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 18:07 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 18:07 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 18:07 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 18:07 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 18:07 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 18:07 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 18:07 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 18:07 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 18:07 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 18:07 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 18:07 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 18:07 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 18:07 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 18:07 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 18:07 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 18:07 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 18:07 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 18:07 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 18:07 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 18:07 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 18:07 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 18:07 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 18:07 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 18:07 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 18:07 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-11 22:23 - 2014-05-11 22:24 - 00000000 ____D () C:\Users\user\Downloads\Game.of.Thrones.S04E06.HDTV.XviD-RARBG
2014-05-08 23:56 - 2014-05-08 23:56 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-05-08 03:14 - 2014-05-08 03:14 - 00000000 _____ () C:\Windows\SysWOW64\sho5155.tmp
2014-05-06 02:12 - 2014-05-15 20:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-04 22:20 - 2014-05-04 22:32 - 00000000 ____D () C:\Users\user\Downloads\Game.of.Thrones.S04E05.HDTV.x264-KILLERS[rarbg]
2014-04-30 22:45 - 2014-04-30 23:32 - 00000000 ____D () C:\Users\user\Downloads\www.Torrenting.com - Arrow.S02E21.HDTV.XviD-AFG
2014-04-28 00:06 - 2014-04-28 00:19 - 00000000 ____D () C:\Users\user\Downloads\Game of Thrones S04E04 HDTV x264 [VectoR & DexzAery]
2014-04-28 00:05 - 2014-05-25 09:46 - 00000000 __SHD () C:\Users\user\AppData\Roaming\USER-PC
2014-04-28 00:03 - 2014-04-28 00:03 - 02827580 _____ () C:\Users\user\AppData\Roaming\user.exe
 
==================== One Month Modified Files and Folders =======
 
2014-05-28 15:44 - 2014-05-28 15:43 - 00029274 _____ () C:\Users\user\Downloads\FRST.txt
2014-05-28 15:43 - 2014-05-28 15:43 - 00000000 ____D () C:\FRST
2014-05-28 15:42 - 2014-05-28 15:42 - 02066944 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-05-28 15:42 - 2014-03-10 04:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 15:40 - 2012-09-09 05:04 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001UA.job
2014-05-28 15:28 - 2012-03-12 10:26 - 01985977 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 15:17 - 2012-09-04 23:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 15:17 - 2012-08-06 10:29 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001UA.job
2014-05-28 02:12 - 2012-10-25 22:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify
2014-05-28 01:07 - 2013-09-11 12:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-28 01:05 - 2014-05-28 01:04 - 00004065 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-28 01:02 - 2014-05-28 01:02 - 00921512 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u55.exe
2014-05-28 01:00 - 2014-05-28 01:00 - 00229168 _____ (Fusion Install ) C:\Users\user\Downloads\Setup.exe
2014-05-28 00:17 - 2013-01-18 16:26 - 00096283 _____ () C:\Windows\setupact.log
2014-05-27 23:40 - 2012-09-09 05:04 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001Core.job
2014-05-27 22:34 - 2012-08-06 10:29 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001Core.job
2014-05-27 21:50 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 21:50 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 21:42 - 2014-03-10 04:14 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 21:42 - 2012-10-10 02:10 - 00003336 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4250529003-396123966-962534335-1001
2014-05-27 21:42 - 2012-10-10 02:10 - 00003200 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4250529003-396123966-962534335-1001
2014-05-27 21:42 - 2012-07-21 22:50 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-05-27 21:42 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 21:26 - 2013-02-05 13:06 - 00000000 ____D () C:\Windows\pss
2014-05-27 21:26 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 21:20 - 2012-03-12 10:44 - 00002762 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-05-27 20:21 - 2009-07-14 01:08 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-27 17:58 - 2014-05-27 17:58 - 00000000 _____ () C:\Windows\SysWOW64\shoB368.tmp
2014-05-27 17:56 - 2013-07-25 04:45 - 00000000 ____D () C:\Users\user\Desktop\unrelated
2014-05-27 17:04 - 2012-07-30 12:19 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2014-05-27 17:03 - 2014-05-27 17:03 - 00000000 ____D () C:\Users\user\Downloads\tdsskiller tool (cidox remover)
2014-05-27 17:03 - 2014-05-27 17:02 - 00000000 ____D () C:\Users\user\Downloads\vba anti rootkit tool
2014-05-27 14:47 - 2012-07-29 00:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\Adobe
2014-05-27 12:44 - 2014-05-27 12:44 - 00000144 _____ () C:\Windows\SysWOW64\Avira.OE.ServiceHost.log
2014-05-27 04:05 - 2013-09-14 01:47 - 00000000 ____D () C:\Program Files\Steam
2014-05-26 23:54 - 2012-10-25 22:11 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify
2014-05-26 11:53 - 2014-05-26 11:52 - 00000000 ____D () C:\Users\user\AppData\Local\URmedia
2014-05-26 03:11 - 2014-05-26 03:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-26 02:16 - 2012-07-21 22:51 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 01:28 - 2014-05-26 01:19 - 636341008 _____ (Avira GmbH) C:\Users\user\Downloads\rescue-system.exe
2014-05-25 21:35 - 2012-03-12 10:44 - 00001761 _____ () C:\Windows\system32\ServiceFilter.ini
2014-05-25 21:34 - 2011-10-18 17:51 - 00373688 _____ () C:\Windows\PFRO.log
2014-05-25 16:57 - 2014-05-25 16:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\Avira
2014-05-25 16:50 - 2013-08-19 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-25 16:45 - 2014-05-25 16:31 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-25 16:45 - 2012-07-29 00:50 - 00000000 ____D () C:\ProgramData\Avira
2014-05-25 16:30 - 2014-04-16 15:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\user\Desktop\PHIL 010
2014-05-25 09:46 - 2014-05-18 22:10 - 00000000 ____D () C:\Users\user\Downloads\Game of Thrones S04E07 HDTV x264-KILLERS.mp4
2014-05-25 09:46 - 2014-04-28 00:05 - 00000000 __SHD () C:\Users\user\AppData\Roaming\USER-PC
2014-05-25 09:45 - 2014-04-27 22:09 - 00000000 ____D () C:\Users\user\Downloads\Game.of.Thrones.S04E04.HDTV.x264-LOL.mp4
2014-05-24 23:48 - 2014-05-24 23:48 - 00000000 _____ () C:\Windows\SysWOW64\shoE48B.tmp
2014-05-24 23:47 - 2013-03-26 16:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-05-24 14:42 - 2009-07-14 01:13 - 00883394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-24 12:36 - 2012-07-29 09:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\TeraCopy
2014-05-22 21:40 - 2014-05-22 21:40 - 00000000 ____D () C:\Users\user\Desktop\CAS 100A
2014-05-19 17:46 - 2013-12-21 04:41 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-05-19 00:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-18 23:30 - 2014-05-18 23:17 - 00000000 ____D () C:\Users\user\Downloads\www.torrenting.com - Game of Thrones S04E07 HDTV XviD-FUM
2014-05-18 23:09 - 2014-05-18 23:09 - 09332956 _____ () C:\Users\user\AppData\Roaming\USER-PC.exe
2014-05-16 00:01 - 2013-03-27 16:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 23:56 - 2012-07-21 22:51 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 20:12 - 2014-05-06 02:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 18:31 - 2014-05-15 18:30 - 00000000 ____D () C:\Users\user\Downloads\Arrow S02E23 HDTV x264-LOL[ettv]
2014-05-15 18:19 - 2012-07-29 00:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 18:17 - 2013-07-13 02:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 18:15 - 2012-08-04 03:00 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 17:47 - 2012-09-04 23:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 17:47 - 2012-09-04 23:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 17:47 - 2012-09-04 23:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-11 22:24 - 2014-05-11 22:23 - 00000000 ____D () C:\Users\user\Downloads\Game.of.Thrones.S04E06.HDTV.XviD-RARBG
2014-05-09 17:15 - 2012-07-29 00:34 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-09 11:16 - 2014-05-25 16:49 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-09 11:16 - 2014-05-25 16:49 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-09 11:16 - 2014-05-25 16:49 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-09 02:14 - 2014-05-14 18:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-14 18:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-09 00:00 - 2014-04-16 03:17 - 00000000 ____D () C:\Users\user\AppData\Local\AVG SafeGuard toolbar
2014-05-08 23:57 - 2014-04-16 03:17 - 00003754 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-05-08 23:56 - 2014-05-08 23:56 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-05-08 23:56 - 2014-04-16 03:17 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-05-08 23:56 - 2014-04-16 03:17 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-05-08 03:14 - 2014-05-08 03:14 - 00000000 _____ () C:\Windows\SysWOW64\sho5155.tmp
2014-05-07 19:37 - 2014-03-10 04:14 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 19:36 - 2014-03-10 04:14 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 23:35 - 2012-09-09 05:04 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001UA
2014-05-06 23:35 - 2012-09-09 05:04 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001Core
2014-05-06 00:40 - 2014-05-15 18:19 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-15 18:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-15 18:19 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-15 18:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-15 18:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-15 18:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 22:32 - 2014-05-04 22:20 - 00000000 ____D () C:\Users\user\Downloads\Game.of.Thrones.S04E05.HDTV.x264-KILLERS[rarbg]
2014-04-30 23:32 - 2014-04-30 22:45 - 00000000 ____D () C:\Users\user\Downloads\www.Torrenting.com - Arrow.S02E21.HDTV.XviD-AFG
2014-04-28 00:19 - 2014-04-28 00:06 - 00000000 ____D () C:\Users\user\Downloads\Game of Thrones S04E04 HDTV x264 [VectoR & DexzAery]
2014-04-28 00:03 - 2014-04-28 00:03 - 02827580 _____ () C:\Users\user\AppData\Roaming\user.exe
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\AVGTBInstall.exe
C:\Users\user\AppData\Local\Temp\Checkupdate.exe
C:\Users\user\AppData\Local\Temp\EAD5002.exe
C:\Users\user\AppData\Local\Temp\EAD698B.exe
C:\Users\user\AppData\Local\Temp\EAD9E03.exe
C:\Users\user\AppData\Local\Temp\EAD9E60.exe
C:\Users\user\AppData\Local\Temp\EADC245.exe
C:\Users\user\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\user\AppData\Local\Temp\gcapi_dll.dll
C:\Users\user\AppData\Local\Temp\gtapi_signed.dll
C:\Users\user\AppData\Local\Temp\himkrskf.exe
C:\Users\user\AppData\Local\Temp\htmlayout.dll
C:\Users\user\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\nsa14EE.tmp.exe
C:\Users\user\AppData\Local\Temp\oi_{C4737936-F02A-4F77-8280-7B52425BA707}.exe
C:\Users\user\AppData\Local\Temp\safeguard.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\ubi5B9D.tmp.exe
C:\Users\user\AppData\Local\Temp\UninstallEADM.dll
C:\Users\user\AppData\Local\Temp\_isF145.exe
C:\Users\user\AppData\Local\Temp\{87B12D7C-9C1A-4918-85FA-8EE34A7E65D4}.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-19 00:36
 
==================== End Of Log ============================
 
 
and here is the Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by user at 2014-05-28 15:45:12
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.0.29972 - BitTorrent Inc.)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.2.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0012 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.48 - ASUS)
ASUS Sonic Focus (HKLM-x32\...\{B0002707-4F7E-4745-88A7-852DA8A88635}) (Version: 1.0.0.5 - Synopsys )
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0035 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.23 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.103 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.5.512 - AVG Technologies)
Avira (HKLM-x32\...\{68e29fba-92b1-4f6f-a604-1d8679da3a9f}) (Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Bootstrapper (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CSI-Hard Evidence (HKLM-x32\...\{FC1C2427-5954-451C-9ED8-A92D48ED7E07}) (Version: 1.1 - Telltale Games)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0720 - CyberLink Corp.)
CyberLink YouCam 5 (x32 Version: 5.0.0720 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
ETDWare PS/2-X64 8.0.5.5_WHQL (HKLM\...\Elantech) (Version: 8.0.5.5 - ELAN Microelectronic Corp.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM-x32\...\Game Park Console) (Version: 1.2.4.431 - Oberon Media Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HHD Software Hex Editor 3.10 (HKLM-x32\...\{96DB0658-F44A-4899-BBD3-29261B18AE93}) (Version: 3.10.0.0000 - HHD Software)
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{8A3C3FD1-25E6-45D5-B1A6-6A5174A2D012}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.1.6 - ASUS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.9.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.9.5 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minitab 16 (HKLM-x32\...\Minitab16) (Version: 16.2.1 - Minitab, Inc.)
Minitab16 (x32 Version: 16.2.1.0 - Minitab Inc) Hidden
Minitab16 (x32 Version: 16.2.1.0 - Minitab, Inc.) Hidden
Mozilla Firefox 21.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
MpcStar 5.4 (HKLM-x32\...\MpcStar) (Version: 5.4 - www.mpcstar.com)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA Control Panel 285.64 (Version: 285.64 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.64 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.5.20 (Version: 1.5.20 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.5.20 - NVIDIA Corporation) Hidden
One-Click Video to MP4 Converter (HKLM-x32\...\One-Click Video to MP4 Converter) (Version: 1.0 - Polaris-Software.com)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.3023 - ooVoo LLC.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6642 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
SecureW2 Enterprise Client 3.5.9 (HKLM-x32\...\SecureW2 Enterprise Client) (Version:  - )
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic the Hedgehog 4 - Episode II © SEGA version 1 (HKLM-x32\...\Sonic the Hedgehog 4 - Episode II © SEGA_is1) (Version: 1 - )
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeraCopy 2.22 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.615 - Electronic Arts)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
Tony Hawks Pro Skater HD (HKLM-x32\...\Tony Hawks Pro Skater HD_is1) (Version:  - )
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro Titanium Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.0 - ASUS)
WinRAR 4.20 beta 2 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.2 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}) (Version: 3.0.24 - ASUS)
Worms Reloaded (HKLM-x32\...\Worms Reloaded_is1) (Version:  - )
Worms World Party (HKLM-x32\...\{9A200E68-D5F4-4E70-910F-2871753A0E2B}) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Restore Points  =========================
 
28-05-2014 03:02:29 Scheduled Checkpoint
28-05-2014 05:03:27 Installed Java 7 Update 55
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0218F988-4C63-4593-9BF4-7F5AE7D3D61A} - System32\Tasks\{EF4433E6-45FC-40A0-83B5-B09877A7E753} => C:\Users\user\Downloads\Games of the 90s\mario.exe
Task: {0F7E78F3-254E-4BF0-84BF-537827C54802} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {19B1A307-A241-4A04-ADF1-2B08C7B90277} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4250529003-396123966-962534335-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {1BA0BE65-B039-40BE-8144-E0D9EDF4ECE9} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [2013-05-13] (SecureW2 B.V.)
Task: {2708FECD-433C-4092-8441-92DDD1C8ABF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-10] (Google Inc.)
Task: {27E41ED4-3114-411F-BCFF-B8B823D55B82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-10] (Google Inc.)
Task: {3595D367-C74B-4E05-AC0F-F725A46B2B9D} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {40D15C64-C961-49C8-B44D-4F29D3265A9A} - System32\Tasks\{D80FCE4C-9CAC-471A-8FB1-9C2A86820D23} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {4AD1C1BF-29FC-44E0-ABE9-695D76804464} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-10-14] (ASUS)
Task: {4C826D77-2E2F-4226-AB82-2FB3FD2BB5E0} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {5313BFAE-1D2A-4D1F-A89E-8C10BBF9570F} - System32\Tasks\{4FCAA596-3591-4BF7-B2D2-49CDD29918AA} => C:\Users\user\Downloads\Games of the 90s\mario.exe
Task: {564703CD-022B-4E18-9326-ABBBDDAFECF8} - System32\Tasks\{2876B3F1-4D70-4EE5-B9DF-43D8389D1546} => C:\Users\user\Downloads\Games of the 90s\mario.exe
Task: {5F43AC0D-4F21-418A-92C5-6BC2049FD8FF} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {69593A04-E0CB-4D58-9CC5-F1671D80B3AE} - System32\Tasks\{1B31414E-7DFF-40F2-9DB4-02A1D8F586A9} => C:\Users\user\Downloads\Games of the 90s\mario.exe
Task: {77FB9A36-5ABA-4D77-B968-B31A30E10653} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09] (Google Inc.)
Task: {7994BEED-4018-4146-B60B-DAF61AE158D4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-06] (Facebook Inc.)
Task: {79D33A1D-CA24-4DAB-9604-F5C194E08D11} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-06] (Facebook Inc.)
Task: {8DF520CE-54FF-40DA-884E-633A6AF5F6CC} - System32\Tasks\{2E606F56-C6F0-4460-8A68-015266D6054D} => C:\Users\user\Downloads\Games of the 90s\mario.exe
Task: {8E4257F9-7682-425C-9F1E-3123B24A47B7} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {9E391955-7628-411A-8A25-8FF09DB33CD3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4250529003-396123966-962534335-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {A87D5C7F-1434-4F6A-9BE9-21F917088B55} - System32\Tasks\{90347BC2-D225-4C33-A3CB-2DF508E28A55} => C:\Users\user\Downloads\Games of the 90s\mario.exe
Task: {B69D7DF0-7D95-48D9-8A36-2886CBAD98D6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {D39D1DE2-226F-4D1A-A71A-67B8C747076B} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-11-03] (ASUS)
Task: {E9D6AC35-58C9-4AE1-8431-DE7A51B43B38} - System32\Tasks\{B44A463E-0A9D-4ABE-A54B-8DB0B95FFD1D} => C:\Users\user\Downloads\Games of the 90s\mario.exe
Task: {EE7D6A80-83C6-4526-84A5-4F3C2EE9A2D5} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {FB37F802-7EC4-41F5-B265-7DDE81C01A7E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250529003-396123966-962534335-1001UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2014-05-24 19:38 - 2014-05-24 19:38 - 02967040 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll
2014-05-24 19:38 - 2014-05-24 19:38 - 02278912 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll
2012-07-29 00:34 - 2011-10-26 05:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2011-11-03 20:04 - 2011-11-03 20:04 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-05-25 16:52 - 2014-05-14 14:27 - 00049744 _____ () C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2010-08-20 12:57 - 2010-08-20 12:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 12:57 - 2010-08-20 12:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-05-22 13:46 - 2014-05-13 19:40 - 00716616 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-22 13:46 - 2014-05-13 19:40 - 00126280 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-22 13:46 - 2014-05-13 19:40 - 04217672 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-22 13:46 - 2014-05-13 19:40 - 00414536 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-22 13:46 - 2014-05-13 19:40 - 01732424 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-22 13:46 - 2014-05-13 19:40 - 13695816 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:2CFBE2D1
AlternateDataStreams: C:\ProgramData\Temp:373C6DC2
AlternateDataStreams: C:\ProgramData\Temp:5D458568
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\39789019.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\50053093.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\39789019.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\50053093.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: CVPND => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TiMiniService => 3
MSCONFIG\Services: vToolbarUpdater18.1.5 => 2
MSCONFIG\Services: WDDMService => 2
MSCONFIG\Services: WDSmartWareBackgroundService => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\Services: ZAtheros Bt&Wlan Coex Agent => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\Windows\pss\WDSmartWare.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Connectify => C:\Program Files (x86)\Connectify\Connectify.exe
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GarenaPlus => "C:\Users\user\Documents\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: Google Update => "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IDMan => C:\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "D:\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Media Finder => "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SecureW2 Tray => C:\Program Files (x86)\SecureW2\sw2_tray.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "D:\Games yo!\New Folder\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: Trend Micro Titanium => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
MSCONFIG\startupreg: URmedia => regsvr32.exe C:\Users\user\AppData\Local\URmedia\ggpnunlrgub.dll
MSCONFIG\startupreg: VizorHtmlDialog.exe => "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MSCONFIG\startupreg: YouCam Service => "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/27/2014 09:52:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (05/27/2014 09:44:46 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (05/27/2014 09:44:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (05/27/2014 09:37:25 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (05/27/2014 09:37:24 PM) (Source: Application Virtualization Client) (EventID: 3079) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=958}
The client could not launch C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe (rc 16805A0A-00000193, last error 2).
 
Error: (05/27/2014 09:30:22 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (05/27/2014 09:29:52 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (05/27/2014 09:28:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: CryptoProvider.dll_unloaded, version: 0.0.0.0, time stamp: 0x53026bf0
Exception code: 0xc0000005
Fault offset: 0x000007fef7457da8
Faulting process id: 0x4d8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (05/27/2014 09:22:38 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (05/27/2014 09:22:08 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
 
System errors:
=============
Error: (05/27/2014 09:12:14 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (05/27/2014 09:12:14 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (05/27/2014 05:08:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\50yywx13.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/27/2014 05:04:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\uaeth3bx.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/27/2014 05:03:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\ecjoccgh.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/27/2014 05:03:36 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\owopvcz7.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/27/2014 00:43:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9413856E-4FBA-4435-BD38-3B9C00757465}
 
Error: (05/26/2014 03:14:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: 
%%1053
 
Error: (05/26/2014 03:14:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Virtualization Client service failed to start due to the following error: 
%%1053
 
Error: (05/26/2014 03:14:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (05/01/2014 01:16:33 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 15326 seconds with 1920 seconds of active time.  This session ended with a crash.
 
Error: (04/10/2014 02:26:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1542 seconds with 120 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 60%
Total physical RAM: 4000.06 MB
Available physical RAM: 1563.49 MB
Total Pagefile: 7998.3 MB
Available Pagefile: 5123.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:196.29 GB) (Free:102.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:244.47 GB) (Free:110.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5BE4A3F9)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=196 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
I will attach the TDSS Killer report in just a moment..


#4 benrc17

benrc17
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 28 May 2014 - 03:02 PM

I actually ran TDSS-Killer few days ago before you answered to my post. I clicked on 'cure' for all the threats that were found, I didn't know you needed the reports so I didn't save it. But after running it again just now, it was stated that no threat was found.

 

I just followed your instruction above as I thought it would be good to just make sure my system is cleaned. Just to be safe. 



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 31 May 2014 - 01:40 PM

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Avira or Trendmicro.

 

 

 

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 03 July 2014 - 03:55 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users