Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

(1)Computer restarts with Blue Screen when running Avira scan (2)RUNDLL log


  • This topic is locked This topic is locked
9 replies to this topic

#1 kennylim20

kennylim20

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 21 June 2014 - 12:17 AM

Hello,

 

My Avira antivirus contains warnings as per the log file and OCCASIONALLY restarts my PC itself halfway throughout the scan (it does not happen recently though) with the Blue Screen of Death.

 

 

Here is the log file from scanning:

 

Issue 1

Avira Free Antivirus
Report file date: Wednesday, 18 June, 2014  16:44


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Antivirus Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Windows 7 Home Premium
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : USER-PC

Version information:
BUILD.DAT       : 14.0.4.672     91560 Bytes   2014/5/27 17:13:00
AVSCAN.EXE      : 14.0.4.632   1030736 Bytes   2014/5/22 10:04:41
AVSCANRC.DLL    : 14.0.4.620     52304 Bytes   2014/5/22 10:04:41
LUKE.DLL        : 14.0.4.620     57936 Bytes   2014/5/22 10:04:53
AVSCPLR.DLL     : 14.0.4.620     89680 Bytes   2014/5/22 10:04:41
AVREG.DLL       : 14.0.4.632    261200 Bytes   2014/5/22 10:04:39
avlode.dll      : 14.0.4.638    583760 Bytes   2014/5/22 10:04:39
avlode.rdf      : 14.0.4.22      64276 Bytes   2014/5/15 16:23:47
XBV00008.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00009.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00010.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00011.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00012.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00013.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00014.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00015.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00016.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00017.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00018.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00019.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00020.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00021.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00022.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00023.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00024.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00025.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00026.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00027.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00028.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00029.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00030.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00031.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00032.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00033.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00034.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00035.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00036.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00037.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00038.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00039.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00040.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00041.VDF    : 8.11.153.142     2048 Bytes    2014/6/6 12:47:56
XBV00059.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00060.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00061.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00062.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00063.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00064.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00065.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00066.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00067.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00068.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00069.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00070.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00071.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00072.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00073.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00074.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00075.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00076.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:47:59
XBV00077.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00078.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00079.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00080.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00081.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00082.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00083.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00084.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00085.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00086.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00087.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00088.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00089.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00090.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00091.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00092.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00093.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00094.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00095.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00096.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00097.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00098.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00099.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00100.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00101.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00102.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00103.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00104.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00105.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00106.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00107.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00108.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00109.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00110.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00111.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00112.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00113.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00114.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00115.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00116.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00117.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00118.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:00
XBV00119.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00120.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00121.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00122.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00123.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00124.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00125.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00126.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00127.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00128.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00129.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00130.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00131.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00132.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00133.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00134.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00135.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00136.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00137.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00138.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00139.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00140.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00141.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00142.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00143.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00144.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00145.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00146.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00147.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00148.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00149.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00150.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00151.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00152.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00153.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00154.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00155.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00156.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00157.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00158.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00159.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00160.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00161.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00162.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:01
XBV00163.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00164.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00165.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00166.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00167.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00168.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00169.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00170.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00171.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00172.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00173.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00174.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00175.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00176.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00177.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00178.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00179.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00180.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00181.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00182.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00183.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00184.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00185.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00186.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00187.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00188.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00189.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00190.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00191.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00192.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00193.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00194.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00195.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00196.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00197.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00198.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00199.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00200.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00201.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00202.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00203.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00204.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00205.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00206.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00207.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00208.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00209.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00210.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00211.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00212.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00213.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00214.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00215.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00216.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00217.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00218.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00219.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00220.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00221.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00222.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00223.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00224.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00225.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00226.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00227.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00228.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00229.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00230.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00231.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:02
XBV00232.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00233.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00234.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00235.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00236.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00237.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00238.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00239.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00240.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00241.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00242.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00243.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00244.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00245.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00246.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00247.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00248.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00249.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00250.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00251.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00252.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00253.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00254.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00255.VDF    : 8.11.155.44     2048 Bytes   2014/6/16 12:48:03
XBV00000.VDF    : 7.11.70.0   66736640 Bytes    2013/4/4 11:14:16
XBV00001.VDF    : 7.11.74.226  2201600 Bytes   2013/4/30 11:14:16
XBV00002.VDF    : 7.11.80.60   2751488 Bytes   2013/5/28 11:14:16
XBV00003.VDF    : 7.11.85.214  2162688 Bytes   2013/6/21 11:14:16
XBV00004.VDF    : 7.11.91.176  3903488 Bytes   2013/7/23 11:14:16
XBV00005.VDF    : 7.11.98.186  6822912 Bytes   2013/8/29 11:14:16
XBV00006.VDF    : 7.11.139.38 15708672 Bytes   2014/3/27 13:52:39
XBV00007.VDF    : 7.11.152.100  4193792 Bytes    2014/6/2 14:29:17
XBV00042.VDF    : 8.11.153.142   710656 Bytes    2014/6/6 12:47:57
XBV00043.VDF    : 8.11.155.44  1013760 Bytes   2014/6/16 12:47:58
XBV00044.VDF    : 8.11.155.46     3072 Bytes   2014/6/16 12:47:58
XBV00045.VDF    : 8.11.155.52    38912 Bytes   2014/6/16 12:47:58
XBV00046.VDF    : 8.11.155.54    29696 Bytes   2014/6/16 12:47:58
XBV00047.VDF    : 8.11.155.58    13824 Bytes   2014/6/16 12:47:58
XBV00048.VDF    : 8.11.155.62    20480 Bytes   2014/6/17 12:47:58
XBV00049.VDF    : 8.11.155.64     5632 Bytes   2014/6/17 12:47:58
XBV00050.VDF    : 8.11.155.66   139264 Bytes   2014/6/17 12:47:58
XBV00051.VDF    : 8.11.155.68     2048 Bytes   2014/6/17 12:47:58
XBV00052.VDF    : 8.11.155.70     6144 Bytes   2014/6/17 12:47:58
XBV00053.VDF    : 8.11.155.74   180224 Bytes   2014/6/17 06:48:02
XBV00054.VDF    : 8.11.155.78    18432 Bytes   2014/6/17 06:48:02
XBV00055.VDF    : 8.11.155.80     6144 Bytes   2014/6/17 06:48:02
XBV00056.VDF    : 8.11.155.82     4608 Bytes   2014/6/18 06:48:02
XBV00057.VDF    : 8.11.155.86    17408 Bytes   2014/6/18 06:48:02
XBV00058.VDF    : 8.11.155.100   144896 Bytes   2014/6/18 08:44:08
LOCAL000.VDF    : 8.11.155.100 106518528 Bytes   2014/6/18 08:44:22
Engine version  : 8.3.20.10
AEVDF.DLL       : 8.3.0.4       118976 Bytes   2014/3/20 14:38:01
AESCRIPT.DLL    : 8.1.4.212     528584 Bytes   2014/6/13 10:57:55
AESCN.DLL       : 8.3.1.2       135360 Bytes   2014/5/28 16:46:03
AESBX.DLL       : 8.2.20.24    1409224 Bytes    2014/5/8 23:46:09
AERDL.DLL       : 8.2.0.138     704888 Bytes   2013/12/3 10:46:20
AEPACK.DLL      : 8.4.0.24      778440 Bytes   2014/5/13 15:55:19
AEOFFICE.DLL    : 8.3.0.4       205000 Bytes   2014/4/17 19:07:49
AEHEUR.DLL      : 8.1.4.1112   6738120 Bytes   2014/6/13 10:57:53
AEHELP.DLL      : 8.3.1.0       278728 Bytes   2014/5/28 16:46:00
AEGEN.DLL       : 8.1.7.28      450752 Bytes    2014/6/6 19:47:26
AEEXP.DLL       : 8.4.2.2       237760 Bytes    2014/6/4 17:10:21
AEEMU.DLL       : 8.1.3.2       393587 Bytes  2013/10/10 11:14:14
AEDROID.DLL     : 8.4.2.24      442568 Bytes    2014/6/4 17:10:21
AECORE.DLL      : 8.3.1.4       241864 Bytes    2014/6/6 19:47:25
AEBB.DLL        : 8.1.1.4        53619 Bytes  2013/10/10 11:14:14
AVWINLL.DLL     : 14.0.4.620     24144 Bytes   2014/5/22 10:04:36
AVPREF.DLL      : 14.0.4.632     50256 Bytes   2014/5/22 10:04:39
AVREP.DLL       : 14.0.4.620    219216 Bytes   2014/5/22 10:04:39
AVARKT.DLL      : 14.0.4.632    225872 Bytes   2014/5/22 10:04:37
AVEVTLOG.DLL    : 14.0.4.620    182352 Bytes   2014/5/22 10:04:38
SQLITE3.DLL     : 14.0.4.620    452176 Bytes   2014/5/22 10:04:56
AVSMTP.DLL      : 14.0.4.620     76368 Bytes   2014/5/22 10:04:41
NETNT.DLL       : 14.0.4.620     13392 Bytes   2014/5/22 10:04:53
RCIMAGE.DLL     : 14.0.4.620   4980816 Bytes   2014/5/22 10:04:36
RCTEXT.DLL      : 14.0.4.620     73296 Bytes   2014/5/22 10:04:36

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Wednesday, 18 June, 2014  16:44

Start scanning boot sectors:
Boot sector 'HDD0(C:, D:)'
    [INFO]      No virus was found!

Starting search for hidden objects.
Error in ARK library

The scan of running processes will be started:
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '36' Module(s) have been scanned
Scan process 'nvSCPAPISvr.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '96' Module(s) have been scanned
Scan process 'svchost.exe' - '117' Module(s) have been scanned
Scan process 'svchost.exe' - '85' Module(s) have been scanned
Scan process 'svchost.exe' - '164' Module(s) have been scanned
Scan process 'svchost.exe' - '78' Module(s) have been scanned
Scan process 'ASLDRSrv.exe' - '19' Module(s) have been scanned
Scan process 'GFNEXSrv.exe' - '14' Module(s) have been scanned
Scan process 'WLANExt.exe' - '83' Module(s) have been scanned
Scan process 'conhost.exe' - '17' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '58' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '68' Module(s) have been scanned
Scan process 'WISPTIS.EXE' - '44' Module(s) have been scanned
Scan process 'spoolsv.exe' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'sched.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'armsvc.exe' - '29' Module(s) have been scanned
Scan process 'avguard.exe' - '108' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '70' Module(s) have been scanned
Scan process 'InsOnSrv.exe' - '39' Module(s) have been scanned
Scan process 'devmonsrv.exe' - '41' Module(s) have been scanned
Scan process 'taskhost.exe' - '71' Module(s) have been scanned
Scan process 'HControl.exe' - '46' Module(s) have been scanned
Scan process 'InsOnWMI.exe' - '52' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '36' Module(s) have been scanned
Scan process 'Dwm.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'WISPTIS.EXE' - '52' Module(s) have been scanned
Scan process 'TabTip.exe' - '55' Module(s) have been scanned
Scan process 'EvtEng.exe' - '70' Module(s) have been scanned
Scan process 'Explorer.EXE' - '213' Module(s) have been scanned
Scan process 'CaptureLibService.exe' - '68' Module(s) have been scanned
Scan process 'TabTip32.exe' - '30' Module(s) have been scanned
Scan process 'taskeng.exe' - '39' Module(s) have been scanned
Scan process 'HeciServer.exe' - '28' Module(s) have been scanned
Scan process 'IntelMeFWService.exe' - '26' Module(s) have been scanned
Scan process 'jhi_service.exe' - '45' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '31' Module(s) have been scanned
Scan process 'BatteryLife.exe' - '56' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '39' Module(s) have been scanned
Scan process 'taskeng.exe' - '40' Module(s) have been scanned
Scan process 'RichVideo.exe' - '29' Module(s) have been scanned
Scan process 'KBFiltr.exe' - '33' Module(s) have been scanned
Scan process 'USBChargerPlus.exe' - '43' Module(s) have been scanned
Scan process 'sensorsrv.exe' - '41' Module(s) have been scanned
Scan process 'QuickGesture64.exe' - '35' Module(s) have been scanned
Scan process 'QuickGesture.exe' - '40' Module(s) have been scanned
Scan process 'WDC.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'ToolbarUpdater.exe' - '49' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '77' Module(s) have been scanned
Scan process 'unsecapp.exe' - '28' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '53' Module(s) have been scanned
Scan process 'ZeroConfigService.exe' - '71' Module(s) have been scanned
Scan process 'obexsrv.exe' - '41' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'loggingserver.exe' - '26' Module(s) have been scanned
Scan process 'conhost.exe' - '17' Module(s) have been scanned
Scan process 'avwebg7.exe' - '65' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '18' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'igfxtray.exe' - '32' Module(s) have been scanned
Scan process 'hkcmd.exe' - '31' Module(s) have been scanned
Scan process 'RAVCpl64.exe' - '47' Module(s) have been scanned
Scan process 'RAVBg64.exe' - '54' Module(s) have been scanned
Scan process 'ETDCtrl.exe' - '67' Module(s) have been scanned
Scan process 'BleServicesCtrl.exe' - '39' Module(s) have been scanned
Scan process 'rundll32.exe' - '46' Module(s) have been scanned
Scan process 'AmIcoSinglun64.exe' - '37' Module(s) have been scanned
Scan process 'Skype.exe' - '149' Module(s) have been scanned
Scan process 'ATKOSD2.exe' - '44' Module(s) have been scanned
Scan process 'MSOSYNC.EXE' - '61' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '65' Module(s) have been scanned
Scan process 'flowsync.exe' - '75' Module(s) have been scanned
Scan process 'nvtray.exe' - '62' Module(s) have been scanned
Scan process 'iusb3mon.exe' - '42' Module(s) have been scanned
Scan process 'wcourier.exe' - '65' Module(s) have been scanned
Scan process 'ACMON.exe' - '46' Module(s) have been scanned
Scan process 'AsScrPro.exe' - '41' Module(s) have been scanned
Scan process 'PDVD10Serv.exe' - '34' Module(s) have been scanned
Scan process 'ETDCtrlHelper.exe' - '36' Module(s) have been scanned
Scan process 'ETDGesture.exe' - '45' Module(s) have been scanned
Scan process 'LiveUpdate.exe' - '122' Module(s) have been scanned
Scan process 'svchost.exe' - '60' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '120' Module(s) have been scanned
Scan process 'ACEngSvr.exe' - '52' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '49' Module(s) have been scanned
Scan process 'QvodTerminal.exe' - '64' Module(s) have been scanned
Scan process 'DMedia.exe' - '36' Module(s) have been scanned
Scan process 'HControlUser.exe' - '33' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '83' Module(s) have been scanned
Scan process 'avgnt.exe' - '126' Module(s) have been scanned
Scan process 'vprot.exe' - '87' Module(s) have been scanned
Scan process 'DllHost.exe' - '46' Module(s) have been scanned
Scan process 'iPodService.exe' - '34' Module(s) have been scanned
Scan process 'mediasrv.exe' - '42' Module(s) have been scanned
Scan process 'firefox.exe' - '166' Module(s) have been scanned
Scan process 'Safari.exe' - '142' Module(s) have been scanned
Scan process 'BTPlayerCtrl.exe' - '43' Module(s) have been scanned
Scan process 'WebKit2WebProcess.exe' - '133' Module(s) have been scanned
Scan process 'BTHSAmpPalService.exe' - '21' Module(s) have been scanned
Scan process 'InputPersonalization.exe' - '44' Module(s) have been scanned
Scan process 'BTHSSecurityMgr.exe' - '46' Module(s) have been scanned
Scan process 'FABS.exe' - '34' Module(s) have been scanned
Scan process 'LMS.exe' - '34' Module(s) have been scanned
Scan process 'daemonu.exe' - '72' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'UNS.exe' - '65' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '35' Module(s) have been scanned
Scan process 'wuauclt.exe' - '46' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'EXCEL.EXE' - '94' Module(s) have been scanned
Scan process 'OSPPSVC.EXE' - '35' Module(s) have been scanned
Scan process 'avcenter.exe' - '126' Module(s) have been scanned
Scan process 'avscan.exe' - '124' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '9' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '28' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '27' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'services.exe' - '34' Module(s) have been scanned
Scan process 'lsass.exe' - '70' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned

Initiating scan of system files:
Signed -> 'C:\Windows\system32\svchost.exe'
Signed -> 'C:\Windows\system32\winlogon.exe'
Signed -> 'C:\Windows\explorer.exe'
Signed -> 'C:\Windows\system32\smss.exe'
Signed -> 'C:\Windows\system32\wininet.DLL'
Signed -> 'C:\Windows\system32\wsock32.DLL'
Signed -> 'C:\Windows\system32\ws2_32.DLL'
Signed -> 'C:\Windows\system32\services.exe'
Signed -> 'C:\Windows\system32\lsass.exe'
Signed -> 'C:\Windows\system32\csrss.exe'
Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signed -> 'C:\Windows\system32\spoolsv.exe'
Signed -> 'C:\Windows\system32\alg.exe'
Signed -> 'C:\Windows\system32\wuauclt.exe'
Signed -> 'C:\Windows\system32\advapi32.DLL'
Signed -> 'C:\Windows\system32\user32.DLL'
Signed -> 'C:\Windows\system32\gdi32.DLL'
Signed -> 'C:\Windows\system32\kernel32.DLL'
Signed -> 'C:\Windows\system32\ntdll.DLL'
Signed -> 'C:\Windows\system32\ntoskrnl.exe'
Signed -> 'C:\Windows\system32\drivers\beep.sys'
Signed -> 'C:\Windows\system32\ctfmon.exe'
Signed -> 'C:\Windows\system32\imm32.dll'
Signed -> 'C:\Windows\system32\dsound.dll'
Signed -> 'C:\Windows\system32\aclui.dll'
Signed -> 'C:\Windows\system32\msvcrt.dll'
Signed -> 'C:\Windows\system32\d3d9.dll'
Signed -> 'C:\Windows\system32\dnsapi.dll'
Signed -> 'C:\Windows\system32\mshtml.dll'
Signed -> 'C:\Windows\system32\regsvr32.exe'
Signed -> 'C:\Windows\system32\rundll32.exe'
Signed -> 'C:\Windows\system32\userinit.exe'
Signed -> 'C:\Windows\system32\reg.exe'
Signed -> 'C:\Windows\regedit.exe'
The system files were scanned ('34' files)

Starting to scan executable files (registry):
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
  [WARNING]   The file could not be opened!
The registry was scanned ( '4619' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
  [WARNING]   The file could not be opened!
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe
  [WARNING]   The file could not be opened!
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
  [WARNING]   The file could not be opened!
Begin scan in 'D:\' <DATA>


End of the scan: Wednesday, 18 June, 2014  18:41
Used time:  1:56:34 Hour(s)

The scan has been done completely.

  40584 Scanned directories
 1349045 Files were scanned
      0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      4 Files cannot be scanned
 1349041 Files not concerned
  14470 Archives were scanned
      4 Warnings
      0 Notes
    134 Objects were scanned with rootkit scan
      0 Hidden objects were found
 

 

 

Issue 2

When I start my computer, I get this message.

 

RunDLL

There was a problem starting.

 

The specified module could not be found.

 

 

Sorry for the lengthy post. I just want to supply as much information as possible.

 

 

Thank you in advance!

 



BC AdBot (Login to Remove)

 


m

#2 kennylim20

kennylim20
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 21 June 2014 - 12:19 AM

In regards to Malware Removal and Log Section Preparation Guide starting at Step 6, here are the DDS logs:

 

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.25.2
Run by User at 21:58:49 on 2014-06-20
Microsoft Windows 7 Home Premium   6.1.7601.1.936.86.1033.18.3982.1161 [GMT 8:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Asus\AsusVibe\AsusVibe2.0.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://speedial.com/?f=1&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://speedial.com/?f=1&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
uURLSearchHooks: {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - <orphaned>
uURLSearchHooks: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Users\User\AppData\LocalLow\BitTorrentControl_v12\prxtbBit2.dll
mURLSearchHooks: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Users\User\AppData\LocalLow\BitTorrentControl_v12\prxtbBit2.dll
mWinlogon: Userinit = userinit.exe
BHO: Tencent Browser Helper: {35910522-D36E-2645-80BA-B3EF63AEA818} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
BHO: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
BHO: <No Name>: {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\Program Files\TENCENT\SSPlus\SSup.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll
BHO: QvodExtend: {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Users\User\AppData\LocalLow\BitTorrentControl_v12\prxtbBit2.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: BitTorrentControl_v12 Toolbar: {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - C:\Users\User\AppData\LocalLow\BitTorrentControl_v12\prxtbBit2.dll
TB: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Users\User\AppData\LocalLow\BitTorrentControl_v12\prxtbBit2.dll
TB: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [BlackBerryLink.exe] "C:\bb\BlackBerryLink.exe" /minimize
uRun: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [BackgroundContainerV2] "C:\Windows\SysWOW64\Rundll32.exe" ,DllRun
uRun: [Polar FlowSync] C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [QvodTerminal] "C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe" -autorun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{29C1ECE3-517C-4500-8691-4189813B8BE6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{29C1ECE3-517C-4500-8691-4189813B8BE6}\3547574656E647027796669623 : DHCPNameServer = 202.188.1.5 8.8.8.8
TCP: Interfaces\{29C1ECE3-517C-4500-8691-4189813B8BE6}\4616E6E69793230457E6966696 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{29C1ECE3-517C-4500-8691-4189813B8BE6}\7776C65666471323330457E69666962696A7 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{29C1ECE3-517C-4500-8691-4189813B8BE6}\879616F6C696 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{29C1ECE3-517C-4500-8691-4189813B8BE6}\975716E6F537230457E6966696 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
x64-BHO: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
x64-TB: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l5iaf11q.default-1387455164543\
FF - prefs.js: browser.search.selectedEngine - Speedial
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.my/?gws_rd=cr&ei=kTBzU9yzLoPmrAfk3ICIBw
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.nspdlsd.aflt - spd_wnzp_14_18_ie
FF - user.js: extensions.nspdlsd.instlRef - 140305_a
FF - user.js: extensions.nspdlsd.cr - 364203666
FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q
.
============= SERVICES / DRIVERS ===============
.
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-1-29 50464]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-11-7 28600]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-11-7 112080]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2013-11-7 84720]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-9-21 17152]
R3 AsusVBus;AsusVBus;C:\Windows\System32\drivers\AsusVBus.sys [2012-4-12 35968]
R3 AsusVTouch;AsusVTouch;C:\Windows\System32\drivers\AsusVTouch.sys [2012-4-12 16512]
.
=============== Created Last 30 ================
.
2014-06-19 11:36:22    --------    d-----w-    C:\ProgramData\Package Cache
2014-06-17 12:47:42    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B1CA207-444C-458B-AF33-1BEE55C6CD0D}\offreg.dll
2014-06-17 09:23:32    10702536    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B1CA207-444C-458B-AF33-1BEE55C6CD0D}\mpengine.dll
2014-06-12 17:37:20    --------    d-----w-    C:\Users\User\AppData\Roaming\AVG
2014-06-12 17:37:20    --------    d-----w-    C:\Users\User\AppData\Local\AVG
2014-06-12 17:35:58    --------    d-----w-    C:\ProgramData\AVG
2014-06-12 17:35:47    --------    d-sh--w-    C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-12 17:30:13    --------    d-----w-    C:\ProgramData\Nero
2014-06-12 05:11:57    506368    ----a-w-    C:\Windows\System32\aepdu.dll
2014-06-12 05:11:57    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-06-08 12:47:12    --------    d-----w-    C:\ProgramData\boost_interprocess
2014-06-08 12:46:59    --------    d-----w-    C:\Program Files (x86)\Polar
2014-06-07 14:20:51    --------    d-----w-    C:\Users\User\AppData\Local\Windows Live
2014-06-07 14:20:33    --------    d-----w-    C:\Users\User\AppData\Local\{56F18F2E-A781-450C-8701-77318F43A275}
2014-06-07 14:19:48    --------    d-----w-    C:\Users\User\AppData\Roaming\Windows Live Writer
2014-06-07 14:19:48    --------    d-----w-    C:\Users\User\AppData\Local\Windows Live Writer
2014-06-07 14:08:53    --------    d-----w-    C:\Users\User\AppData\Roaming\WindSolutions
2014-06-07 14:08:53    --------    d-----w-    C:\ProgramData\WindSolutions
.
==================== Find3M  ====================
.
2014-06-20 13:52:18    387    ----a-w-    C:\Users\User\AppData\Roaming\sp_data.sys
2014-05-30 10:02:37    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22    5782528    ----a-w-    C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-05-30 07:56:50    4244992    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10    1790976    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-05-22 10:04:38    112080    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2014-05-14 16:35:24    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 16:35:24    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-02 02:37:13    116736    ----a-w-    C:\Windows\System32\drivers\UMDF\WUDFUsbccidDriver.dll
2014-04-28 03:16:34    50464    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-04-25 02:34:59    801280    ----a-w-    C:\Windows\System32\usp10.dll
2014-04-25 02:06:17    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09    288192    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-31 01:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-26 14:44:48    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39    2048    ----a-w-    C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50    1389056    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14    2048    ----a-w-    C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 22:01:35.54 ===============
 

 

 

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 31/10/2012 10:23:09 PM
System Uptime: 20/6/2014 9:51:36 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | N56VZ
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz | SOCKET 0 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 254 GiB total, 177.66 GiB free.
D: is FIXED (NTFS) - 419 GiB total, 228.591 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP220: 18/6/2014 7:11:14 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.07)
Alcor Micro USB Card Reader
Any Video Converter 5.5.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.2.4
ASUS AI Recovery
ASUS FaceLogon
ASUS Instant Connect
ASUS Instant Key
ASUS LifeFrame3
ASUS Live Update
ASUS Music Maker
ASUS N Series Demo
ASUS Photo Designer
ASUS Photo Manager
ASUS Power4Gear Hybrid
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Video Magic
ASUS Virtual Camera
ASUS Virtual Touch
ASUS WebStorage
ASUSDVD
AsusScr_N6 Series_ENG
AsusVibe2.0
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATK Package
AVG Security Toolbar
Avira
Avira Free Antivirus
Avira SearchFree Toolbar
BitTorrent
BitTorrentControl_v12 Toolbar
Bonjour
Bubbletown
Contr?le ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controle ActiveX do Windows Live Mesh para Conex?es Remotas
CyberLink LabelPrint
CyberLink MediaEspresso
CyberLink Power2Go
CyberLink PowerDirector
D3DX10
Deadtime Stories
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dream Day First Home
Dream Vacation Solitaire
ETDWare PS/2-X64 10.5.9.0
Facebook Video Calling 2.0.0.447
Farm Frenzy 3 - Madagascar
Firebird SQL Server - MAGIX Edition
Freemake Youtube Mp3 Converter
Galapago
Galería fotográfica de Windows Live
Galerie de photos Windows Live
Game Park Console
Go Go Gourmet Chef of the Year
Google Chrome
Google Update Helper
InstantOn for NB
Intel PROSet Wireless
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® WiDi
Intel® Wireless Display
Intel? PROSet/Wireless WiFi Software
Intel? Trusted Connect Service Client
iTunes
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
Mahjong Memoirs
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
myBitCast 1.0.0.3
Neobux Referrals Handy Manager Version 1.3.1
Neobux Referrals Handy Manager Version 1.8
NVIDIA 3D Vision Driver 296.67
NVIDIA Control Panel 296.67
NVIDIA Graphics Driver 296.67
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA Optimus 1.7.13
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.13
NVIDIA Update Components
Plants vs Zombies
Polar FlowSync version 2.1.4
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Skype? 6.11
SOSO AddressBar Search
Turbo Fiesta
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Uzak Ba?lant?lar ??in Windows Live Mesh ActiveX Denetimi
VLC media player 2.1.2
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Foto?raf Galerisi
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Par?alar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 影像中心
Windows Live 照片库
Windows Live 程式集
Windows Live 软件包
WinFlash
WinPcap 4.1.2
WinRAR archiver
WinZip 18.0
Wireless Console 3
World of Goo
YTD Video Downloader 3.9.6
快播 5.1.88
搜索更新服务
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
蛐蛐五线谱播放器
適用遠端連線的 Windows Live Mesh ActiveX 控制項
.
==== Event Viewer Messages From Past Week ========
.
19/6/2014 7:51:36 PM, Error: Service Control Manager [7023]  - The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error:  %%-2147196306
19/6/2014 7:48:57 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
19/6/2014 7:48:57 PM, Error: Service Control Manager [7000]  - The Windows Live ID Sign-in Assistant service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
18/6/2014 5:02:34 PM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
.
==== End Of File ===========================
 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 PM

Posted 25 June 2014 - 08:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#4 kennylim20

kennylim20
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 29 June 2014 - 09:16 AM

Hello,

 

Here is the FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by User (administrator) on USER-PC on 29-06-2014 22:08:57
Running from C:\Users\User\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Shenzhen QVOD Technology Co.,Ltd) C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-16] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-21] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-03] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-22] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2012-09-21] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2011-12-31] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-21] (CyberLink)
HKLM-x32\...\Run: [QvodTerminal] => C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe [1034128 2012-02-02] (Shenzhen QVOD Technology Co.,Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1383277451-3137474638-2566707349-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1383277451-3137474638-2566707349-1001\...\Run: [BlackBerryLink.exe] => "C:\bb\BlackBerryLink.exe" /minimize
HKU\S-1-5-21-1383277451-3137474638-2566707349-1001\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-01-11] (Facebook Inc.)
HKU\S-1-5-21-1383277451-3137474638-2566707349-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-1383277451-3137474638-2566707349-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1133568 2014-05-09] (Polar Electro Oy)
HKU\S-1-5-21-1383277451-3137474638-2566707349-1001\...\MountPoints2: {8cea068a-ae4e-11e3-8d69-685d43727738} - E:\LaunchU3.exe -a
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-04-24] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-04-24] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
SearchScopes: HKCU - {0FFC8716-F236-400E-AC61-70C5181AA915} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKCU - {1FF7973D-AB0A-496d-82C1-4EADBBA11E7B} URL = http://www.soso.com/q?sc=web&cid=th.ub&w={searchTerms}&cin=IYHPwpAJ1QSU7jwSqRK7H6060wc60g00&lr=&ie={inputEncoding}&unc=y400372_2
SearchScopes: HKCU - {BEB8AD59-C990-4538-AF32-2DFECE5A8528} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
BHO-x32: Tencent Browser Helper - {35910522-D36E-2645-80BA-B3EF63AEA818} - C:\Program Files\TENCENT\SSPlus\SAddr.dll No File
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l5iaf11q.default-1387455164543
FF Homepage: https://www.google.com.my/?gws_rd=cr&ei=kTBzU9yzLoPmrAfk3ICIBw
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @qvod.com/QvodInsert - C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: speedial.com
CHR DefaultSearchProvider: Speedial
CHR DefaultSearchURL: http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
CHR DefaultNewTabURL: &a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (QvodInsert) - C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-12-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf [2013-03-28]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-22] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] () [File not signed]
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-25] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-27] (MAGIX®) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-07-31] (Ellora Assets Corp.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-22] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-22] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-10-31] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-03-01] (ASUSTek Computer Inc.)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-04-12] (Windows ® Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2012-04-12] (Windows ® Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-23] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-04-24] (NVIDIA Corporation)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2013-03-12] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-29 22:08 - 2014-06-29 22:10 - 00031716 _____ () C:\Users\User\Downloads\FRST.txt
2014-06-29 22:08 - 2014-06-29 22:09 - 00000000 ____D () C:\FRST
2014-06-29 22:07 - 2014-06-29 22:07 - 02083328 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-06-29 22:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-29 21:59 - 2014-06-29 22:02 - 00000000 ____D () C:\AdwCleaner
2014-06-29 21:57 - 2014-06-29 21:58 - 01342659 _____ () C:\Users\User\Downloads\adwcleaner_3.213.exe
2014-06-29 10:54 - 2014-06-29 22:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 10:54 - 2014-06-29 10:54 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-29 10:54 - 2014-06-29 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-29 10:54 - 2014-06-29 10:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-29 10:54 - 2014-06-29 10:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-29 10:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-29 10:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-29 10:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-29 10:53 - 2014-06-29 10:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-28 15:54 - 2014-06-28 16:16 - 00015164 _____ () C:\Users\User\Downloads\seouls-best-eat-by-kampungboycitygal.xlsx
2014-06-25 21:54 - 2014-06-25 21:54 - 00000000 ____D () C:\Users\User\Documents\Outlook.com (1)
2014-06-25 21:52 - 2014-06-25 21:52 - 01083954 _____ () C:\Users\User\Downloads\Outlook.com (2).zip
2014-06-25 21:52 - 2014-06-25 21:52 - 01083954 _____ () C:\Users\User\Downloads\Outlook.com (1).zip
2014-06-23 21:02 - 2014-06-23 21:02 - 00304957 _____ () C:\Users\User\Desktop\Mu-Zhi-.m4r
2014-06-23 15:34 - 2014-06-23 15:34 - 00017603 _____ () C:\Users\User\Downloads\Korea 4Julto13Jul14.xlsx
2014-06-22 20:52 - 2014-06-22 20:53 - 03067184 _____ (Softorino, Inc. ) C:\Users\User\Downloads\audikoringtonemanagerwin_1.0.5.exe
2014-06-22 20:48 - 2014-06-22 20:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-06-22 18:06 - 2014-06-22 18:07 - 01083954 _____ () C:\Users\User\Downloads\Outlook.com.zip
2014-06-20 22:14 - 2014-06-20 22:14 - 00003147 _____ () C:\Users\User\Desktop\attach.7z
2014-06-20 22:13 - 2014-06-20 22:13 - 00001363 _____ () C:\Users\User\Desktop\7zFM - Shortcut.lnk
2014-06-20 22:12 - 2014-06-20 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-20 22:12 - 2014-06-20 22:12 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-20 22:11 - 2014-06-20 22:11 - 01138397 _____ () C:\Users\User\Downloads\7z922.exe
2014-06-20 22:01 - 2014-06-20 22:01 - 00026916 _____ () C:\Users\User\Desktop\dds.txt
2014-06-20 22:01 - 2014-06-20 22:01 - 00007967 _____ () C:\Users\User\Desktop\attach.txt
2014-06-20 21:57 - 2014-06-20 21:57 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2014-06-19 19:36 - 2014-06-19 19:36 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\User\Downloads\avira_en_av___ws.exe
2014-06-19 19:36 - 2014-06-19 19:36 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-06-19 19:36 - 2014-06-19 19:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-19 19:29 - 2014-06-19 19:29 - 00002248 _____ () C:\Users\User\Downloads\removaltool-win32-en.log
2014-06-19 17:53 - 2014-06-19 17:53 - 00367616 _____ (Avira GmbH) C:\Users\User\Downloads\removaltool-win32-en.exe
2014-06-18 15:46 - 2014-06-18 15:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-13 01:37 - 2014-06-13 01:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG
2014-06-13 01:37 - 2014-06-13 01:37 - 00000000 ____D () C:\Users\User\AppData\Local\AVG
2014-06-13 01:36 - 2014-06-13 01:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nero
2014-06-13 01:35 - 2014-06-14 00:45 - 00000000 ____D () C:\ProgramData\AVG
2014-06-13 01:35 - 2014-06-13 01:35 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-13 01:30 - 2014-06-17 23:21 - 00000000 ____D () C:\ProgramData\Nero
2014-06-13 01:21 - 2014-06-13 01:22 - 83022576 _____ (Nero AG) C:\Users\User\Downloads\Nero_BurningROM2014-15.0.04600_trial.exe
2014-06-12 13:13 - 2014-05-30 18:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 13:13 - 2014-05-30 18:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 13:13 - 2014-05-30 18:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 13:13 - 2014-05-30 17:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 13:13 - 2014-05-30 17:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 13:13 - 2014-05-30 17:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 13:13 - 2014-05-30 17:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 13:13 - 2014-05-30 17:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 13:13 - 2014-05-30 17:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 13:13 - 2014-05-30 17:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 13:13 - 2014-05-30 17:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 13:13 - 2014-05-30 17:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 13:13 - 2014-05-30 17:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 13:13 - 2014-05-30 17:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 13:13 - 2014-05-30 17:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 13:13 - 2014-05-30 17:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 13:13 - 2014-05-30 17:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 13:13 - 2014-05-30 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 13:13 - 2014-05-30 16:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 13:13 - 2014-05-30 16:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 13:13 - 2014-05-30 16:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 13:13 - 2014-05-30 16:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 13:13 - 2014-05-30 16:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 13:13 - 2014-05-30 16:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 13:13 - 2014-05-30 16:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 13:13 - 2014-05-30 16:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 13:13 - 2014-05-30 16:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 13:13 - 2014-05-30 16:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 13:13 - 2014-05-30 16:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 13:13 - 2014-05-30 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 13:13 - 2014-05-30 16:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 13:13 - 2014-05-30 16:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 13:13 - 2014-05-30 16:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 13:13 - 2014-05-30 16:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 13:13 - 2014-05-30 16:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 13:13 - 2014-05-30 16:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 13:13 - 2014-05-30 16:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 13:13 - 2014-05-30 16:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 13:13 - 2014-05-30 16:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 13:13 - 2014-05-30 16:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 13:13 - 2014-05-30 15:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 13:13 - 2014-05-30 15:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 13:13 - 2014-05-30 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 13:13 - 2014-05-30 15:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 13:13 - 2014-05-30 15:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 13:13 - 2014-05-30 15:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 13:13 - 2014-05-30 15:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 13:13 - 2014-05-30 15:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 13:13 - 2014-05-30 15:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 13:13 - 2014-05-30 15:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 13:13 - 2014-05-30 15:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 13:13 - 2014-05-30 15:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 13:13 - 2014-04-25 10:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 13:13 - 2014-04-25 10:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 13:13 - 2014-04-05 10:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 13:13 - 2014-04-05 10:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 13:13 - 2014-03-26 22:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 13:13 - 2014-03-26 22:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 13:13 - 2014-03-26 22:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 13:13 - 2014-03-26 22:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 13:13 - 2014-03-26 22:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 13:13 - 2014-03-26 22:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 13:13 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 13:13 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 13:11 - 2014-06-08 17:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 13:11 - 2014-06-08 17:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-08 20:47 - 2014-06-23 19:42 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-08 20:47 - 2014-06-08 20:47 - 00001161 _____ () C:\Users\Public\Desktop\Polar FlowSync.lnk
2014-06-08 20:47 - 2014-06-08 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polar
2014-06-08 20:46 - 2014-06-08 20:46 - 00000000 ____D () C:\Program Files (x86)\Polar
2014-06-08 20:45 - 2014-06-08 20:45 - 19620472 _____ (Polar Electro Oy ) C:\Users\User\Downloads\FlowSync_2.1.4.exe
2014-06-07 22:20 - 2014-06-10 00:33 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live
2014-06-07 22:20 - 2014-06-07 22:20 - 00000000 ____D () C:\Users\User\AppData\Local\{56F18F2E-A781-450C-8701-77318F43A275}
2014-06-07 22:19 - 2014-06-07 22:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Windows Live Writer
2014-06-07 22:19 - 2014-06-07 22:19 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live Writer
2014-06-07 22:08 - 2014-06-07 22:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\WindSolutions
2014-06-07 22:08 - 2014-06-07 22:10 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-06-07 22:08 - 2014-06-07 22:08 - 05283824 _____ (WindSolutions) C:\Users\User\Downloads\Install_CopyTransControlCenter.exe
2014-06-07 21:38 - 2014-06-07 21:39 - 00000000 ____D () C:\Users\User\Desktop\WhatsApp

==================== One Month Modified Files and Folders =======

2014-06-29 22:11 - 2013-03-28 23:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-29 22:10 - 2014-06-29 22:08 - 00031716 _____ () C:\Users\User\Downloads\FRST.txt
2014-06-29 22:10 - 2009-07-14 13:13 - 00797850 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 22:09 - 2014-06-29 22:08 - 00000000 ____D () C:\FRST
2014-06-29 22:08 - 2014-06-29 10:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 22:07 - 2014-06-29 22:07 - 02083328 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-06-29 22:07 - 2012-10-31 22:38 - 00000000 ____D () C:\ProgramData\QvodPlayer
2014-06-29 22:05 - 2012-10-31 22:24 - 00000387 _____ () C:\Users\User\AppData\Roaming\sp_data.sys
2014-06-29 22:04 - 2013-03-28 23:01 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-29 22:04 - 2012-09-21 01:27 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-06-29 22:03 - 2012-09-21 01:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-29 22:03 - 2012-03-10 03:20 - 01037176 _____ () C:\Windows\PFRO.log
2014-06-29 22:03 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-29 22:03 - 2009-07-14 12:51 - 00135582 _____ () C:\Windows\setupact.log
2014-06-29 22:02 - 2014-06-29 21:59 - 00000000 ____D () C:\AdwCleaner
2014-06-29 22:02 - 2012-09-21 01:21 - 01484672 _____ () C:\Windows\WindowsUpdate.log
2014-06-29 21:58 - 2014-06-29 21:57 - 01342659 _____ () C:\Users\User\Downloads\adwcleaner_3.213.exe
2014-06-29 21:49 - 2009-07-14 12:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-29 21:49 - 2009-07-14 12:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-29 21:38 - 2012-03-10 03:58 - 00000000 ____D () C:\Windows\en
2014-06-29 21:35 - 2012-11-26 21:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-29 20:52 - 2014-01-11 23:47 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1383277451-3137474638-2566707349-1001UA.job
2014-06-29 13:53 - 2012-09-21 01:27 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-06-29 10:54 - 2014-06-29 10:54 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-29 10:54 - 2014-06-29 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-29 10:54 - 2014-06-29 10:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-29 10:54 - 2014-06-29 10:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-29 10:53 - 2014-06-29 10:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-28 16:16 - 2014-06-28 15:54 - 00015164 _____ () C:\Users\User\Downloads\seouls-best-eat-by-kampungboycitygal.xlsx
2014-06-27 23:52 - 2014-01-11 23:47 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1383277451-3137474638-2566707349-1001Core.job
2014-06-27 15:43 - 2012-11-03 22:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-06-26 15:31 - 2014-03-28 22:08 - 00000000 ____D () C:\Users\User\Desktop\Music Scores
2014-06-25 21:54 - 2014-06-25 21:54 - 00000000 ____D () C:\Users\User\Documents\Outlook.com (1)
2014-06-25 21:52 - 2014-06-25 21:52 - 01083954 _____ () C:\Users\User\Downloads\Outlook.com (2).zip
2014-06-25 21:52 - 2014-06-25 21:52 - 01083954 _____ () C:\Users\User\Downloads\Outlook.com (1).zip
2014-06-25 14:06 - 2013-03-28 23:01 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 14:06 - 2013-03-28 23:01 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 17:38 - 2013-11-07 01:26 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 11:32 - 2012-03-10 04:12 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-06-23 21:02 - 2014-06-23 21:02 - 00304957 _____ () C:\Users\User\Desktop\Mu-Zhi-.m4r
2014-06-23 19:42 - 2014-06-08 20:47 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-23 15:34 - 2014-06-23 15:34 - 00017603 _____ () C:\Users\User\Downloads\Korea 4Julto13Jul14.xlsx
2014-06-23 12:23 - 2014-01-29 23:55 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-06-22 20:53 - 2014-06-22 20:52 - 03067184 _____ (Softorino, Inc. ) C:\Users\User\Downloads\audikoringtonemanagerwin_1.0.5.exe
2014-06-22 20:48 - 2014-06-22 20:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-06-22 18:07 - 2014-06-22 18:06 - 01083954 _____ () C:\Users\User\Downloads\Outlook.com.zip
2014-06-20 22:14 - 2014-06-20 22:14 - 00003147 _____ () C:\Users\User\Desktop\attach.7z
2014-06-20 22:13 - 2014-06-20 22:13 - 00001363 _____ () C:\Users\User\Desktop\7zFM - Shortcut.lnk
2014-06-20 22:12 - 2014-06-20 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-20 22:12 - 2014-06-20 22:12 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-20 22:11 - 2014-06-20 22:11 - 01138397 _____ () C:\Users\User\Downloads\7z922.exe
2014-06-20 22:03 - 2014-05-04 18:15 - 00000000 ____D () C:\Users\User\AppData\Local\WinZip
2014-06-20 22:01 - 2014-06-20 22:01 - 00026916 _____ () C:\Users\User\Desktop\dds.txt
2014-06-20 22:01 - 2014-06-20 22:01 - 00007967 _____ () C:\Users\User\Desktop\attach.txt
2014-06-20 21:57 - 2014-06-20 21:57 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2014-06-19 19:36 - 2014-06-19 19:36 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\User\Downloads\avira_en_av___ws.exe
2014-06-19 19:36 - 2014-06-19 19:36 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-06-19 19:36 - 2014-06-19 19:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-19 19:36 - 2013-11-07 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-19 19:36 - 2013-11-07 01:26 - 00000000 ____D () C:\ProgramData\Avira
2014-06-19 19:36 - 2013-11-07 01:26 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-19 19:29 - 2014-06-19 19:29 - 00002248 _____ () C:\Users\User\Downloads\removaltool-win32-en.log
2014-06-19 17:53 - 2014-06-19 17:53 - 00367616 _____ (Avira GmbH) C:\Users\User\Downloads\removaltool-win32-en.exe
2014-06-19 11:59 - 2012-11-01 07:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 15:46 - 2014-06-18 15:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 23:21 - 2014-06-13 01:30 - 00000000 ____D () C:\ProgramData\Nero
2014-06-17 23:16 - 2014-02-06 00:30 - 00417792 ___SH () C:\Users\User\Desktop\Thumbs.db
2014-06-14 21:56 - 2009-07-14 13:08 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-14 00:45 - 2014-06-13 01:35 - 00000000 ____D () C:\ProgramData\AVG
2014-06-13 20:03 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 03:01 - 2012-10-31 22:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-13 01:51 - 2012-11-02 23:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-06-13 01:39 - 2014-06-13 01:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nero
2014-06-13 01:37 - 2014-06-13 01:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG
2014-06-13 01:37 - 2014-06-13 01:37 - 00000000 ____D () C:\Users\User\AppData\Local\AVG
2014-06-13 01:35 - 2014-06-13 01:35 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-13 01:22 - 2014-06-13 01:21 - 83022576 _____ (Nero AG) C:\Users\User\Downloads\Nero_BurningROM2014-15.0.04600_trial.exe
2014-06-10 00:33 - 2014-06-07 22:20 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live
2014-06-08 20:47 - 2014-06-08 20:47 - 00001161 _____ () C:\Users\Public\Desktop\Polar FlowSync.lnk
2014-06-08 20:47 - 2014-06-08 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polar
2014-06-08 20:46 - 2014-06-08 20:46 - 00000000 ____D () C:\Program Files (x86)\Polar
2014-06-08 20:45 - 2014-06-08 20:45 - 19620472 _____ (Polar Electro Oy ) C:\Users\User\Downloads\FlowSync_2.1.4.exe
2014-06-08 17:13 - 2014-06-12 13:11 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 17:08 - 2014-06-12 13:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 22:20 - 2014-06-07 22:20 - 00000000 ____D () C:\Users\User\AppData\Local\{56F18F2E-A781-450C-8701-77318F43A275}
2014-06-07 22:19 - 2014-06-07 22:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Windows Live Writer
2014-06-07 22:19 - 2014-06-07 22:19 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live Writer
2014-06-07 22:17 - 2014-06-07 22:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\WindSolutions
2014-06-07 22:10 - 2014-06-07 22:08 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-06-07 22:08 - 2014-06-07 22:08 - 05283824 _____ (WindSolutions) C:\Users\User\Downloads\Install_CopyTransControlCenter.exe
2014-06-07 21:39 - 2014-06-07 21:38 - 00000000 ____D () C:\Users\User\Desktop\WhatsApp
2014-05-30 18:21 - 2014-06-12 13:13 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 18:02 - 2014-06-12 13:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 18:02 - 2014-06-12 13:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 17:45 - 2014-06-12 13:13 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 17:39 - 2014-06-12 13:13 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 17:39 - 2014-06-12 13:13 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 17:38 - 2014-06-12 13:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 17:28 - 2014-06-12 13:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 17:27 - 2014-06-12 13:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 17:24 - 2014-06-12 13:13 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 17:21 - 2014-06-12 13:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 17:21 - 2014-06-12 13:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 17:20 - 2014-06-12 13:13 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 17:18 - 2014-06-12 13:13 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 17:11 - 2014-06-12 13:13 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 17:08 - 2014-06-12 13:13 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 17:06 - 2014-06-12 13:13 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 17:02 - 2014-06-12 13:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 16:55 - 2014-06-12 13:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 16:49 - 2014-06-12 13:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 16:46 - 2014-06-12 13:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 16:44 - 2014-06-12 13:13 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 16:44 - 2014-06-12 13:13 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 16:43 - 2014-06-12 13:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 16:42 - 2014-06-12 13:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 16:38 - 2014-06-12 13:13 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 16:35 - 2014-06-12 13:13 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 16:34 - 2014-06-12 13:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 16:33 - 2014-06-12 13:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 16:30 - 2014-06-12 13:13 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 16:29 - 2014-06-12 13:13 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 16:28 - 2014-06-12 13:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 16:27 - 2014-06-12 13:13 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 16:24 - 2014-06-12 13:13 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 16:23 - 2014-06-12 13:13 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 16:16 - 2014-06-12 13:13 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 16:10 - 2014-06-12 13:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 16:06 - 2014-06-12 13:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 16:04 - 2014-06-12 13:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 16:02 - 2014-06-12 13:13 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 15:56 - 2014-06-12 13:13 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 15:56 - 2014-06-12 13:13 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 15:54 - 2014-06-12 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 15:50 - 2014-06-12 13:13 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 15:49 - 2014-06-12 13:13 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 15:43 - 2014-06-12 13:13 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 15:40 - 2014-06-12 13:13 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 15:30 - 2014-06-12 13:13 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 15:21 - 2014-06-12 13:13 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 15:15 - 2014-06-12 13:13 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 15:13 - 2014-06-12 13:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 15:13 - 2014-06-12 13:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\77instpak.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\COMAP.EXE
C:\Users\User\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\User\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\User\AppData\Local\Temp\FreemakeYoutubeMp3Converter_3.5.3.3.exe
C:\Users\User\AppData\Local\Temp\GUninstaller.exe
C:\Users\User\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\oi_{BCCDFEC8-D6F7-433E-A3C2-5B7A8444CBFA}.exe
C:\Users\User\AppData\Local\Temp\OptimizerPro.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\readSTILog.dll
C:\Users\User\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\User\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\User\AppData\Local\Temp\tbedrs.dll
C:\Users\User\AppData\Local\Temp\uninst1.exe
C:\Users\User\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\User\AppData\Local\Temp\uttBCA2.tmp.exe
C:\Users\User\AppData\Local\Temp\uttFA76.tmp.exe
C:\Users\User\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 19:33

==================== End Of Log ============================

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 PM

Posted 29 June 2014 - 10:02 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
(Shenzhen QVOD Technology Co.,Ltd) C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
HKLM-x32\...\Run: [QvodTerminal] => C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe [1034128 2012-02-02] (Shenzhen QVOD Technology Co.,Ltd)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
SearchScopes: HKCU - {0FFC8716-F236-400E-AC61-70C5181AA915} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKCU - {BEB8AD59-C990-4538-AF32-2DFECE5A8528} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
BHO-x32: Tencent Browser Helper - {35910522-D36E-2645-80BA-B3EF63AEA818} - C:\Program Files\TENCENT\SSPlus\SAddr.dll No File
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @qvod.com/QvodInsert - C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
CHR DefaultSearchKeyword: speedial.com
CHR DefaultSearchProvider: Speedial
CHR DefaultSearchURL: http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
CHR DefaultNewTabURL: &a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (QvodInsert) - C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-12-15]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf [2013-03-28]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] () [File not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
C:\Users\User\AppData\Local\Temp\77instpak.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\COMAP.EXE
C:\Users\User\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\User\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\User\AppData\Local\Temp\FreemakeYoutubeMp3Converter_3.5.3.3.exe
C:\Users\User\AppData\Local\Temp\GUninstaller.exe
C:\Users\User\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\oi_{BCCDFEC8-D6F7-433E-A3C2-5B7A8444CBFA}.exe
C:\Users\User\AppData\Local\Temp\OptimizerPro.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\readSTILog.dll
C:\Users\User\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\User\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\User\AppData\Local\Temp\tbedrs.dll
C:\Users\User\AppData\Local\Temp\uninst1.exe
C:\Users\User\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\User\AppData\Local\Temp\uttBCA2.tmp.exe
C:\Users\User\AppData\Local\Temp\uttFA76.tmp.exe
C:\Users\User\AppData\Local\Temp\vlc-2.1.2-win32.ex

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer performing now?

#6 kennylim20

kennylim20
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 29 June 2014 - 11:11 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-06-2014 02
Ran by User at 2014-06-29 23:58:44 Run:1
Running from C:\Users\User\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
(Shenzhen QVOD Technology Co.,Ltd) C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
HKLM-x32\...\Run: [QvodTerminal] => C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe [1034128 2012-02-02] (Shenzhen QVOD Technology Co.,Ltd)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
SearchScopes: HKCU - {0FFC8716-F236-400E-AC61-70C5181AA915} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKCU - {BEB8AD59-C990-4538-AF32-2DFECE5A8528} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
BHO-x32: Tencent Browser Helper - {35910522-D36E-2645-80BA-B3EF63AEA818} - C:\Program Files\TENCENT\SSPlus\SAddr.dll No File
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @qvod.com/QvodInsert - C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
CHR DefaultSearchKeyword: speedial.com
CHR DefaultSearchProvider: Speedial
CHR DefaultSearchURL: http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
CHR DefaultNewTabURL: &a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir=
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (QvodInsert) - C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-12-15]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf [2013-03-28]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] () [File not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
C:\Users\User\AppData\Local\Temp\77instpak.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\COMAP.EXE
C:\Users\User\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\User\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\User\AppData\Local\Temp\FreemakeYoutubeMp3Converter_3.5.3.3.exe
C:\Users\User\AppData\Local\Temp\GUninstaller.exe
C:\Users\User\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\oi_{BCCDFEC8-D6F7-433E-A3C2-5B7A8444CBFA}.exe
C:\Users\User\AppData\Local\Temp\OptimizerPro.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\readSTILog.dll
C:\Users\User\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\User\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\User\AppData\Local\Temp\tbedrs.dll
C:\Users\User\AppData\Local\Temp\uninst1.exe
C:\Users\User\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\User\AppData\Local\Temp\uttBCA2.tmp.exe
C:\Users\User\AppData\Local\Temp\uttFA76.tmp.exe
C:\Users\User\AppData\Local\Temp\vlc-2.1.2-win32.ex

End
*****************

[4904] C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QvodTerminal => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FFC8716-F236-400E-AC61-70C5181AA915}' => Key deleted successfully.
'HKCR\CLSID\{0FFC8716-F236-400E-AC61-70C5181AA915}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BEB8AD59-C990-4538-AF32-2DFECE5A8528}' => Key deleted successfully.
'HKCR\CLSID\{BEB8AD59-C990-4538-AF32-2DFECE5A8528}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}' => Key deleted successfully.
'HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}' => Key deleted successfully.
'HKCR\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35910522-D36E-2645-80BA-B3EF63AEA818}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{35910522-D36E-2645-80BA-B3EF63AEA818}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D297}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{A8502600-B272-4F68-A67B-A0305D46D297}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} => value deleted successfully.
'HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}'=> Key not found.
'HKCR\PROTOCOLS\Handler\tmbp' => Key deleted successfully.
'HKCR\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF}' => Key deleted successfully.
'HKCR\Wow6432Node\PROTOCOLS\Handler\tmbp'=> Key not found.
'HKCR\Wow6432Node\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF}' => Key deleted successfully.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@qvod.com/QvodInsert' => Key deleted successfully.
C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll => Moved successfully.
CHR DefaultSearchKeyword: speedial.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Speedial ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_18_ie&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAyBtByByBtAyDzyzzyBtBtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDzz0F0C0EtG0EyByCtBtGtDyDtD0BtG0D0FtA0BtGyD0C0CyEyByE0A0CyDtB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0A0F0A0E0EyBtGyE0B0B0BtG0AyCtCtDtGtAyEyCyCtGtDyE0D0C0BtD0ByDtAtBtA0A2Q&cr=364203666&ir= ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found.
C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll not found.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh => Moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf directory not found.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh' => Key deleted successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx => Moved successfully.
APNMCP => Service deleted successfully.
EagleX64 => Service deleted successfully.
RimUsb => Service deleted successfully.
C:\Users\User\AppData\Local\Temp\77instpak.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\User\AppData\Local\Temp\DseShExt-x64.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\FreemakeYoutubeMp3Converter_3.5.3.3.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\GUninstaller.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\oi_{BCCDFEC8-D6F7-433E-A3C2-5B7A8444CBFA}.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\OptimizerPro.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\readSTILog.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\SDShelEx-x64.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\tbedrs.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\UpdateCheckerSetup.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\uttBCA2.tmp.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\uttFA76.tmp.exe => Moved successfully.
"C:\Users\User\AppData\Local\Temp\vlc-2.1.2-win32.ex" => File/Directory not found.

==== End of Fixlog ====

 

 

*****

 

 

Checkup.txt

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player 14.0.0.125  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 PM

Posted 29 June 2014 - 01:03 PM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u60.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 25

===

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#8 kennylim20

kennylim20
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 05 July 2014 - 04:16 AM

Hello,

 

I have just installed Java SE Development Kit 8 Update 5 (64-bit). ; installed only, no further action is taken.

 

May I know why should I disable Java on browsers?

 

In addition, the RUNDLL pop-up doesn't appear anymore when I turn on my computer.

 

 

 

Thank you.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 PM

Posted 05 July 2014 - 06:58 AM

As I previously said. It's your call.

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 PM

Posted 11 July 2014 - 09:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users