Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gameharbor.org


  • This topic is locked This topic is locked
9 replies to this topic

#1 han_ger05

han_ger05

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 13 September 2014 - 11:28 AM

Hello, I believe my laptop has been infected by adware most probably from my torrent of the sims 4. When I start my laptop up, chrome automatically opens and gets directed to gameharbor.org. I've resolved this by disabling it from the startup but would very much like to remove the malware from my laptop. I couldnt run DDS as im using windows 8.1 so I'm running FRST instead. These are the results of the scan:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by User- at 2014-09-14 00:22:19
Running from C:\Users\User-\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{42CBCE27-DE9B-4094-B9EB-D4C4C135FFA8}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3625607165-2013681658-839687094-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User-\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625607165-2013681658-839687094-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User-\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625607165-2013681658-839687094-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User-\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625607165-2013681658-839687094-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User-\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625607165-2013681658-839687094-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User-\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625607165-2013681658-839687094-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User-\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625607165-2013681658-839687094-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User-\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625607165-2013681658-839687094-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User-\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3625607165-2013681658-839687094-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User-\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
04-09-2014 08:22:36 Scheduled Checkpoint
07-09-2014 07:26:06 Installed DirectX
10-09-2014 11:48:35 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04663811-9009-4DDD-A703-7B9A7F65C971} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-10] (Microsoft Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {11DF42CC-CF89-4B27-8732-0F5C9FC183AF} - System32\Tasks\gg_uac_daemon_User- => Rundll32.exe "D:\Games\Garena Plus\ggspawn.dll",rundll_entry -p 0
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {213E4A9B-53CD-483C-A5F0-823A5BCAFE5B} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-07] (ASUS)
Task: {222AEA73-6692-4E8F-80F2-ACDD44614C47} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-17] (Intel Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2CCAC2F1-33B5-4D6C-8567-65248BE61D13} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-17] (Intel Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {54C22902-F5DB-4F83-80F6-EEF92DC985B0} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-05-26] ()
Task: {5521EFFC-DEC5-4B69-BDEC-A50B98AB6700} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {6422AF5C-6528-496B-98FE-612C22B8FC23} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {6620C4EC-C551-4B33-BA3C-55E62A8CEED9} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7F9CC906-1F46-416A-B527-A5B911EB18F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {83DE12F8-9F91-4470-B6DD-07B6CA6AAFA7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-25] (ASUS)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {88FD2766-DE55-4571-8689-39F4D241D1A3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-28] (AVAST Software)
Task: {8A2A1326-31B1-4429-8A39-51BEC594B237} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8CC96896-85D9-4F96-AB52-9B9BAF3CD349} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {8D45F1D7-56DE-44E5-AAB7-68DF035ABA47} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-05-26] ()
Task: {9A75775B-968F-45AE-B1E3-EE14F4CE4DE9} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {9B02DFDE-B2AC-47A1-BADB-5E549D6783D9} - System32\Tasks\BtTray => C:\Program
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A3D6DDCE-705F-40D2-AADD-5F7389DCCA12} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-26] (ASUSTeK Computer Inc.)
Task: {C80E3C31-2171-4AD0-A3D6-82D3CAFB2095} - System32\Tasks\BtvStack => C:\Program
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4DA166B-3827-4169-AC5B-299B6C40973D} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {D764B82A-1BF5-42B7-AD98-3937AFD3273F} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC32E303-7AB7-4D80-8144-2E248AF61233} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {E38D8CFC-7280-439B-87DD-23DF5CDA9329} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-25] (ASUSTek Computer Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E938705B-9E87-4DD5-90A9-E40F68E177ED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-25] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-05-16 02:49 - 2014-05-16 02:49 - 00561448 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2014-08-12 20:02 - 2014-08-12 20:02 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2012-08-11 09:28 - 2012-08-11 09:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-25 08:26 - 2012-08-25 08:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-26 22:06 - 2014-05-26 22:06 - 02733080 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
2014-09-10 20:54 - 2014-09-10 20:54 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-08-28 18:45 - 2014-08-28 18:45 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-13 22:53 - 2014-09-13 22:53 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091300\algo.dll
2014-09-14 00:16 - 2014-09-14 00:16 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091301\algo.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-16 02:45 - 2014-05-16 02:45 - 00965928 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-05-16 02:49 - 2014-05-16 02:49 - 00229160 _____ () C:\Program Files (x86)\Hotspot Shield\bin\cmwhydraplugin.dll
2014-05-16 02:47 - 2014-05-16 02:47 - 00517928 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll
2011-09-23 21:54 - 2011-09-23 21:54 - 00465344 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2014-05-15 00:45 - 2014-05-15 00:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-08-12 20:02 - 2014-08-12 20:02 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2012-12-17 11:02 - 2012-12-17 11:02 - 00187336 _____ () D:\Games\Garena Plus\ggspawn.dll
2014-09-06 01:18 - 2014-08-30 10:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-06 01:18 - 2014-08-30 10:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-06 01:18 - 2014-08-30 10:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2012-08-25 08:17 - 2012-08-25 08:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-08-28 18:45 - 2014-08-28 18:45 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-13 23:07 - 2014-09-13 23:07 - 00043008 _____ () c:\users\user-\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbkbm7.dll
2013-08-24 03:01 - 2013-08-24 03:01 - 25100288 _____ () C:\Users\User-\AppData\Roaming\Dropbox\bin\libcef.dll
2012-10-30 19:48 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-09-06 01:18 - 2014-08-30 10:49 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "BackupNowEZtray"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKCU\...\StartupApproved\Run: => "DownloadAccelerator"
HKCU\...\StartupApproved\Run: => "Steam"
HKCU\...\StartupApproved\Run: => "uTorrent"
HKCU\...\StartupApproved\Run: => "Skype"
HKCU\...\StartupApproved\Run: => "CMD"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/14/2014 00:17:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvastUI.exe, version: 9.0.2021.531, time stamp: 0x53d2526a
Faulting module name: msaud32_divx.acm, version: 8.0.0.4487, time stamp: 0x3dd50000
Exception code: 0xc0000005
Fault offset: 0x00052170
Faulting process id: 0x17c4
Faulting application start time: 0xAvastUI.exe0
Faulting application path: AvastUI.exe1
Faulting module path: AvastUI.exe2
Report Id: AvastUI.exe3
Faulting package full name: AvastUI.exe4
Faulting package-relative application ID: AvastUI.exe5
 
Error: (09/13/2014 10:55:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x10f4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
Error: (09/13/2014 10:53:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvastUI.exe, version: 9.0.2021.531, time stamp: 0x53d2526a
Faulting module name: msaud32_divx.acm, version: 8.0.0.4487, time stamp: 0x3dd50000
Exception code: 0xc0000005
Fault offset: 0x00052170
Faulting process id: 0x163c
Faulting application start time: 0xAvastUI.exe0
Faulting application path: AvastUI.exe1
Faulting module path: AvastUI.exe2
Report Id: AvastUI.exe3
Faulting package full name: AvastUI.exe4
Faulting package-relative application ID: AvastUI.exe5
 
Error: (09/13/2014 06:30:40 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program The Sims™ 4 because of this error.
 
Program: The Sims™ 4
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (09/13/2014 06:30:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TS4.exe, version: 1.0.677.20, time stamp: 0x540a88b9
Faulting module name: TS4.exe, version: 1.0.677.20, time stamp: 0x540a88b9
Exception code: 0xc000001d
Fault offset: 0x01a57917
Faulting process id: 0x1264
Faulting application start time: 0xTS4.exe0
Faulting application path: TS4.exe1
Faulting module path: TS4.exe2
Report Id: TS4.exe3
Faulting package full name: TS4.exe4
Faulting package-relative application ID: TS4.exe5
 
Error: (09/13/2014 06:07:03 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (09/13/2014 05:54:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvastUI.exe, version: 9.0.2021.531, time stamp: 0x53d2526a
Faulting module name: msaud32_divx.acm, version: 8.0.0.4487, time stamp: 0x3dd50000
Exception code: 0xc0000005
Fault offset: 0x00052170
Faulting process id: 0x15d0
Faulting application start time: 0xAvastUI.exe0
Faulting application path: AvastUI.exe1
Faulting module path: AvastUI.exe2
Report Id: AvastUI.exe3
Faulting package full name: AvastUI.exe4
Faulting package-relative application ID: AvastUI.exe5
 
Error: (09/13/2014 10:41:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37837594
 
Error: (09/13/2014 10:41:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37837594
 
Error: (09/13/2014 10:41:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (09/13/2014 09:47:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (09/13/2014 07:17:58 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (09/13/2014 07:14:13 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000000a (0xfffff801890d1d48, 0x0000000000000002, 0x0000000000000000, 0xfffff8018291e58a)C:\WINDOWS\MEMORY.DMP091314-41937-01
 
Error: (09/13/2014 07:14:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:12:34 PM on ‎9/‎13/‎2014 was unexpected.
 
Error: (09/13/2014 06:07:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition.
 
Error: (09/13/2014 06:06:40 PM) (Source: DCOM) (EventID: 10010) (User: user)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (09/13/2014 05:59:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
 
Error: (09/12/2014 09:30:21 PM) (Source: DCOM) (EventID: 10010) (User: user)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (09/11/2014 08:41:07 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (09/11/2014 07:05:48 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
 
Microsoft Office Sessions:
=========================
Error: (09/14/2014 00:17:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AvastUI.exe9.0.2021.53153d2526amsaud32_divx.acm8.0.0.44873dd50000c00000050005217017c401cfcf64790f9b0aC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\WINDOWS\SYSTEM32\msaud32_divx.acm685a9237-3b61-11e4-bf63-74e5434146c6
 
Error: (09/13/2014 10:55:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd10f401cfcf62bb1fb80fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllf9476456-3b55-11e4-bf62-74e5434146c6
 
Error: (09/13/2014 10:53:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AvastUI.exe9.0.2021.53153d2526amsaud32_divx.acm8.0.0.44873dd50000c000000500052170163c01cfcf5d3cacdc8bC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\WINDOWS\SYSTEM32\msaud32_divx.acmb868202b-3b55-11e4-bf62-74e5434146c6
 
Error: (09/13/2014 06:30:40 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: The Sims™ 4000000000
 
Error: (09/13/2014 06:30:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TS4.exe1.0.677.20540a88b9TS4.exe1.0.677.20540a88b9c000001d01a57917126401cfcf3dbddcf706D:\Games\The SIMS 4 Deluxe Edition\Game\Bin\TS4.exeD:\Games\The SIMS 4 Deluxe Edition\Game\Bin\TS4.exe01ce7378-3b31-11e4-bf61-74e5434146c6
 
Error: (09/13/2014 06:07:03 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (09/13/2014 05:54:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AvastUI.exe9.0.2021.53153d2526amsaud32_divx.acm8.0.0.44873dd50000c00000050005217015d001cfcf28e6c70993C:\Program Files\AVAST Software\Avast\AvastUI.exeC:\WINDOWS\SYSTEM32\msaud32_divx.acmf135985f-3b2b-11e4-bf61-74e5434146c6
 
Error: (09/13/2014 10:41:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37837594
 
Error: (09/13/2014 10:41:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37837594
 
Error: (09/13/2014 10:41:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 6021.54 MB
Available physical RAM: 3843.79 MB
Total Pagefile: 12165.54 MB
Available Pagefile: 9699.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:87.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:125.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4AD209D2)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by User- (administrator) on USER on 14-09-2014 00:21:14
Running from C:\Users\User-\Downloads
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\User-\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\User-\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-25] (ASUS)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [580672 2012-07-23] (NTI Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-28] (AVAST Software)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3625607165-2013681658-839687094-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3625607165-2013681658-839687094-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-30] (Valve Corporation)
HKU\S-1-5-21-3625607165-2013681658-839687094-1002\...\Run: [BackgroundContainerV2] => "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\User-\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-3625607165-2013681658-839687094-1002\...\Run: [uTorrent] => C:\Users\User-\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-05-03] (BitTorrent Inc.)
HKU\S-1-5-21-3625607165-2013681658-839687094-1002\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2733080 2014-05-26] ()
HKU\S-1-5-21-3625607165-2013681658-839687094-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-3625607165-2013681658-839687094-1002\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-3625607165-2013681658-839687094-1002\...\MountPoints2: {3a3b79ec-72d9-11e2-be8d-50465dd0e3bc} - "F:\AutoRun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\User-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User-\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC82107AE8E42CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
URLSearchHook: HKCU - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={CEFE3BA2-A8ED-4CA8-BABB-C98E461FB389}&mid=0b136ff8c85047d39d78a5ac05a5af35-2fc690660b2d6586e0f8a0d314ae6bac5e6e8500&lang=en&ds=gm011&pr=sa&d=2013-06-16 14:57:07&v=15.2.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKCU - {D5E4F77E-9E8A-4ACD-997A-53673CB69091} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {7473b6bd-4691-4744-a82b-7854eb3d70b6} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {7473b6bd-4691-4744-a82b-7854eb3d70b6} -  No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
 
FireFox:
========
FF ProfilePath: C:\Users\User-\AppData\Roaming\Mozilla\Firefox\Profiles\o2etpf6m.default
FF DefaultSearchEngine: uTorrentControl_v2 Customized Web Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Firefox Old Version Update Hotfix - C:\Users\User-\AppData\Roaming\Mozilla\Firefox\Profiles\o2etpf6m.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-27]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2013-07-30]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-01]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF HKLM-x32\...\Firefox\Extensions: [{55A8EC97-6AF6-442c-877F-11C51DBD162D}] - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YTVD_FF.xpi
FF Extension: YouTube Video Downloader Extension - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YTVD_FF.xpi [2013-11-18]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
 
Chrome: 
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User-\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User-\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User-\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (avast! Online Security) - C:\Users\User-\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-27]
CHR Extension: (YouTube Video Downloader Extension) - C:\Users\User-\AppData\Local\Google\Chrome\User Data\Default\Extensions\igljnkmljjbhcellpnjppojkfdfmkjmp [2013-11-18]
CHR Extension: (Google Wallet) - C:\Users\User-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-27]
CHR HKLM-x32\...\Chrome\Extension: [bodfdknjhecmadheclfjkhhiofeagdbh] - C:\Program Files (x86)\DAP\daplinkchecker.crx [2012-12-31]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2012-12-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-28]
CHR HKLM-x32\...\Chrome\Extension: [igljnkmljjbhcellpnjppojkfdfmkjmp] - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YTVD_GC.crx [2013-11-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-11] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-28] (AVAST Software)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [1015592 2014-05-16] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-14] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [561448 2014-05-16] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-15] (PasswordBox, Inc.) [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-11] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-28] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-14] (AnchorFree Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
U0 novy; C:\Windows\System32\drivers\eggvvx.sys [79064 2014-09-13] (Malwarebytes Corporation)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-14] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-14 00:21 - 2014-09-14 00:21 - 00027904 _____ () C:\Users\User-\Downloads\FRST.txt
2014-09-14 00:13 - 2014-09-14 00:21 - 00000000 ____D () C:\FRST
2014-09-14 00:13 - 2014-09-14 00:13 - 02105856 _____ (Farbar) C:\Users\User-\Downloads\FRST64.exe
2014-09-13 23:36 - 2014-09-13 23:36 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\eggvvx.sys
2014-09-13 23:10 - 2014-09-13 23:12 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 23:10 - 2014-09-13 23:10 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 23:10 - 2014-09-13 23:10 - 00000000 ___RD () C:\Users\User-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-13 23:10 - 2014-09-13 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 23:10 - 2014-09-13 23:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 23:10 - 2014-09-13 23:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 23:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-13 23:10 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-13 23:10 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-13 22:46 - 2014-09-13 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User-\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 22:29 - 2014-09-13 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-13 22:29 - 2014-09-13 22:29 - 00000000 ____D () C:\Program Files\7-Zip
2014-09-13 22:28 - 2014-09-13 22:28 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-09-13 22:28 - 2014-09-13 22:28 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-09-13 22:28 - 2014-09-13 22:28 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-09-13 22:28 - 2014-09-13 22:28 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 19:14 - 2014-09-13 19:14 - 00295072 _____ () C:\WINDOWS\Minidump\091314-41937-01.dmp
2014-09-13 18:29 - 2014-09-13 18:29 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-13 10:43 - 2014-09-13 23:08 - 00003290 _____ () C:\WINDOWS\System32\Tasks\gg_uac_daemon_User-
2014-09-12 21:01 - 2014-09-12 21:01 - 00056728 _____ () C:\Users\User-\Downloads\[kickass.to]cashback.2006.bdrip.xvid.war.torrent
2014-09-12 20:23 - 2014-09-12 20:51 - 87481100 _____ () C:\Users\User-\Downloads\SC-T-741874-V5.rar
2014-09-11 15:28 - 2014-08-16 10:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-11 15:28 - 2014-08-16 10:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-11 15:28 - 2014-08-16 10:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-11 15:28 - 2014-08-16 10:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-11 15:28 - 2014-08-16 09:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-11 15:28 - 2014-08-16 09:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-11 15:28 - 2014-08-16 09:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-11 15:28 - 2014-08-16 09:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-11 15:28 - 2014-08-16 09:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-11 15:28 - 2014-08-16 09:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-11 15:28 - 2014-08-16 09:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-11 15:28 - 2014-08-16 09:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-11 15:28 - 2014-08-16 09:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-11 15:28 - 2014-08-16 09:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-11 15:28 - 2014-08-16 09:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-11 15:28 - 2014-08-16 09:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-11 15:28 - 2014-08-16 09:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-11 15:28 - 2014-08-16 09:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-11 15:28 - 2014-08-16 09:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-11 15:28 - 2014-08-16 09:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-11 15:28 - 2014-08-16 09:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-11 15:28 - 2014-08-16 08:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 15:28 - 2014-08-16 08:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-11 15:28 - 2014-08-16 08:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-11 15:28 - 2014-08-16 08:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-11 15:28 - 2014-08-16 08:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-11 15:28 - 2014-08-16 08:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-11 15:28 - 2014-08-16 08:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-11 15:28 - 2014-08-16 08:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-11 15:28 - 2014-08-16 08:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-11 15:28 - 2014-08-16 08:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-11 15:28 - 2014-08-16 08:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-11 15:28 - 2014-08-16 08:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-11 15:28 - 2014-08-16 08:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-11 15:28 - 2014-08-16 08:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-11 14:42 - 2014-09-11 15:09 - 82273254 _____ () C:\Users\User-\Downloads\SC-489741-TS-2.rar
2014-09-10 21:31 - 2014-09-10 21:31 - 00291328 _____ () C:\WINDOWS\Minidump\091014-36703-01.dmp
2014-09-10 21:02 - 2014-09-10 21:03 - 00291520 _____ () C:\WINDOWS\Minidump\091014-36671-01.dmp
2014-09-10 19:36 - 2014-09-10 19:36 - 00287664 _____ () C:\WINDOWS\Minidump\091014-30640-01.dmp
2014-09-10 17:00 - 2014-09-10 17:10 - 28378489 _____ () C:\Users\User-\Downloads\SC-TS-41874-V4.rar
2014-09-10 15:35 - 2014-08-02 08:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-10 15:35 - 2014-07-24 11:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-10 15:35 - 2014-07-24 11:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-09 21:42 - 2014-09-09 21:43 - 00293288 _____ () C:\WINDOWS\Minidump\090914-34656-01.dmp
2014-09-08 16:17 - 2014-09-08 16:18 - 00292240 _____ () C:\WINDOWS\Minidump\090814-29625-01.dmp
2014-09-07 20:52 - 2014-09-07 20:52 - 00000851 _____ () C:\Users\Public\Desktop\The SIMS 4 Deluxe Edition.lnk
2014-09-07 20:52 - 2014-09-07 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-07 16:21 - 2014-09-07 16:22 - 00293480 _____ () C:\WINDOWS\Minidump\090714-35140-01.dmp
2014-09-07 16:17 - 2014-09-03 18:24 - 00447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2014-09-07 16:02 - 2014-09-07 16:02 - 00000000 ____D () C:\Users\User-\Documents\Electronic Arts
2014-09-07 15:48 - 2014-09-07 15:57 - 28075703 _____ () C:\Users\User-\Downloads\SC-TS-41974-V-3.rar
2014-09-03 22:25 - 2014-09-03 22:25 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-03 22:25 - 2014-09-03 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-03 22:24 - 2014-09-03 22:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-03 22:24 - 2014-09-03 22:25 - 00000000 ____D () C:\Program Files\iTunes
2014-09-03 22:24 - 2014-09-03 22:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-03 22:24 - 2014-09-03 22:24 - 00000000 ____D () C:\Program Files\iPod
2014-09-03 21:43 - 2014-09-03 21:43 - 00292424 _____ () C:\WINDOWS\Minidump\090314-30203-01.dmp
2014-09-01 22:29 - 2014-09-01 22:29 - 00292520 _____ () C:\WINDOWS\Minidump\090114-29468-01.dmp
2014-09-01 14:04 - 2014-09-01 14:04 - 00294544 _____ () C:\WINDOWS\Minidump\090114-37640-01.dmp
2014-08-31 15:19 - 2014-09-13 11:29 - 00000000 ____D () C:\Users\User-\AppData\Roaming\Skype
2014-08-31 15:19 - 2014-08-31 15:19 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-31 15:19 - 2014-08-31 15:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-31 15:19 - 2014-08-31 15:19 - 00000000 ____D () C:\Users\User-\AppData\Local\Skype
2014-08-31 15:19 - 2014-08-31 15:19 - 00000000 ____D () C:\ProgramData\Skype
2014-08-31 15:19 - 2014-08-31 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-31 15:12 - 2014-08-31 15:12 - 00000000 ____D () C:\ProgramData\GRETECH
2014-08-31 12:00 - 2014-08-31 12:00 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-31 12:00 - 2014-08-31 12:00 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-31 12:00 - 2014-08-31 12:00 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-31 12:00 - 2014-08-31 12:00 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-08-31 01:36 - 2014-08-31 01:36 - 00295208 _____ () C:\WINDOWS\Minidump\083114-38234-01.dmp
2014-08-29 14:08 - 2014-08-29 14:08 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar
2014-08-29 14:07 - 2014-08-29 14:07 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-28 18:45 - 2014-08-28 18:45 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-28 18:45 - 2014-08-28 18:45 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-28 15:34 - 2014-05-13 13:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-28 15:34 - 2014-05-03 19:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-28 15:34 - 2014-05-03 17:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-28 15:34 - 2014-05-03 13:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-28 15:34 - 2014-05-03 12:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-28 15:34 - 2014-05-01 13:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-28 15:34 - 2014-04-30 14:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-28 15:34 - 2014-04-30 12:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-28 15:34 - 2014-04-30 12:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-28 15:34 - 2014-04-30 11:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-28 15:34 - 2014-04-30 11:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-28 15:34 - 2014-04-29 06:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-28 15:34 - 2014-04-27 06:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-28 15:34 - 2014-04-27 04:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-28 15:34 - 2014-04-27 00:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-28 15:34 - 2014-04-14 17:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-28 15:34 - 2014-04-14 16:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-28 15:33 - 2014-05-13 15:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-28 15:33 - 2014-05-13 12:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-28 15:33 - 2014-05-13 11:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-28 15:33 - 2014-05-03 13:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-28 15:33 - 2014-05-03 13:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-28 15:33 - 2014-05-03 13:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-28 15:33 - 2014-05-03 12:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-28 15:33 - 2014-05-03 12:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-28 15:33 - 2014-05-03 07:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-28 15:33 - 2014-04-30 14:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-28 15:33 - 2014-04-30 14:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-28 15:33 - 2014-04-30 14:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-28 15:33 - 2014-04-30 13:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-28 15:33 - 2014-04-30 12:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-28 15:33 - 2014-04-30 12:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-28 15:33 - 2014-04-30 12:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-28 15:33 - 2014-04-30 12:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-28 15:33 - 2014-04-30 11:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-28 15:33 - 2014-04-30 11:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-28 15:33 - 2014-04-30 11:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-28 15:33 - 2014-04-30 11:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-28 15:33 - 2014-04-14 13:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-28 15:33 - 2014-04-09 14:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-28 15:33 - 2014-04-09 13:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-28 15:31 - 2014-06-05 22:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-28 15:31 - 2014-06-05 21:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-28 15:31 - 2014-06-02 10:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-28 15:31 - 2014-05-31 18:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-28 15:31 - 2014-05-31 18:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-28 15:31 - 2014-05-31 18:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-28 15:31 - 2014-05-31 18:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-28 15:31 - 2014-05-31 18:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-28 15:31 - 2014-05-31 14:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-28 15:31 - 2014-05-31 14:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-28 15:31 - 2014-05-31 14:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-28 15:31 - 2014-05-31 12:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-28 15:31 - 2014-05-31 12:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-28 15:31 - 2014-05-31 12:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-28 15:31 - 2014-05-27 23:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-28 15:31 - 2014-05-27 17:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-28 15:31 - 2014-05-27 17:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-28 15:31 - 2014-05-17 12:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-28 15:31 - 2014-05-17 12:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-28 15:28 - 2014-07-12 12:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-28 15:24 - 2014-08-23 08:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-28 15:24 - 2014-08-07 10:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-28 15:24 - 2014-08-02 11:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-28 15:24 - 2014-07-16 02:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-28 15:24 - 2014-07-15 16:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-28 15:24 - 2014-07-15 16:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-28 15:24 - 2014-07-15 16:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-28 15:24 - 2014-07-10 12:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-28 15:24 - 2014-07-10 12:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-28 15:24 - 2014-07-10 11:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-28 15:24 - 2014-06-20 09:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-28 15:24 - 2014-06-20 07:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-28 15:24 - 2014-06-13 09:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-28 15:24 - 2014-06-13 09:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-28 15:24 - 2014-06-13 08:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-28 15:24 - 2014-06-10 06:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-28 15:24 - 2014-06-10 06:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-28 15:24 - 2014-06-06 19:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-28 15:24 - 2014-05-31 14:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-28 15:24 - 2014-05-13 12:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-28 15:24 - 2014-05-13 11:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-28 15:23 - 2014-08-02 11:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-28 15:23 - 2014-06-04 17:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-28 15:23 - 2014-06-04 13:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-28 15:23 - 2014-06-04 13:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-28 15:23 - 2014-06-04 12:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-28 15:23 - 2014-06-04 12:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-28 15:23 - 2014-06-04 10:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-28 15:23 - 2014-06-04 10:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-21 20:47 - 2014-08-21 20:48 - 00000000 ____D () C:\Users\User-\Desktop\That Awkward Moment (2014)
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-14 00:21 - 2014-09-14 00:21 - 00027904 _____ () C:\Users\User-\Downloads\FRST.txt
2014-09-14 00:21 - 2014-09-14 00:13 - 00000000 ____D () C:\FRST
2014-09-14 00:19 - 2013-01-05 08:47 - 00000000 ____D () C:\Users\User-\AppData\Roaming\uTorrent
2014-09-14 00:13 - 2014-09-14 00:13 - 02105856 _____ (Farbar) C:\Users\User-\Downloads\FRST64.exe
2014-09-14 00:13 - 2013-06-01 18:16 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 00:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-13 23:56 - 2012-12-30 07:50 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3625607165-2013681658-839687094-1002
2014-09-13 23:36 - 2014-09-13 23:36 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\eggvvx.sys
2014-09-13 23:36 - 2013-01-05 08:50 - 00000000 ____D () C:\Users\User-\AppData\Local\Conduit
2014-09-13 23:36 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\TAPI
2014-09-13 23:35 - 2013-01-05 08:51 - 00000000 ____D () C:\Users\User-\AppData\Local\CRE
2014-09-13 23:25 - 2013-12-26 15:09 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CF2E070D-FBC0-441D-94AE-C9DB66885AA8}
2014-09-13 23:22 - 2013-12-25 18:36 - 01830615 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-13 23:12 - 2014-09-13 23:10 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 23:10 - 2014-09-13 23:10 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 23:10 - 2014-09-13 23:10 - 00000000 ___RD () C:\Users\User-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-13 23:10 - 2014-09-13 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 23:10 - 2014-09-13 23:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 23:10 - 2014-09-13 23:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 23:09 - 2014-04-06 01:02 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-13 23:09 - 2013-06-01 18:16 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-13 23:08 - 2014-09-13 10:43 - 00003290 _____ () C:\WINDOWS\System32\Tasks\gg_uac_daemon_User-
2014-09-13 23:08 - 2013-02-28 22:50 - 00000000 ___RD () C:\Users\User-\Dropbox
2014-09-13 23:08 - 2013-02-28 22:40 - 00000000 ____D () C:\Users\User-\AppData\Roaming\Dropbox
2014-09-13 23:07 - 2013-06-01 18:16 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-09-13 23:07 - 2012-12-30 07:44 - 00000416 _____ () C:\Users\User-\AppData\Roaming\sp_data.sys
2014-09-13 23:05 - 2014-05-26 22:06 - 00000384 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-09-13 23:05 - 2014-05-26 22:06 - 00000384 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-09-13 23:05 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-13 23:05 - 2012-10-30 19:50 - 00000868 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-09-13 23:04 - 2013-12-25 18:43 - 00000000 ____D () C:\Users\User-
2014-09-13 23:04 - 2013-11-14 15:17 - 00119998 _____ () C:\WINDOWS\PFRO.log
2014-09-13 23:04 - 2013-08-22 21:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-13 22:49 - 2014-04-26 01:18 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield
2014-09-13 22:49 - 2013-09-12 17:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-13 22:49 - 2013-01-06 19:56 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-13 22:49 - 2012-12-31 18:40 - 00000000 ____D () C:\Program Files (x86)\DAP
2014-09-13 22:48 - 2014-09-13 22:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User-\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 22:29 - 2014-09-13 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-13 22:29 - 2014-09-13 22:29 - 00000000 ____D () C:\Program Files\7-Zip
2014-09-13 22:28 - 2014-09-13 22:28 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-09-13 22:28 - 2014-09-13 22:28 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-09-13 22:28 - 2014-09-13 22:28 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-09-13 22:28 - 2014-09-13 22:28 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 22:28 - 2013-06-22 18:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-13 22:24 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-13 22:20 - 2013-11-14 15:24 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-13 19:14 - 2014-09-13 19:14 - 00295072 _____ () C:\WINDOWS\Minidump\091314-41937-01.dmp
2014-09-13 19:14 - 2013-12-26 17:59 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-13 19:13 - 2013-02-10 00:53 - 653742902 _____ () C:\WINDOWS\MEMORY.DMP
2014-09-13 18:29 - 2014-09-13 18:29 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-13 18:29 - 2013-09-12 17:29 - 00000000 ____D () C:\ProgramData\Origin
2014-09-13 18:07 - 2013-01-12 10:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-13 16:21 - 2012-12-31 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2014-09-13 16:18 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-13 16:01 - 2012-12-31 18:41 - 00000000 ____D () C:\Users\User-\AppData\Roaming\EQATEC Analytics
2014-09-13 16:01 - 2012-10-30 19:58 - 00000000 ____D () C:\ProgramData\Temp
2014-09-13 11:29 - 2014-08-31 15:19 - 00000000 ____D () C:\Users\User-\AppData\Roaming\Skype
2014-09-12 21:01 - 2014-09-12 21:01 - 00056728 _____ () C:\Users\User-\Downloads\[kickass.to]cashback.2006.bdrip.xvid.war.torrent
2014-09-12 20:51 - 2014-09-12 20:23 - 87481100 _____ () C:\Users\User-\Downloads\SC-T-741874-V5.rar
2014-09-12 19:33 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-11 15:29 - 2014-06-12 22:23 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 15:29 - 2014-06-12 22:23 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 15:29 - 2014-06-12 22:16 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 15:29 - 2014-06-12 22:16 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 15:29 - 2014-06-12 22:16 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-11 15:29 - 2014-06-12 22:16 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-11 15:29 - 2014-06-12 22:16 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-11 15:29 - 2014-06-12 22:16 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 15:29 - 2014-06-12 22:16 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-11 15:29 - 2014-06-12 22:16 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-11 15:29 - 2014-06-12 22:16 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 15:29 - 2014-06-12 22:16 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-11 15:29 - 2014-06-12 22:16 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 15:29 - 2014-06-12 22:16 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-11 15:29 - 2014-05-09 20:36 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 15:29 - 2014-05-09 20:36 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 15:09 - 2014-09-11 14:42 - 82273254 _____ () C:\Users\User-\Downloads\SC-489741-TS-2.rar
2014-09-10 21:31 - 2014-09-10 21:31 - 00291328 _____ () C:\WINDOWS\Minidump\091014-36703-01.dmp
2014-09-10 21:03 - 2014-09-10 21:02 - 00291520 _____ () C:\WINDOWS\Minidump\091014-36671-01.dmp
2014-09-10 20:00 - 2013-07-20 22:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 19:53 - 2012-12-31 23:05 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-10 19:36 - 2014-09-10 19:36 - 00287664 _____ () C:\WINDOWS\Minidump\091014-30640-01.dmp
2014-09-10 17:17 - 2013-02-26 17:39 - 00513536 ___SH () C:\Users\User-\Desktop\Thumbs.db
2014-09-10 17:10 - 2014-09-10 17:00 - 28378489 _____ () C:\Users\User-\Downloads\SC-TS-41874-V4.rar
2014-09-09 21:43 - 2014-09-09 21:42 - 00293288 _____ () C:\WINDOWS\Minidump\090914-34656-01.dmp
2014-09-08 16:18 - 2014-09-08 16:17 - 00292240 _____ () C:\WINDOWS\Minidump\090814-29625-01.dmp
2014-09-08 14:38 - 2013-08-22 22:46 - 00349475 _____ () C:\WINDOWS\setupact.log
2014-09-07 20:52 - 2014-09-07 20:52 - 00000851 _____ () C:\Users\Public\Desktop\The SIMS 4 Deluxe Edition.lnk
2014-09-07 20:52 - 2014-09-07 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-07 16:22 - 2014-09-07 16:21 - 00293480 _____ () C:\WINDOWS\Minidump\090714-35140-01.dmp
2014-09-07 16:02 - 2014-09-07 16:02 - 00000000 ____D () C:\Users\User-\Documents\Electronic Arts
2014-09-07 15:57 - 2014-09-07 15:48 - 28075703 _____ () C:\Users\User-\Downloads\SC-TS-41974-V-3.rar
2014-09-07 15:29 - 2013-12-20 22:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-07 13:23 - 2012-10-30 19:50 - 00000870 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-09-06 16:11 - 2014-04-04 22:10 - 00000000 ____D () C:\Users\User-\Documents\FIFA 14
2014-09-04 21:44 - 2013-11-21 18:53 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-09-03 22:25 - 2014-09-03 22:25 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-03 22:25 - 2014-09-03 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-03 22:25 - 2014-09-03 22:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-03 22:25 - 2014-09-03 22:24 - 00000000 ____D () C:\Program Files\iTunes
2014-09-03 22:25 - 2014-09-03 22:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-03 22:24 - 2014-09-03 22:24 - 00000000 ____D () C:\Program Files\iPod
2014-09-03 22:20 - 2012-12-31 19:07 - 00000000 ____D () C:\ProgramData\Apple
2014-09-03 21:43 - 2014-09-03 21:43 - 00292424 _____ () C:\WINDOWS\Minidump\090314-30203-01.dmp
2014-09-03 18:24 - 2014-09-07 16:17 - 00447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2014-09-03 04:06 - 2014-07-16 21:41 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-03 04:06 - 2013-08-22 23:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-01 22:29 - 2014-09-01 22:29 - 00292520 _____ () C:\WINDOWS\Minidump\090114-29468-01.dmp
2014-09-01 14:04 - 2014-09-01 14:04 - 00294544 _____ () C:\WINDOWS\Minidump\090114-37640-01.dmp
2014-08-31 15:19 - 2014-08-31 15:19 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-31 15:19 - 2014-08-31 15:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-31 15:19 - 2014-08-31 15:19 - 00000000 ____D () C:\Users\User-\AppData\Local\Skype
2014-08-31 15:19 - 2014-08-31 15:19 - 00000000 ____D () C:\ProgramData\Skype
2014-08-31 15:19 - 2014-08-31 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-31 15:12 - 2014-08-31 15:12 - 00000000 ____D () C:\ProgramData\GRETECH
2014-08-31 15:12 - 2012-12-31 19:19 - 00001227 _____ () C:\Users\User-\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2014-08-31 15:12 - 2012-12-31 19:19 - 00001203 _____ () C:\Users\Public\Desktop\GOM Player.lnk
2014-08-31 12:00 - 2014-08-31 12:00 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-31 12:00 - 2014-08-31 12:00 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-31 12:00 - 2014-08-31 12:00 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-31 12:00 - 2014-08-31 12:00 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-08-31 11:49 - 2013-06-16 14:56 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-08-31 01:37 - 2014-04-26 01:19 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2014-08-31 01:36 - 2014-08-31 01:36 - 00295208 _____ () C:\WINDOWS\Minidump\083114-38234-01.dmp
2014-08-30 14:36 - 2014-04-27 21:53 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-08-29 14:08 - 2014-08-29 14:08 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar
2014-08-29 14:07 - 2014-08-29 14:07 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-28 18:46 - 2013-06-01 18:16 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-28 18:46 - 2013-06-01 18:16 - 00001984 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-28 18:45 - 2014-08-28 18:45 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-28 18:45 - 2014-08-28 18:45 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-28 18:45 - 2014-01-17 12:40 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-08-28 18:45 - 2013-06-01 18:16 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-28 18:45 - 2013-06-01 18:16 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-28 18:45 - 2013-06-01 18:16 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-28 18:45 - 2013-06-01 18:16 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-08-28 18:45 - 2013-06-01 18:16 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-28 18:45 - 2013-06-01 18:16 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-28 18:34 - 2013-08-22 22:44 - 00501072 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-28 18:32 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-28 18:32 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-28 18:32 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-28 18:32 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-28 18:26 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-27 23:38 - 2013-06-01 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-27 22:50 - 2013-08-22 23:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-08-27 22:50 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-08-27 22:49 - 2014-06-20 18:48 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-08-27 22:49 - 2014-04-06 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-27 22:49 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SystemResources
2014-08-27 22:49 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\Globalization
2014-08-27 22:49 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-27 22:49 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-08-27 22:49 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-08-27 22:49 - 2013-01-02 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-08-27 22:49 - 2013-01-02 23:16 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-08-27 22:49 - 2012-10-30 19:52 - 00000000 ____D () C:\ProgramData\Atheros
2014-08-27 22:38 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\registration
2014-08-27 22:30 - 2013-03-13 18:24 - 00000000 __RHD () C:\MSOCache
2014-08-23 08:42 - 2014-08-28 15:24 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-21 20:48 - 2014-08-21 20:47 - 00000000 ____D () C:\Users\User-\Desktop\That Awkward Moment (2014)
2014-08-21 18:44 - 2013-01-11 21:51 - 00141312 ___SH () C:\Users\User-\Downloads\Thumbs.db
2014-08-21 18:10 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-17 16:33 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-16 20:19 - 2013-02-28 22:50 - 00001067 _____ () C:\Users\User-\Desktop\Dropbox.lnk
2014-08-16 20:19 - 2013-02-28 22:41 - 00000000 ____D () C:\Users\User-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-16 10:40 - 2014-09-11 15:28 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-16 10:04 - 2014-09-11 15:28 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-16 10:00 - 2014-09-11 15:28 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-16 10:00 - 2014-09-11 15:28 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-16 09:56 - 2014-09-11 15:28 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-16 09:54 - 2014-09-11 15:28 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-16 09:45 - 2014-09-11 15:28 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-16 09:43 - 2014-09-11 15:28 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-16 09:32 - 2014-09-11 15:28 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-16 09:25 - 2014-09-11 15:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-16 09:22 - 2014-09-11 15:28 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-16 09:20 - 2014-09-11 15:28 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-16 09:19 - 2014-09-11 15:28 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-16 09:18 - 2014-09-11 15:28 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-16 09:18 - 2014-09-11 15:28 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-16 09:11 - 2014-09-11 15:28 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-16 09:06 - 2014-09-11 15:28 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-16 09:05 - 2014-09-11 15:28 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-16 09:05 - 2014-09-11 15:28 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-16 09:03 - 2014-09-11 15:28 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-16 09:03 - 2014-09-11 15:28 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-16 08:58 - 2014-09-11 15:28 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 08:56 - 2014-09-11 15:28 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-16 08:53 - 2014-09-11 15:28 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-16 08:53 - 2014-09-11 15:28 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-16 08:53 - 2014-09-11 15:28 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-16 08:51 - 2014-09-11 15:28 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-16 08:45 - 2014-09-11 15:28 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-16 08:44 - 2014-09-11 15:28 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-16 08:44 - 2014-09-11 15:28 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-16 08:34 - 2014-09-11 15:28 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-16 08:20 - 2014-09-11 15:28 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-16 08:18 - 2014-09-11 15:28 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-16 08:14 - 2014-09-11 15:28 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-16 08:12 - 2014-09-11 15:28 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\Users\User-\jagex_cl_loginapplet_LIVE.dat
C:\Users\User-\jagex_cl_runescape_LIVE.dat
C:\Users\User-\jagex_cl_runescape_LIVE1.dat
C:\Users\User-\random.dat
 
 
Some content of TEMP:
====================
C:\Users\User-\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbkbm7.dll
C:\Users\User-\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User-\AppData\Local\Temp\Uninstall.exe
C:\Users\User-\AppData\Local\Temp\utt71B9.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-13 21:58
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 13 September 2014 - 11:48 AM

Hi,

most probably from my torrent of the sims 4

That's correct.

Does this fix it?


Please download this attached Attached File  fixlist.txt   610bytes   6 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 han_ger05

han_ger05
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 14 September 2014 - 10:38 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by User- at 2014-09-14 23:22:19 Run:1
Running from C:\Users\User-\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-3625607165-2013681658-839687094-1002\...\Run: [BackgroundContainerV2] => "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\User-\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-3625607165-2013681658-839687094-1002\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
SearchScopes: HKCU - {D5E4F77E-9E8A-4ACD-997A-53673CB69091} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
EmptyTemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
HKU\S-1-5-21-3625607165-2013681658-839687094-1002\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainerV2 => value deleted successfully.
HKU\S-1-5-21-3625607165-2013681658-839687094-1002\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D5E4F77E-9E8A-4ACD-997A-53673CB69091}" => Key deleted successfully.
"HKCR\CLSID\{D5E4F77E-9E8A-4ACD-997A-53673CB69091}" => Key not found.
EmptyTemp: => Removed 5.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
I see it also fixed a few others. Thanks alot :). But my sisters laptop has the same sims files as i do but hasnt shown any symptoms yet should i do the same scan and post it up here? Sorry for the inconvenience caused.


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 14 September 2014 - 11:13 AM

Yes you can run a FRST scan on your sister's laptop too and post the logs here.

#5 han_ger05

han_ger05
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 15 September 2014 - 09:07 AM

Okay these are the results but there was an error at the beginning of the scan i accidentally clicked no. hopefully it didnt affect the scan 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by user (administrator) on ASUS on 15-09-2014 21:59:15
Running from C:\Users\user\Desktop
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.16.exe
(Microsoft Corporation) D:\b3918508d070509d9749e387\mrtstub.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5292664 2012-09-24] (VIA)
HKLM\...\Run: [VIAAUD] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe [2538616 2012-09-24] (VIA)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-11] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-11] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-25] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-25] (CyberLink Corp.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-09-12] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1884015275-1701219970-192206400-1001\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-07] (Google Inc.)
HKU\S-1-5-21-1884015275-1701219970-192206400-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-10] (Google Inc.)
HKU\S-1-5-21-1884015275-1701219970-192206400-1001\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1884015275-1701219970-192206400-1001\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-04-29] (BitTorrent Inc.)
HKU\S-1-5-21-1884015275-1701219970-192206400-1001\...\MountPoints2: {f3c2c12d-39d5-11e2-be79-50465d36fb0e} - "E:\AutoRun.exe" 
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={056C24AE-563A-460B-9A0B-A011FE390E36}&mid=53807a5f464247d09d3f810f1bd212fd-f4535ab6ffb0a7e4995eab740f4a487f5855d410&lang=en&ds=gm011&pr=sa&d=2012-12-28 00:12:23&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: uTorrentControl_v2 Toolbar -> {7473b6bd-4691-4744-a82b-7854eb3d70b6} -> C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{87248A4F-91E9-449B-89A0-168A572D9EC3}: [NameServer] 8.8.4.4,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ze6532h.default
FF NewTab: hxxp://feed.snapdo.com/?publisher=DownloadYB&dpid=DownloadYB&co=AU&userid=f9e11201-1222-42ca-8d63-9b3074e22052&searchtype=nt&installDate={installDate}&q=
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.snapdo.com/?publisher=DownloadYB&dpid=DownloadYB&co=AU&userid=f9e11201-1222-42ca-8d63-9b3074e22052&searchtype=hp&installDate={installDate}
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=DownloadYB&dpid=DownloadYB&co=AU&userid=f9e11201-1222-42ca-8d63-9b3074e22052&searchtype=ds&installDate={installDate}&q=
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ze6532h.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ze6532h.default\Extensions\staged [2013-10-30]
FF Extension: uTorrentControl_v2  - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ze6532h.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2012-12-01]
FF Extension: DVDVideoSoftTB  - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2ze6532h.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012-12-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013-02-16]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-10-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12 [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.hotmail.com/
CHR StartupUrls: Default -> "hxxp://yahoo.com/", "hxxp://feed.snapdo.com/?publisher=DownloadYB&dpid=DownloadYB&co=AU&userid=f9e11201-1222-42ca-8d63-9b3074e22052&searchtype=hp&installDate={installDate}"
CHR DefaultSearchKeyword: Default -> 2E83168F5762CCEB75B1ED4BED038FC8E967FDE1807EA6658C291C4B109CAE58
CHR DefaultSearchURL: Default -> 07F7C21395E8712C0D9FFDFAEFF298D461BEACC3C76680DC5E999BE5E7514080
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-22]
CHR Extension: (Chevron ) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnaoilkhcefkpnnmnepmlfhomikoala [2014-01-22]
CHR Extension: (Read Later Fast) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2014-02-09]
CHR Extension: (Mahjongg) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2014-01-22]
CHR Extension: (uTorrentControl_v2) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2014-01-22]
CHR Extension: (Web Lab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe [2014-01-22]
CHR Extension: (Digital Clock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2014-01-22]
CHR Extension: (Don't Starve) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc [2014-01-22]
CHR Extension: (Crackle) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-01-22]
CHR Extension: (Arcane Legends) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2014-01-22]
CHR Extension: (Murder Files) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-01-22]
CHR Extension: (DVDVideoSoft) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-01-22]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Dilandau) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\peacmkenjjcaifjckopphcofncigpnlp [2014-01-22]
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\user\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-20]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-10-24]
CHR HKCU\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - C:\Users\user\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx [2013-10-24]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\user\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-20]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2012-11-20]
CHR HKLM-x32\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - C:\Users\user\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx [2012-11-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-11] (Qualcomm Atheros Commnucations)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [36224 2012-07-30] ()
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-31] (Diskeeper Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-09-14] (VIA Technologies, Inc.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-11] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-11-01] (ASUS Corporation)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-06-23] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-31] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-31] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [40712 2012-11-02] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 21:59 - 2014-09-15 22:00 - 00029466 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-15 21:57 - 2014-09-15 21:59 - 00000000 ____D () C:\FRST
2014-09-15 21:56 - 2014-09-14 00:13 - 02105856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-09-14 14:40 - 2014-09-14 14:40 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-14 14:40 - 2014-09-14 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-14 14:40 - 2014-09-14 14:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-14 14:40 - 2014-09-14 14:40 - 00000000 ____D () C:\Program Files\iTunes
2014-09-14 14:40 - 2014-09-14 14:40 - 00000000 ____D () C:\Program Files\iPod
2014-09-14 14:40 - 2014-09-14 14:40 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-13 15:55 - 2014-09-13 15:55 - 00000000 ____D () C:\Users\user\Documents\Electronic Arts
2014-09-13 15:52 - 2014-09-13 15:52 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-13 15:49 - 2014-09-13 15:49 - 00001404 _____ () C:\Users\user\Desktop\Origin - Shortcut.lnk
2014-09-13 15:36 - 2014-09-15 21:56 - 00001635 _____ () C:\WINDOWS\setupact.log
2014-09-13 15:36 - 2014-09-13 15:36 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-13 15:32 - 2014-09-13 15:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\Origin
2014-09-13 15:32 - 2014-09-13 15:52 - 00000000 ____D () C:\Users\user\AppData\Local\Origin
2014-09-13 15:32 - 2014-09-13 15:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-13 15:24 - 2014-09-13 15:53 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-13 15:24 - 2014-09-13 15:52 - 00000000 ____D () C:\ProgramData\Origin
2014-09-13 15:24 - 2014-09-13 15:51 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-13 15:09 - 2014-09-13 15:09 - 00002066 _____ () C:\Users\Public\Desktop\The SIMS 4 Deluxe Edition.lnk
2014-09-13 15:09 - 2014-09-13 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-13 15:02 - 2014-09-13 15:09 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-12 19:22 - 2014-09-12 19:22 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2014-09-12 19:22 - 2014-09-12 19:22 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2014-09-05 19:45 - 2014-09-05 19:45 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar
2014-09-05 19:44 - 2014-09-05 19:44 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 22:00 - 2014-09-15 21:59 - 00029466 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-15 22:00 - 2013-11-14 16:00 - 01453054 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-15 22:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-15 22:00 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-15 21:59 - 2014-09-15 21:57 - 00000000 ____D () C:\FRST
2014-09-15 21:56 - 2014-09-13 15:36 - 00001635 _____ () C:\WINDOWS\setupact.log
2014-09-15 21:55 - 2012-12-01 08:19 - 00003906 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{45A9E3CB-82D1-4EB9-A2B9-91E552A0AC37}
2014-09-15 21:52 - 2013-08-17 19:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-14 18:34 - 2012-11-07 03:48 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1884015275-1701219970-192206400-1001
2014-09-14 18:10 - 2012-11-07 04:00 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1884015275-1701219970-192206400-1001UA.job
2014-09-14 17:51 - 2013-01-19 18:59 - 00000382 _____ () C:\WINDOWS\Tasks\WpsUpdateTask_user.job
2014-09-14 17:36 - 2012-11-14 01:36 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 14:40 - 2014-09-14 14:40 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-14 14:40 - 2014-09-14 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-14 14:40 - 2014-09-14 14:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-14 14:40 - 2014-09-14 14:40 - 00000000 ____D () C:\Program Files\iTunes
2014-09-14 14:40 - 2014-09-14 14:40 - 00000000 ____D () C:\Program Files\iPod
2014-09-14 14:40 - 2014-09-14 14:40 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-14 00:13 - 2014-09-15 21:56 - 02105856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-09-13 17:27 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-13 15:55 - 2014-09-13 15:55 - 00000000 ____D () C:\Users\user\Documents\Electronic Arts
2014-09-13 15:53 - 2014-09-13 15:24 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-13 15:52 - 2014-09-13 15:52 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-13 15:52 - 2014-09-13 15:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Origin
2014-09-13 15:52 - 2014-09-13 15:32 - 00000000 ____D () C:\Users\user\AppData\Local\Origin
2014-09-13 15:52 - 2014-09-13 15:24 - 00000000 ____D () C:\ProgramData\Origin
2014-09-13 15:51 - 2014-09-13 15:24 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-13 15:49 - 2014-09-13 15:49 - 00001404 _____ () C:\Users\user\Desktop\Origin - Shortcut.lnk
2014-09-13 15:36 - 2014-09-13 15:36 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-13 15:32 - 2014-09-13 15:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-13 15:09 - 2014-09-13 15:09 - 00002066 _____ () C:\Users\Public\Desktop\The SIMS 4 Deluxe Edition.lnk
2014-09-13 15:09 - 2014-09-13 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-13 15:09 - 2014-09-13 15:02 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-13 15:01 - 2013-09-30 12:10 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-13 15:00 - 2012-12-01 10:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-09-12 20:26 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-12 20:14 - 2012-11-07 04:02 - 00002377 _____ () C:\Users\user\Desktop\Google Chrome.lnk
2014-09-12 19:58 - 2014-05-08 18:49 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-09-12 19:58 - 2012-12-28 00:12 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-09-12 19:22 - 2014-09-12 19:22 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2014-09-12 19:22 - 2014-09-12 19:22 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2014-09-12 19:21 - 2012-11-07 03:59 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2014-09-05 19:45 - 2014-09-05 19:45 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar
2014-09-05 19:44 - 2014-09-05 19:44 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-29 13:01 - 2012-12-18 12:37 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
 
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-05 20:31
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by user at 2014-09-15 22:02:47
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.3.143.61629 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.3.143.61629 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.5 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.8 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.31.1111 - Foxit Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1707 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 2.0.1707 - CyberLink Corp.) Hidden
DJ ToneXpress v4.7.5 (HKLM-x32\...\{FF012176-7DCC-D99F-9A13-67B9D5396B74}) (Version: 4.7.5.950 - DJ Tones, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
DTS+AC3 Filter (HKLM-x32\...\DtsFilter) (Version:  - )
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
Free YouTube to MP3 Converter version 3.12.14.1022 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.14.1022 - DVDVideoSoft Ltd.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.56.5183 - Gretech Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 39 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.390 - Oracle)
Kingsoft Office 2012 (8.1.0.3375) (HKLM-x32\...\Kingsoft Office) (Version: 8.1.0.3375 - Kingsoft Corp.)
LIMBO (HKLM-x32\...\LIMBO) (Version:  - )
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 15.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 15.0 (x86 en-US)) (Version: 15.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 15.0 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.6 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.4.5.2 - Splashtop Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
The SIMS 4 Deluxe Edition (HKLM-x32\...\The SIMS 4 Deluxe Edition_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.90 - TuneUp Software)
uTorrentControl_v2 Toolbar (HKLM-x32\...\uTorrentControl_v2 Toolbar) (Version: 6.9.0.16 - uTorrentControl_v2) <==== ATTENTION
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1884015275-1701219970-192206400-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1884015275-1701219970-192206400-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1884015275-1701219970-192206400-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1884015275-1701219970-192206400-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1884015275-1701219970-192206400-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1884015275-1701219970-192206400-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1884015275-1701219970-192206400-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1884015275-1701219970-192206400-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1884015275-1701219970-192206400-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
12-09-2014 12:23:39 Scheduled Checkpoint
13-09-2014 07:38:52 tokidoki
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0148C92C-112F-4F8E-A5FA-D93C520A83BC} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1DAC29FA-5763-4D27-A8EC-368E9D084CDC} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {20609742-5638-4509-B1EB-B56CAFC2117D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-25] (ASUSTek Computer Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {252730E9-1189-4518-A1F1-D5EA64983045} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2B0B10E6-8256-4621-AADA-BA9F8FED92EC} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2FDE60FC-585B-42AD-8932-8A4CC1C5FE48} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-07] (ASUS)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6027E182-4938-4FDD-8407-85BE1552256E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {61C950E6-5B14-4EED-8ECA-AA123D6831D7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6EEDBD37-BCC3-4536-A091-0AD651C9D680} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.)
Task: {6FFACCC6-8C6D-41C9-A8E9-D328F3658AF2} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7466D799-AA27-42FD-81DC-15C6860B88AD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7BB1D22C-1BF2-476A-926A-F3AE6B659E80} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.)
Task: {7FAD2EDB-509C-40AC-8E4D-7135CC644D01} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1884015275-1701219970-192206400-1001Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-07] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9C5C0ED1-75CA-4663-84C7-5A9195A38129} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-21] (Piriform Ltd)
Task: {9DBF9D5E-7E95-46D7-976D-01749E633A39} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A854C57E-30C1-4795-AB6B-0BD1FC5909B6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{415FD588-64A0-4389-BA96-2D73671630B8}.exe
Task: {B3581747-7684-48C2-8A6A-62AC6001343A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-13] (Google Inc.)
Task: {CDCC1E4D-E24C-43F9-9B7D-9BA6AD0E42C7} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-06-23] (Microsoft Corporation)
Task: {CF5AEB3C-6E75-4619-97CD-56E71BA84F96} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DDC7A657-CF35-450B-B0B6-884293D85131} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1884015275-1701219970-192206400-1001UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-07] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E73A8AE7-6865-4D45-87C9-2820BA293A63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-13] (Google Inc.)
Task: {F321DBDF-F567-4896-A81C-1524CB0C4617} - System32\Tasks\WpsUpdateTask_user => C:\Program Files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2013-06-06] (Kingsoft Corp. Ltd.)
Task: {F56C5342-8192-4D49-9CF1-0C6ADB26DB90} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{415FD588-64A0-4389-BA96-2D73671630B8}.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1884015275-1701219970-192206400-1001Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1884015275-1701219970-192206400-1001UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_user.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-09-28 18:12 - 2012-07-30 19:26 - 00029056 _____ () C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-12-01 23:51 - 2012-11-12 00:38 - 00091648 _____ () C:\Program Files (x86)\MediaMonkey\DeskPlayer.dll
2012-10-19 08:19 - 2012-09-24 09:58 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-10-19 08:19 - 2012-09-24 09:58 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-08-11 09:28 - 2012-08-11 09:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-08-12 20:57 - 2014-08-12 20:56 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2012-12-28 00:12 - 2014-09-12 19:58 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2012-10-19 08:14 - 2012-06-26 01:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-08-25 08:17 - 2012-08-25 08:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2014-08-12 20:57 - 2014-08-12 20:56 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-09-13 15:31 - 2014-09-13 15:31 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-09-13 15:30 - 2014-09-13 15:30 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-09-13 15:30 - 2014-09-13 15:30 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-09-13 15:30 - 2014-09-13 15:30 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-09-13 15:30 - 2014-09-13 15:30 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-09-13 15:30 - 2014-09-13 15:30 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-09-13 15:30 - 2014-09-13 15:30 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-09-13 15:30 - 2014-09-13 15:30 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-12 20:14 - 2014-09-04 11:01 - 01098056 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-12 20:14 - 2014-09-04 11:01 - 00174408 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-12 20:14 - 2014-09-04 11:01 - 08577864 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-12 20:14 - 2014-09-04 11:01 - 00331592 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-12 20:14 - 2014-09-04 11:01 - 01660232 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-12 20:14 - 2014-09-04 11:01 - 14891848 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\user\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\Run: => "Google Update"
HKCU\...\StartupApproved\Run: => "swg"
HKCU\...\StartupApproved\Run: => "Skype"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/15/2014 09:51:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 98228640
 
Error: (09/15/2014 09:51:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 98228640
 
Error: (09/15/2014 09:51:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/15/2014 09:51:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 98227469
 
Error: (09/15/2014 09:51:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 98227469
 
Error: (09/15/2014 09:51:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2014 06:34:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125
 
Error: (09/14/2014 06:34:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125
 
Error: (09/14/2014 06:34:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2014 01:23:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 65742672
 
 
System errors:
=============
Error: (09/13/2014 04:39:45 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.100 with the system
having network hardware address A8-44-81-F5-C7-70. Network operations on this system may
be disrupted as a result.
 
Error: (08/12/2014 09:05:56 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 0.0.0.0 with the system
having network hardware address 74-E5-43-41-18-4A. Network operations on this system may
be disrupted as a result.
 
Error: (07/24/2014 04:42:17 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.100 with the system
having network hardware address 50-7E-5D-17-C7-1C. Network operations on this system may
be disrupted as a result.
 
Error: (07/24/2014 04:41:18 PM) (Source: DCOM) (EventID: 10001) (User: ASUS)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:microsoft.onenoteim.AppXm6fgyxg551ans5s3xmezr3h6w655wb0r.mca31microsoft.onenoteim.AppXz97txms671kxkms1js0am360cp52b5qq.mcaUnavailableUnavailable
 
Error: (07/10/2014 04:44:31 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (06/27/2014 01:02:26 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (06/26/2014 10:05:48 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x80080005
 
Error: (06/26/2014 10:05:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (06/26/2014 10:04:20 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.
 
Error: (06/26/2014 10:04:18 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.
 
 
Microsoft Office Sessions:
=========================
Error: (09/15/2014 09:51:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 98228640
 
Error: (09/15/2014 09:51:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 98228640
 
Error: (09/15/2014 09:51:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/15/2014 09:51:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 98227469
 
Error: (09/15/2014 09:51:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 98227469
 
Error: (09/15/2014 09:51:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2014 06:34:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125
 
Error: (09/14/2014 06:34:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125
 
Error: (09/14/2014 06:34:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2014 01:23:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 65742672
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-01 17:26:23.681
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-03-01 17:26:23.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 69%
Total physical RAM: 3981.6 MB
Available physical RAM: 1223.11 MB
Total Pagefile: 6300.57 MB
Available Pagefile: 2619.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:133.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:188.94 GB) NTFS
Drive e: () (Removable) (Total:1.88 GB) (Free:1.87 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CDFAD22C)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 2A64CF55)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
 
==================== End Of Log ============================
 
 
Thanks again


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 15 September 2014 - 09:09 AM

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


#7 han_ger05

han_ger05
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 15 September 2014 - 09:50 AM

Hi, uhm i noticed that it wanted to clean some programs that seem to me like its required such as the Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application DptfParticipantProcessor and Dptfpolicylymservice. should i clean everything or uncheck the boxes with programs wanted as this is my laptop.



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 15 September 2014 - 09:56 AM

It's possible that there are false positive detections.
Uncheck these boxes before running the clean routine.

#9 han_ger05

han_ger05
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 16 September 2014 - 09:20 AM

Hi it seems my sister doesn't want to do any changes at the moment but thanks again for your help.



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 19 September 2014 - 03:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users