Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer Hijacked; seems like its being monitored?


  • This topic is locked This topic is locked
49 replies to this topic

#1 gothijacked?

gothijacked?

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:11:15 AM

Posted 02 October 2014 - 06:21 PM

When I click on IE to start a browsing session, IE hangs as if it is being redirected for monitoring or something. It will partially load a page eventually but the complete page load is delayed as if it checks in to a remote computer before totally loading up. I am running a downlaod speed according to Speedtest of around 75MBPS.I have run SpyHunter, REgHunter, Malwarebytes, and ESET; still the issue of delayed load. This also is evident in PDF loading that hjangs and will sometimes not proceed to complaetion for a while...several minutes. I have cleared the cache, I ran SFC and checked to sart-up folder. This issue just cropped up a week or so ago. Thank you for any help.

Attached File  attach.txt   104.03KB   0 downloadsDDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.67.2
Run by ASUS1 at 18:01:07 on 2014-10-02
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.16330.12552 [GMT -5:00]
.
AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\SOS Online Backup\SUpdateNotifier.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\SOS Online Backup\SAgent.Service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Users\ASUS1\AppData\Local\Autobahn\nexdef.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\SOS Online Backup\SMessaging.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
uRunOnce: [Application Restart #0] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0 --mode=LBS --helperBridgeName={B895AC12-9652-42A5-99BF-01F7838CE7EA} --lbsWorkflowID={284AEAF8-5C54-4A53-9748-9CEAB2230D10} --aamHelperPipeName="{B895AC12-9652-42A5-99BF-01F7838CE7EA}" --accPipeName="{2AACDCFA-89D1-4158-AF0D-0CC6D3CF0CFC}" --acccUpdated="true" --mode="update" --selfDelete="C:\Users\ASUS1\AppData\Local\Temp\CreativeCloudSet-Up.exe" --shouldLaunchACC="false" --workflowId="{284AEAF8-5C54-4A53-9748-9CEAB2230D10}"  /RestartByRestartManager:912735A2-4387-4e3d-9AF5-C175CDB284E8
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SOSUAUI] "C:\Program Files (x86)\SOS Online Backup\sosuploadagent.exe" -showui
mRun: [SMessaging] "C:\Program Files (x86)\SOS Online Backup\SMessaging.exe"
mRun: [AccountCreatorRunner] "C:\Program Files (x86)\SOS Online Backup\AccountCreatorRunner.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\ASUS1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\ASUS1\AppData\Local\Autobahn\nexdef.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\UltraMon.lnk - C:\WINDOWS\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{C4870C8B-5507-46DE-BF24-DE13CAFD20F8} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\WINDOWS\System32\Drivers\amd_sata.sys [2013-5-15 80552]
R0 amd_xata;amd_xata;C:\WINDOWS\System32\Drivers\amd_xata.sys [2013-5-15 26280]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2013-5-2 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-22 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-5-15 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2013-5-15 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-5-15 149120]
R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [2012-12-19 72192]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-4-20 2428088]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-1-23 1858048]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-28 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-28 860472]
R2 sagentservice;Offsite Online Backup Service;C:\Program Files (x86)\SOS Online Backup\SAgent.Service.exe [2014-7-16 44552]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [2014-1-9 1025920]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2012-8-24 20512]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\Drivers\AtihdW86.sys [2014-4-14 94208]
R3 AU8168;AU 8168 NT Driver;C:\WINDOWS\System32\Drivers\au630x64.sys [2013-9-23 792648]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-1-7 15920]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2014-8-28 25816]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\Drivers\mwac.sys [2014-8-28 64216]
R3 usbfilter;AMD USB Filter Driver;C:\WINDOWS\System32\Drivers\usbfilter.sys [2014-4-14 58536]
S3 ahcix64s;ahcix64s;C:\WINDOWS\System32\Drivers\ahcix64s.sys [2013-5-15 298304]
S3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2013-5-15 760032]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S4 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys [2014-8-28 122584]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-09-30 19:54:21 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{796F4857-9F22-4C98-A14D-FDC8232C4345}\offreg.dll
2014-09-30 12:59:38 262824 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10247.bin
2014-09-24 23:00:14 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-09-15 16:34:05 122584 ----a-w- C:\WINDOWS\System32\drivers\48230029.sys
2014-09-15 02:28:00 -------- d-----w- C:\AMD
2014-09-15 01:35:59 -------- d-sh--w- C:\Recovery
2014-09-10 21:59:12 98216 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2014-09-10 20:39:50 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{796F4857-9F22-4C98-A14D-FDC8232C4345}\mpengine.dll
2014-09-10 20:31:20 875688 ----a-w- C:\WINDOWS\SysWow64\msvcr120_clr0400.dll
2014-09-10 20:31:20 869544 ----a-w- C:\WINDOWS\System32\msvcr120_clr0400.dll
2014-09-10 20:27:45 144896 ----a-w- C:\WINDOWS\System32\tssdisai.dll
2014-09-10 20:27:44 148480 ----a-w- C:\WINDOWS\System32\poqexec.exe
2014-09-10 20:02:20 -------- d-----w- C:\Program Files (x86)\Ruiware
2014-09-10 20:01:32 -------- d-----w- C:\ProgramData\Oracle
2014-09-07 19:31:57 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-09-07 19:20:08 71168 ----a-w- C:\WINDOWS\System32\drivers\hdaudbus.sys
2014-09-07 19:16:13 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2014-09-07 19:16:13 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2014-09-07 19:12:46 4036096 ----a-w- C:\WINDOWS\System32\win32k.sys
2014-09-07 19:12:45 1300992 ----a-w- C:\WINDOWS\System32\gdi32.dll
2014-09-07 19:12:45 1023488 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2014-09-07 19:12:44 596480 ----a-w- C:\WINDOWS\System32\qedit.dll
2014-09-07 19:12:44 497152 ----a-w- C:\WINDOWS\SysWow64\qedit.dll
2014-09-03 16:28:33 -------- d-----w- C:\WINDOWS\ERUNT
.
==================== Find3M  ====================
.
2014-10-02 22:28:46 122584 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-09-02 19:32:27 705480 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2014-09-02 19:32:27 104904 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 06:05:35 35328 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2014-08-28 06:05:17 86528 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2014-08-28 06:05:17 128000 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2014-08-28 06:02:15 40448 ----a-w- C:\WINDOWS\System32\wuapp.exe
2014-08-28 06:01:45 253440 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll
2014-08-28 06:01:45 144384 ----a-w- C:\WINDOWS\System32\wuwebv.dll
2014-08-28 06:01:45 100352 ----a-w- C:\WINDOWS\System32\wudriver.dll
2014-08-28 06:01:44 17920 ----a-w- C:\WINDOWS\System32\wuaext.dll
2014-08-28 06:01:44 1623552 ----a-w- C:\WINDOWS\System32\wucltux.dll
2014-08-28 06:01:15 176640 ----a-w- C:\WINDOWS\System32\storewuauth.dll
2014-08-16 09:34:19 2239488 ----a-w- C:\WINDOWS\System32\wininet.dll
2014-08-16 09:34:10 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2014-08-16 09:32:57 3959296 ----a-w- C:\WINDOWS\System32\jscript9.dll
2014-08-16 09:32:05 1508864 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2014-08-16 07:37:20 1766400 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2014-08-16 07:36:19 2861568 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2014-08-16 07:35:44 1440768 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
2014-07-31 23:40:32 1287680 ----a-w- C:\WINDOWS\System32\schedsvc.dll
2014-07-10 17:10:18 45056 ----a-w- C:\WINDOWS\SysWow64\HSSICore.dll
2014-07-10 17:10:18 40960 ----a-w- C:\WINDOWS\SysWow64\HS_live.ocx
2014-07-10 17:10:18 184320 ----a-w- C:\WINDOWS\SysWow64\OESICore.dll
2014-07-10 17:10:02 98136 ----a-w- C:\WINDOWS\gzip.exe
.
============= FINISH: 18:01:35.97 ===============
 

 



BC AdBot (Login to Remove)

 


m

#2 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:15 PM

Posted 07 October 2014 - 07:50 AM


Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)



FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#3 gothijacked?

gothijacked?
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:11:15 AM

Posted 07 October 2014 - 12:11 PM

Naat,

Thank you very much for the help.

To repeat the issues, the computer will "hang" and proceed very slowly from the time I enter the address in the address bar on IE and eventually go to the site I request. It has recently begun this issue. My laptop responds very quickly and does not do this. Both are on the same home network. I  ran the scans you requested and here are the logs. 

robert

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by ASUS1 at 2014-10-07 11:54:21
Running from C:\Users\ASUS1\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
AMD Accelerated Video Transcoding (Version: 12.10.100.30322 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{DD86C046-D5AB-954F-EBB7-592EB36BD196}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
ASUS Easy Update (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 2.00.30 - ASUSTeK Computer Inc)
ASUS Launcher (HKLM-x32\...\{40376CD0-67E0-4190-86CA-8BD8CBAC331C}) (Version: 1.00.12 - ASUSTeK Computer Inc.)
ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.3.3 - MAGIX AG)
ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
ASUS MX Suite (HKLM-x32\...\MAGIX_{CFA9C800-9B0B-42E3-92E7-08B5AF2E192E}) (Version: 1.13.0.121 - MAGIX AG)
ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
ASUS Video easy (HKLM-x32\...\MAGIX_{E3185090-8796-46FB-A27F-6C844F106DAC}) (Version: 4.0.1.90 - MAGIX AG)
ASUS Video easy (Version: 4.0.1.90 - MAGIX AG) Hidden
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
Catalyst Control Center InstallProxy (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Homestead SiteBuilder (HKLM-x32\...\Homestead SiteBuilder) (Version:  - Homestead)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
RegHunter (HKLM\...\{F94A63D7-9A61-403B-8F6F-90B1BF77211A}) (Version: 1.3.3.1613 - Enigma Software Group USA, LLC)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SOS Online Backup (HKLM-x32\...\{751718DA-FC0A-41A3-AFA2-FD701119590A}) (Version: 5.14.0.91 - SOS Online Backup, Inc.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd)
Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2727560164-433847042-2156822035-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ASUS1\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2727560164-433847042-2156822035-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ASUS1\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2727560164-433847042-2156822035-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ASUS1\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2727560164-433847042-2156822035-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ASUS1\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2727560164-433847042-2156822035-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ASUS1\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

06-10-2014 08:02:10 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A17CAC5-4D6A-4EC2-8135-4E5414838064} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-26] (Microsoft Corporation)
Task: {0F4DA144-DD23-4AD5-99D8-091E8B2CAA6F} - System32\Tasks\Online Backup Update Notifier => C:\Program Files (x86)\SOS Online Backup\SUpdateNotifier.exe [2014-07-16] (SOS Online Backup)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1FC689F6-9335-41E5-9646-EEFB14B942C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {294F4419-A11C-4262-9B47-24E51F8E0E45} - System32\Tasks\ASUS\ASUS Easy Update => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2012-11-19] (ASUSTeK Computer Inc.)
Task: {43C25724-74B2-4AE1-AF36-2452EDA6445E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {4BF4E684-1C07-402F-8F24-62AD41D26AE0} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {530F2B22-7EFF-4270-929C-908F6EAA662C} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {832E3D07-CAD2-4FCA-B2D4-F3854C925D87} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ASUS-ASUS1 ASUS => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-26] (Microsoft Corporation)
Task: {9CC3ACC8-E8B6-4762-B22B-43D779043394} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AE45EAF5-4848-4F28-A282-ACA4FDCF4D01} - System32\Tasks\SOS Online Backup - rsmith@houstonsuburbanrealestate.com => C:\Program Files (x86)\SOS Online Backup\sosuploadagent.exe [2014-07-16] (SOS Online Backup)
Task: {AF6C8FB1-A99C-4D0A-AEA1-10A1BBAF769B} - System32\Tasks\AdobeAAMUpdater-1.0-ASUS-ASUS1 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D04E3A6F-8E30-4D7B-B57C-3108A95FE5AF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-10] (Microsoft Corporation)
Task: {D254A978-07F3-41AE-B459-AC9BBEE0EA06} - System32\Tasks\ASUS\ASUS Launcher Helper => C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [2013-04-23] (Microsoft)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Online Backup Update Notifier.job => C:\Program Files (x86)\SOS Online Backup\SUpdateNotifier.exe
Task: C:\WINDOWS\Tasks\SOS Online Backup - rsmith@houstonsuburbanrealestate.com.job => C:\Program Files (x86)\SOS Online Backup\sosuploadagent.exe

==================== Loaded Modules (whitelisted) =============

2014-04-18 15:43 - 2013-10-23 17:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-08-27 16:24 - 2014-09-26 04:31 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-05-15 15:07 - 2013-04-17 18:08 - 00855040 _____ () C:\Windows\AsusLauncherContextMenu64.dll
2013-05-15 15:01 - 2013-03-14 02:33 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2012-12-19 01:10 - 2012-12-19 01:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2014-04-20 23:17 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-16 11:14 - 2014-07-16 11:14 - 00039944 _____ () C:\Program Files (x86)\SOS Online Backup\SOS.Utils.Rc.dll
2014-07-16 11:14 - 2014-07-16 11:14 - 00021512 _____ () C:\Program Files (x86)\SOS Online Backup\SOS.Contracts.RemoteControl.dll
2014-07-16 11:14 - 2014-07-16 11:14 - 00036872 _____ () C:\Program Files (x86)\SOS Online Backup\SOS.SharedEverywhere.dll
2014-07-16 11:14 - 2014-07-16 11:14 - 00037896 _____ () C:\Program Files (x86)\SOS Online Backup\SOS.Contracts.CentralManagement.dll
2014-07-16 11:14 - 2014-07-16 11:14 - 00138248 _____ () C:\Program Files (x86)\SOS Online Backup\xdelta_x64.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 15500800 _____ () C:\Users\ASUS1\AppData\Local\Autobahn\nexdef.exe
2014-07-16 11:05 - 2014-07-16 11:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2013-03-22 07:24 - 2013-03-22 07:24 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-05-15 15:01 - 2014-10-03 10:20 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-05-15 15:01 - 2010-06-28 21:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00020480 _____ () C:\Users\ASUS1\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00069632 _____ () C:\Users\ASUS1\AppData\Local\Autobahn\rt\bin\java.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00126976 _____ () C:\Users\ASUS1\AppData\Local\Autobahn\rt\bin\zip.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00159744 _____ () C:\Users\ASUS1\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2014-07-25 13:37 - 2014-07-03 06:45 - 32733056 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-07-25 13:37 - 2014-07-03 06:45 - 00742784 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-07-25 13:37 - 2014-07-03 06:45 - 00136576 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2727560164-433847042-2156822035-500 - Administrator - Disabled)
ASUS1 (S-1-5-21-2727560164-433847042-2156822035-1002 - Administrator - Enabled) => C:\Users\ASUS1
Guest (S-1-5-21-2727560164-433847042-2156822035-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2727560164-433847042-2156822035-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2014 11:54:39 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-09-13T16:54:39Z. Error Code: 0x80041316.

Error: (10/07/2014 11:54:09 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-09-13T16:54:09Z. Error Code: 0x80041316.

Error: (10/07/2014 11:53:39 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-09-13T16:53:39Z. Error Code: 0x80041316.

Error: (10/07/2014 11:53:09 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-09-13T16:53:09Z. Error Code: 0x80041316.

Error: (10/07/2014 11:52:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.9200.16579, time stamp: 0x51635d0c
Faulting module name: ESENT.dll, version: 6.2.9200.16557, time stamp: 0x5143e25e
Exception code: 0xc0000005
Fault offset: 0x0000000000107b53
Faulting process id: 0x272c
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3
Faulting package full name: SearchIndexer.exe4
Faulting package-relative application ID: SearchIndexer.exe5

Error: (10/07/2014 11:52:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.9200.16579, time stamp: 0x51635d0c
Faulting module name: ESENT.dll, version: 6.2.9200.16557, time stamp: 0x5143e25e
Exception code: 0xc0000005
Fault offset: 0x0000000000107b53
Faulting process id: 0x18c4
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3
Faulting package full name: SearchIndexer.exe4
Faulting package-relative application ID: SearchIndexer.exe5

Error: (10/07/2014 11:52:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.9200.16579, time stamp: 0x51635d0c
Faulting module name: ESENT.dll, version: 6.2.9200.16557, time stamp: 0x5143e25e
Exception code: 0xc0000005
Fault offset: 0x0000000000107b53
Faulting process id: 0x24a0
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3
Faulting package full name: SearchIndexer.exe4
Faulting package-relative application ID: SearchIndexer.exe5

Error: (10/07/2014 11:52:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.9200.16579, time stamp: 0x51635d0c
Faulting module name: ESENT.dll, version: 6.2.9200.16557, time stamp: 0x5143e25e
Exception code: 0xc0000005
Fault offset: 0x0000000000107b53
Faulting process id: 0x22f4
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3
Faulting package full name: SearchIndexer.exe4
Faulting package-relative application ID: SearchIndexer.exe5

Error: (10/07/2014 11:52:39 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-09-13T16:52:39Z. Error Code: 0x80041316.

Error: (10/07/2014 11:52:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.9200.16579, time stamp: 0x51635d0c
Faulting module name: ESENT.dll, version: 6.2.9200.16557, time stamp: 0x5143e25e
Exception code: 0xc0000005
Fault offset: 0x0000000000107b53
Faulting process id: 0x1c30
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3
Faulting package full name: SearchIndexer.exe4
Faulting package-relative application ID: SearchIndexer.exe5

System errors:
=============
Error: (10/07/2014 11:52:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1003 time(s).

Error: (10/07/2014 11:52:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1002 time(s).

Error: (10/07/2014 11:52:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1001 time(s).

Error: (10/07/2014 11:52:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1000 time(s).

Error: (10/07/2014 11:52:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 999 time(s).

Error: (10/07/2014 11:50:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 998 time(s).

Error: (10/07/2014 11:49:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 997 time(s).

Error: (10/07/2014 11:44:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 996 time(s).

Error: (10/07/2014 11:34:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 995 time(s).

Error: (10/07/2014 11:34:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 994 time(s).

Microsoft Office Sessions:
=========================
Error: (10/07/2014 11:54:39 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-09-13T16:54:39Z

Error: (10/07/2014 11:54:09 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-09-13T16:54:09Z

Error: (10/07/2014 11:53:39 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-09-13T16:53:39Z

Error: (10/07/2014 11:53:09 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-09-13T16:53:09Z

Error: (10/07/2014 11:52:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.9200.1657951635d0cESENT.dll6.2.9200.165575143e25ec00000050000000000107b53272c01cfe24f1effb71fC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\ESENT.dll5cbd86d6-4e42-11e4-bedd-d850e6c120c7

Error: (10/07/2014 11:52:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.9200.1657951635d0cESENT.dll6.2.9200.165575143e25ec00000050000000000107b5318c401cfe24f1edcb7e9C:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\ESENT.dll5c97ec28-4e42-11e4-bedd-d850e6c120c7

Error: (10/07/2014 11:52:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.9200.1657951635d0cESENT.dll6.2.9200.165575143e25ec00000050000000000107b5324a001cfe24f1e5b5033C:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\ESENT.dll5c1b9e8d-4e42-11e4-bedd-d850e6c120c7

Error: (10/07/2014 11:52:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.9200.1657951635d0cESENT.dll6.2.9200.165575143e25ec00000050000000000107b5322f401cfe24f1d0a78d7C:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\ESENT.dll5ac7bc31-4e42-11e4-bedd-d850e6c120c7

Error: (10/07/2014 11:52:39 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-09-13T16:52:39Z

Error: (10/07/2014 11:52:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.9200.1657951635d0cESENT.dll6.2.9200.165575143e25ec00000050000000000107b531c3001cfe24f18e1c9c3C:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\ESENT.dll56e2a197-4e42-11e4-bedd-d850e6c120c7

CodeIntegrity Errors:
===================================
  Date: 2014-07-06 02:44:46.469
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\PROGRA~2\ACROSO~1\CUTEPD~1\CPWSave.exe with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-06-02 15:35:15.043
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\PROGRA~2\ACROSO~1\CUTEPD~1\CPWSave.exe with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-06-02 15:34:28.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\PROGRA~2\ACROSO~1\CUTEPD~1\CPWSave.exe with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-05-23 17:23:46.950
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\PROGRA~2\ACROSO~1\CUTEPD~1\CPWSave.exe with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-05-23 17:23:00.352
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\PROGRA~2\ACROSO~1\CUTEPD~1\CPWSave.exe with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-05-18 23:57:51.683
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\PROGRA~2\ACROSO~1\CUTEPD~1\CPWSave.exe with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-05-05 17:22:09.423
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\PROGRA~2\ACROSO~1\CUTEPD~1\CPWSave.exe with signing level Unsigned while the system requires signing level 6 or better to load.

==================== Memory info ===========================

Processor: AMD A10-6700 APU with Radeon™ HD Graphics
Percentage of memory in use: 20%
Total physical RAM: 16330.44 MB
Available physical RAM: 12926.81 MB
Total Pagefile: 18634.44 MB
Available Pagefile: 14720.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:149.56 GB) (Free:65.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:762.55 GB) (Free:762.35 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by ASUS1 (administrator) on ASUS on 07-10-2014 11:53:48
Running from C:\Users\ASUS1\Desktop
Loaded Profile: ASUS1 (Available profiles: ASUS1)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Microsoft) C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(SOS Online Backup) C:\Program Files (x86)\SOS Online Backup\SUpdateNotifier.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SOS Online Backup) C:\Program Files (x86)\SOS Online Backup\SAgent.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
() C:\Users\ASUS1\AppData\Local\Autobahn\nexdef.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(SOS Online Backup) C:\Program Files (x86)\SOS Online Backup\SMessaging.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Farbar) C:\Users\ASUS1\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-15] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SOSUAUI] => C:\Program Files (x86)\SOS Online Backup\sosuploadagent.exe [57864 2014-07-16] (SOS Online Backup)
HKLM-x32\...\Run: [SMessaging] => C:\Program Files (x86)\SOS Online Backup\SMessaging.exe [67592 2014-07-16] (SOS Online Backup)
HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\SOS Online Backup\AccountCreatorRunner.exe [22024 2014-07-16] (SOS Online Backup)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-2727560164-433847042-2156822035-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-2727560164-433847042-2156822035-1002\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKU\S-1-5-21-2727560164-433847042-2156822035-1002\...\Policies\Explorer: [NoSaveSettings] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\WINDOWS\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico ()
Startup: C:\Users\ASUS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\ASUS1\AppData\Local\Autobahn\nexdef.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-29]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-21]
CHR Extension: (Google Drive) - C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (YouTube) - C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-21]
CHR Extension: (Google Search) - C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-21]
CHR Extension: (Google Wallet) - C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-21]
CHR Extension: (Gmail) - C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-03-14] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-03-14] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-03-14] (ASUSTeK Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 sagentservice; C:\Program Files (x86)\SOS Online Backup\SAgent.Service.exe [44552 2014-07-16] (SOS Online Backup)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-08-22] (Enigma Software Group USA, LLC.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-08-22] (Enigma Software Group USA, LLC.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 11:53 - 2014-10-07 11:54 - 00019082 _____ () C:\Users\ASUS1\Desktop\FRST.txt
2014-10-07 11:51 - 2014-10-07 11:52 - 02109952 _____ (Farbar) C:\Users\ASUS1\Desktop\FRST64 (1).exe
2014-10-03 10:36 - 2014-10-03 10:36 - 00000850 _____ () C:\Users\ASUS1\Downloads\CSV_download_10-03-2014.csv
2014-10-02 18:13 - 2014-10-02 18:17 - 00018586 _____ () C:\Users\ASUS1\Desktop\DDS.10.2.14.txt
2014-10-02 18:13 - 2014-10-02 18:13 - 00106522 _____ () C:\Users\ASUS1\Desktop\Attach.BC.10.2.14.txt
2014-10-02 18:01 - 2014-10-02 18:01 - 00106522 _____ () C:\Users\ASUS1\Desktop\attach.txt
2014-10-02 18:01 - 2014-10-02 18:01 - 00018586 _____ () C:\Users\ASUS1\Desktop\dds.txt
2014-10-02 18:00 - 2014-10-02 18:00 - 00688992 ____R (Swearware) C:\Users\ASUS1\Downloads\dds.com
2014-09-30 13:59 - 2014-09-30 13:59 - 01373475 _____ () C:\Users\ASUS1\Downloads\AdwCleaner (2).exe
2014-09-30 13:58 - 2014-09-30 13:58 - 01373475 _____ () C:\Users\ASUS1\Downloads\AdwCleaner (1).exe
2014-09-30 13:56 - 2014-09-30 13:56 - 00000620 _____ () C:\Users\ASUS1\Desktop\JRT.txt
2014-09-30 13:51 - 2014-09-30 13:59 - 01699276 _____ (Thisisu) C:\Users\ASUS1\Downloads\JRT (1).exe
2014-09-25 18:31 - 2014-09-25 18:31 - 00000000 ____D () C:\WINDOWS\Sun
2014-09-19 14:34 - 2014-09-19 14:34 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-09-16 12:08 - 2014-09-16 12:08 - 00164190 _____ () C:\Users\ASUS1\Downloads\MDLC700Gemini (1).zip
2014-09-15 17:27 - 2014-09-15 17:27 - 00263035 _____ () C:\Users\ASUS1\Downloads\MDLC700Gemini.zip
2014-09-15 11:34 - 2014-09-15 11:48 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-09-14 21:28 - 2014-09-14 21:28 - 00000000 ____D () C:\AMD
2014-09-14 20:35 - 2014-09-14 20:35 - 00000000 __SHD () C:\Recovery
2014-09-14 20:15 - 2014-09-14 20:15 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-09-14 16:46 - 2014-09-14 16:46 - 00002061 _____ () C:\WINDOWS\comsetup.log
2014-09-14 16:36 - 2014-09-14 16:51 - 00022863 _____ () C:\WINDOWS\diagwrn.xml
2014-09-14 16:36 - 2014-09-14 16:51 - 00022863 _____ () C:\WINDOWS\diagerr.xml
2014-09-11 17:50 - 2014-09-11 17:50 - 00508784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-10 16:59 - 2014-09-15 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-10 16:59 - 2014-09-10 16:59 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-09-10 16:59 - 2014-09-10 16:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-09-10 16:59 - 2014-09-10 16:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-09-10 16:59 - 2014-09-10 16:59 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-09-10 16:59 - 2014-09-10 16:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-10 15:38 - 2014-08-16 04:34 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-10 15:38 - 2014-08-16 04:34 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-10 15:38 - 2014-08-16 04:34 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-09-10 15:38 - 2014-08-16 04:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-10 15:38 - 2014-08-16 04:33 - 19280384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-10 15:38 - 2014-08-16 04:33 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-10 15:38 - 2014-08-16 04:33 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 15399424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-10 15:38 - 2014-08-16 04:32 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-10 15:38 - 2014-08-16 02:37 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-10 15:38 - 2014-08-16 02:37 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 13757440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-10 15:38 - 2014-08-16 02:35 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-10 15:38 - 2014-03-06 19:47 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-10 15:38 - 2013-05-15 17:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-10 15:38 - 2013-05-15 17:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-10 15:38 - 2013-05-14 08:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-10 15:38 - 2013-05-14 04:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-10 15:38 - 2013-02-21 05:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-09-10 15:38 - 2013-02-21 05:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-10 15:38 - 2013-02-21 05:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-10 15:38 - 2013-02-21 05:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-10 15:38 - 2013-02-21 05:14 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-09-10 15:38 - 2013-02-21 05:14 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-10 15:38 - 2013-02-19 04:53 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-09-10 15:38 - 2012-11-07 23:20 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-10 15:38 - 2012-11-07 23:20 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-10 15:38 - 2012-07-25 22:06 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-10 15:37 - 2014-08-16 02:36 - 14369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-10 15:33 - 2014-08-28 06:34 - 00059400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-10 15:33 - 2014-08-28 01:05 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-10 15:33 - 2014-08-28 01:05 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-09-10 15:33 - 2014-08-28 01:05 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-10 15:33 - 2014-08-28 01:05 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-09-10 15:33 - 2014-08-28 01:02 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-09-10 15:33 - 2014-08-28 01:01 - 03285504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 01623552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-09-10 15:33 - 2014-07-31 18:40 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-10 15:33 - 2014-06-04 20:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2014-09-10 15:33 - 2014-06-03 18:12 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2014-09-10 15:31 - 2014-07-23 22:33 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-10 15:31 - 2014-07-23 22:33 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-10 15:27 - 2014-08-09 03:30 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-09-10 15:27 - 2014-08-09 03:29 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2014-09-10 15:02 - 2014-09-10 15:02 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-09-10 15:01 - 2014-09-10 16:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-10 15:01 - 2014-09-10 15:01 - 00000000 ____D () C:\ProgramData\Sun
2014-09-10 15:00 - 2014-09-10 15:00 - 00918440 _____ (Oracle Corporation) C:\Users\ASUS1\Downloads\JavaSetup7u67.exe
2014-09-08 16:25 - 2014-09-08 16:25 - 00000000 ____D () C:\Users\ASUS1\Desktop\R3
2014-09-08 16:19 - 2014-09-19 11:06 - 00000000 ____D () C:\Users\ASUS1\Desktop\Aden
2014-09-07 14:20 - 2014-07-15 17:51 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-07 14:16 - 2014-06-10 17:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-09-07 14:16 - 2014-06-10 17:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-09-07 14:13 - 2014-06-19 18:35 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-09-07 14:13 - 2014-06-19 17:24 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-09-07 14:13 - 2014-06-17 18:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-07 14:13 - 2014-06-17 18:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-07 14:13 - 2014-06-12 20:57 - 01453400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-09-07 14:13 - 2014-06-12 20:55 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-09-07 14:13 - 2014-06-05 12:56 - 00112984 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-09-07 14:13 - 2014-06-05 12:30 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-07 14:13 - 2014-06-05 12:29 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-09-07 14:13 - 2014-06-05 12:29 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-09-07 14:13 - 2014-06-05 12:28 - 02306560 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-07 14:13 - 2014-06-05 12:28 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-07 14:13 - 2014-06-05 08:12 - 08857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-07 14:13 - 2014-06-05 08:11 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-09-07 14:13 - 2014-06-05 08:11 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-09-07 14:13 - 2014-06-05 08:10 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-07 14:13 - 2014-06-05 08:10 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-07 14:13 - 2014-06-02 17:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2014-09-07 14:13 - 2014-05-29 18:31 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-07 14:13 - 2014-05-29 18:03 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-07 14:13 - 2014-05-29 18:02 - 01281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-07 14:13 - 2014-05-29 18:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2014-09-07 14:13 - 2014-05-29 17:24 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-09-07 14:13 - 2014-05-28 23:04 - 00094552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2014-09-07 14:13 - 2014-05-07 20:34 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-09-07 14:13 - 2014-05-03 01:34 - 06974808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-07 14:13 - 2014-05-03 01:33 - 01824808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-09-07 14:13 - 2014-05-02 23:51 - 01408976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-09-07 14:13 - 2014-05-01 17:37 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-07 14:13 - 2014-04-29 17:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-09-07 14:13 - 2014-04-29 17:32 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-09-07 14:13 - 2014-04-23 18:51 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-07 14:13 - 2014-04-23 18:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-07 14:13 - 2014-04-23 18:38 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-07 14:13 - 2014-04-23 18:38 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-07 14:12 - 2014-08-23 01:47 - 04036096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-09-07 14:12 - 2014-07-15 18:03 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-09-07 14:12 - 2014-07-11 21:36 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-09-07 14:12 - 2014-06-06 09:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-09-07 14:12 - 2014-06-06 05:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 11:53 - 2014-05-03 00:25 - 00000000 ____D () C:\FRST
2014-10-07 11:49 - 2014-08-28 11:08 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-07 11:42 - 2014-04-14 16:12 - 01072329 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-07 11:00 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-07 10:55 - 2014-06-05 12:43 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-07 10:23 - 2014-04-20 13:42 - 00000000 ____D () C:\Users\ASUS1\AppData\Local\Adobe
2014-10-07 03:53 - 2014-06-26 17:42 - 00000520 _____ () C:\WINDOWS\Tasks\SOS Online Backup - rsmith@houstonsuburbanrealestate.com.job
2014-10-07 03:53 - 2014-06-26 17:39 - 00000000 ____D () C:\ProgramData\SOS Online Backup
2014-10-06 21:10 - 2014-05-05 16:45 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ASUS-ASUS1 ASUS
2014-10-06 17:12 - 2014-04-14 17:24 - 00000000 ____D () C:\Users\ASUS1\AppData\Local\Packages
2014-10-06 14:55 - 2014-06-05 12:43 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-06 10:20 - 2014-06-26 17:40 - 00000454 _____ () C:\WINDOWS\Tasks\Online Backup Update Notifier.job
2014-10-03 19:32 - 2014-04-14 18:20 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2727560164-433847042-2156822035-1002
2014-10-03 10:39 - 2014-04-20 23:30 - 00002279 _____ () C:\Users\ASUS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2014-10-03 10:20 - 2012-07-26 02:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-03 10:19 - 2013-05-15 13:43 - 00031644 _____ () C:\WINDOWS\PFRO.log
2014-10-02 18:18 - 2014-04-19 19:14 - 00000000 ____D () C:\Users\ASUS1\AppData\Local\CutePDF Writer
2014-10-01 17:15 - 2014-04-14 17:24 - 00000000 ____D () C:\Users\ASUS1
2014-10-01 17:07 - 2014-05-03 00:46 - 00000000 ____D () C:\Users\ASUS1\Desktop\BAPS
2014-10-01 17:06 - 2014-04-29 19:06 - 00873472 ___SH () C:\Users\ASUS1\Desktop\Thumbs.db
2014-09-30 14:02 - 2014-04-20 23:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-30 14:00 - 2014-05-03 00:19 - 00000000 ____D () C:\AdwCleaner
2014-09-30 13:59 - 2014-04-29 12:06 - 00000000 ____D () C:\Users\ASUS1\AppData\Local\CrashDumps
2014-09-30 13:47 - 2014-07-03 13:36 - 00000000 ____D () C:\Users\ASUS1\Desktop\E&O
2014-09-30 08:21 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-09-25 10:54 - 2014-04-20 17:45 - 08577496 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-09-25 10:54 - 2013-04-25 09:30 - 00463116 _____ () C:\WINDOWS\system32\prfh0404.dat
2014-09-25 10:54 - 2013-04-25 09:30 - 00138186 _____ () C:\WINDOWS\system32\prfc0404.dat
2014-09-25 10:54 - 2013-04-25 09:23 - 00448796 _____ () C:\WINDOWS\system32\prfh0804.dat
2014-09-25 10:54 - 2013-04-25 09:23 - 00138186 _____ () C:\WINDOWS\system32\prfc0804.dat
2014-09-25 10:54 - 2013-04-25 09:17 - 00802648 _____ () C:\WINDOWS\system32\prfh0816.dat
2014-09-25 10:54 - 2013-04-25 09:17 - 00165608 _____ () C:\WINDOWS\system32\prfc0816.dat
2014-09-25 10:54 - 2013-04-25 09:12 - 00811504 _____ () C:\WINDOWS\system32\perfh013.dat
2014-09-25 10:54 - 2013-04-25 09:12 - 00164220 _____ () C:\WINDOWS\system32\perfc013.dat
2014-09-25 10:54 - 2013-04-25 09:05 - 00806930 _____ () C:\WINDOWS\system32\perfh010.dat
2014-09-25 10:54 - 2013-04-25 09:05 - 00158242 _____ () C:\WINDOWS\system32\perfc010.dat
2014-09-25 10:54 - 2013-04-25 08:59 - 00815976 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-09-25 10:54 - 2013-04-25 08:59 - 00160718 _____ () C:\WINDOWS\system32\perfc00C.dat
2014-09-25 10:54 - 2013-04-25 08:52 - 00813900 _____ () C:\WINDOWS\system32\perfh00A.dat
2014-09-25 10:54 - 2013-04-25 08:52 - 00167988 _____ () C:\WINDOWS\system32\perfc00A.dat
2014-09-25 10:54 - 2013-04-25 08:42 - 00567746 _____ () C:\WINDOWS\system32\perfh008.dat
2014-09-25 10:54 - 2013-04-25 08:42 - 00094492 _____ () C:\WINDOWS\system32\perfc008.dat
2014-09-25 10:54 - 2013-04-25 08:36 - 00767754 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-25 10:54 - 2013-04-25 08:36 - 00160994 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-23 21:50 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-19 14:34 - 2013-05-15 15:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-19 14:12 - 2014-08-29 13:58 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-09-19 14:12 - 2014-08-29 13:58 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-09-19 14:12 - 2014-08-29 13:58 - 00002056 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-09-19 13:39 - 2014-07-29 10:27 - 00000000 ____D () C:\Users\ASUS1\Desktop\700 Gemini
2014-09-19 11:08 - 2014-08-21 13:29 - 00000000 ____D () C:\Users\ASUS1\Desktop\Online Orders
2014-09-19 11:06 - 2014-08-21 14:11 - 00000000 ____D () C:\Users\ASUS1\Desktop\Sachin MSC
2014-09-19 11:06 - 2014-04-30 10:44 - 00000000 ____D () C:\Users\ASUS1\Desktop\ALCC 2013
2014-09-19 11:05 - 2014-08-21 13:20 - 00000000 ____D () C:\Users\ASUS1\Desktop\Imad
2014-09-16 01:21 - 2013-05-15 14:42 - 00000000 ____D () C:\WINDOWS\Panther
2014-09-15 15:36 - 2012-07-26 02:28 - 08411634 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-15 14:29 - 2014-08-28 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 14:29 - 2014-07-14 17:27 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-15 14:29 - 2014-06-26 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOS Online Backup
2014-09-15 14:29 - 2014-06-05 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-15 14:29 - 2014-06-05 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-09-15 14:29 - 2014-06-05 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-15 14:29 - 2014-04-27 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-15 14:29 - 2014-04-26 00:35 - 00000000 ____D () C:\Users\ASUS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-09-15 14:29 - 2014-04-20 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-15 14:29 - 2014-04-20 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter
2014-09-15 14:29 - 2014-04-20 17:26 - 00000000 ____D () C:\Users\ASUS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-15 14:29 - 2014-04-18 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-09-15 14:29 - 2014-04-14 17:24 - 00000000 ___RD () C:\Users\ASUS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-15 14:29 - 2014-04-14 17:24 - 00000000 ___RD () C:\Users\ASUS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 14:29 - 2014-04-14 16:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUSDVD
2014-09-15 14:29 - 2014-04-14 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\nl
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\it
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\fr
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\es
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\en
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\el
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\de
2014-09-15 14:29 - 2013-05-15 15:04 - 00000000 ____D () C:\ProgramData\PRICache
2014-09-15 14:29 - 2013-05-15 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-09-15 14:29 - 2013-04-25 08:46 - 00000000 ____D () C:\WINDOWS\en-GB
2014-09-15 14:29 - 2012-07-26 03:18 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\IME
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\Help
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-15 14:29 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2014-09-15 14:29 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2014-09-15 14:29 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\system32\WCN
2014-09-15 14:29 - 2012-07-26 00:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2014-09-15 14:29 - 2012-07-26 00:38 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-09-15 11:34 - 2014-03-18 06:47 - 00000000 ___HD () C:\$Windows.~BT
2014-09-14 21:40 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-14 16:51 - 2012-07-26 02:21 - 00404423 _____ () C:\WINDOWS\setupact.log
2014-09-14 16:50 - 2012-07-26 03:13 - 00003611 _____ () C:\WINDOWS\DtcInstall.log
2014-09-14 16:46 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\registration
2014-09-11 07:24 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-10 15:59 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-10 15:59 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-10 15:59 - 2012-07-26 02:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-10 15:57 - 2012-07-26 03:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-10 15:57 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-10 15:56 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-10 15:37 - 2014-04-19 18:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 15:35 - 2014-04-19 18:34 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-10 15:02 - 2014-08-21 13:28 - 00000000 ____D () C:\Users\ASUS1\Desktop\Website stuff
2014-09-10 15:02 - 2014-04-27 22:00 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-08 16:24 - 2014-08-21 14:18 - 00000000 ____D () C:\Users\ASUS1\Desktop\Website Art
2014-09-08 16:24 - 2014-07-14 19:47 - 00000033 _____ () C:\Users\ASUS1\AppData\Roaming\AdobeWLCMCache.dat
2014-09-08 16:21 - 2014-04-20 22:50 - 00000000 ___RD () C:\Users\ASUS1\Desktop\Unused Shortcuts
2014-09-08 16:18 - 2014-05-23 19:27 - 00000000 ____D () C:\Users\ASUS1\Desktop\Ellis Offer
2014-09-08 14:23 - 2014-06-18 20:09 - 00000000 ____D () C:\Users\ASUS1\Desktop\LREC
2014-09-08 14:22 - 2014-08-11 15:54 - 00000000 ____D () C:\Users\ASUS1\Desktop\Soderberg.Kirby
2014-09-07 14:18 - 2014-06-05 20:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-07 14:18 - 2014-06-05 20:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\ASUS1\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\ASUS1\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-01 06:58

==================== End Of Log ============================

THANK YOU NAAT!!!!!!! :bounce:



#4 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:15 PM

Posted 07 October 2014 - 02:23 PM

Hi Robert :)

At all these logfiles don't look bad, however I see some things that need taking care of. But first I'd like you to go through the C:\AdwCleaner folder. You should find there some logfiles, named AdwCleaner[R*] and AdwCleaner[S*]. Please post them here for my review. If you have also a logfile from running JRT - post it too.

I'd also recommend removing SpyHunter. My opinion about it isn't exactly good.

remove%20outdated.jpg Uninstall some programs

We need to uninstall some programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • SpyHunter

After completing uninstalls, please manually reboot your machine!


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#5 gothijacked?

gothijacked?
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:11:15 AM

Posted 07 October 2014 - 04:13 PM

Hi Naat,

Here are the logs.

Do you think SpyHunter is slowing the system? I will remove it as instructed after I post this batch of logs.

As you can see I also have MWB. What AV do you think is best?  

I wonder if the two running together have caused aconflict.

 

I also forgot to tell you that my Av stopped a possible download on 10/3/2014. I wrote down the following from the notification:

Do you know what this is?

 

Name: No Parallels

Location: http://wande.rgmap3.skoczow.pl:19910

 

I am glad it stopped it but am concerned that this was another spyware or adware attack.

What do you think? 

Thank you for the help Naat!!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 8 x64
Ran by ASUS1 on Tue 09/30/2014 at 13:52:12.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/30/2014 at 13:56:38.14
End of JRT log
~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.310 - Report created 30/09/2014 at 14:00:09
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : ASUS1 - ASUS
# Running from : C:\Users\ASUS1\Downloads\AdwCleaner (2).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [787 octets] - [03/05/2014 00:19:26]
AdwCleaner[R1].txt - [846 octets] - [03/05/2014 14:12:09]
AdwCleaner[R2].txt - [977 octets] - [20/06/2014 13:28:16]
AdwCleaner[R3].txt - [1204 octets] - [03/09/2014 11:25:31]
AdwCleaner[R4].txt - [1186 octets] - [03/09/2014 11:37:52]
AdwCleaner[R5].txt - [1310 octets] - [30/09/2014 13:58:21]
AdwCleaner[R6].txt - [992 octets] - [30/09/2014 14:00:09]
AdwCleaner[S1].txt - [906 octets] - [03/05/2014 14:13:15]
AdwCleaner[S2].txt - [1037 octets] - [20/06/2014 13:31:34]
AdwCleaner[S3].txt - [1268 octets] - [03/09/2014 11:26:50]
AdwCleaner[S4].txt - [1248 octets] - [03/09/2014 11:38:25]
AdwCleaner[S5].txt - [1372 octets] - [30/09/2014 13:59:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [1350 octets] ##########

 

# AdwCleaner v3.310 - Report created 30/09/2014 at 14:00:40
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : ASUS1 - ASUS
# Running from : C:\Users\ASUS1\Downloads\AdwCleaner (2).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [787 octets] - [03/05/2014 00:19:26]
AdwCleaner[R1].txt - [846 octets] - [03/05/2014 14:12:09]
AdwCleaner[R2].txt - [977 octets] - [20/06/2014 13:28:16]
AdwCleaner[R3].txt - [1204 octets] - [03/09/2014 11:25:31]
AdwCleaner[R4].txt - [1186 octets] - [03/09/2014 11:37:52]
AdwCleaner[R5].txt - [1310 octets] - [30/09/2014 13:58:21]
AdwCleaner[R6].txt - [1430 octets] - [30/09/2014 14:00:09]
AdwCleaner[S1].txt - [906 octets] - [03/05/2014 14:13:15]
AdwCleaner[S2].txt - [1037 octets] - [20/06/2014 13:31:34]
AdwCleaner[S3].txt - [1268 octets] - [03/09/2014 11:26:50]
AdwCleaner[S4].txt - [1248 octets] - [03/09/2014 11:38:25]
AdwCleaner[S5].txt - [1372 octets] - [30/09/2014 13:59:06]
AdwCleaner[S6].txt - [1352 octets] - [30/09/2014 14:00:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1412 octets] ##########



#6 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:15 PM

Posted 07 October 2014 - 05:12 PM

Post me also [R5] and [S5] reports please :)

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#7 gothijacked?

gothijacked?
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:11:15 AM

Posted 07 October 2014 - 05:26 PM


Here you go.
Thank you,
r

# AdwCleaner v3.310 - Report created 30/09/2014 at 13:59:06
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : ASUS1 - ASUS
# Running from : C:\Users\ASUS1\Downloads\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [787 octets] - [03/05/2014 00:19:26]
AdwCleaner[R1].txt - [846 octets] - [03/05/2014 14:12:09]
AdwCleaner[R2].txt - [977 octets] - [20/06/2014 13:28:16]
AdwCleaner[R3].txt - [1204 octets] - [03/09/2014 11:25:31]
AdwCleaner[R4].txt - [1186 octets] - [03/09/2014 11:37:52]
AdwCleaner[R5].txt - [1310 octets] - [30/09/2014 13:58:21]
AdwCleaner[S1].txt - [906 octets] - [03/05/2014 14:13:15]
AdwCleaner[S2].txt - [1037 octets] - [20/06/2014 13:31:34]
AdwCleaner[S3].txt - [1268 octets] - [03/09/2014 11:26:50]
AdwCleaner[S4].txt - [1248 octets] - [03/09/2014 11:38:25]
AdwCleaner[S5].txt - [1232 octets] - [30/09/2014 13:59:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1292 octets] ##########

# AdwCleaner v3.310 - Report created 30/09/2014 at 13:58:21
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : ASUS1 - ASUS
# Running from : C:\Users\ASUS1\Downloads\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [787 octets] - [03/05/2014 00:19:26]
AdwCleaner[R1].txt - [846 octets] - [03/05/2014 14:12:09]
AdwCleaner[R2].txt - [977 octets] - [20/06/2014 13:28:16]
AdwCleaner[R3].txt - [1204 octets] - [03/09/2014 11:25:31]
AdwCleaner[R4].txt - [1186 octets] - [03/09/2014 11:37:52]
AdwCleaner[R5].txt - [932 octets] - [30/09/2014 13:58:21]
AdwCleaner[S1].txt - [906 octets] - [03/05/2014 14:13:15]
AdwCleaner[S2].txt - [1037 octets] - [20/06/2014 13:31:34]
AdwCleaner[S3].txt - [1268 octets] - [03/09/2014 11:26:50]
AdwCleaner[S4].txt - [1248 octets] - [03/09/2014 11:38:25]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1230 octets] ##########

#8 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:15 PM

Posted 08 October 2014 - 01:03 AM

Hi :)

Let's deploy another tool that may shed some light here.


RogueKiller.png Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#9 gothijacked?

gothijacked?
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:11:15 AM

Posted 08 October 2014 - 12:35 PM

Naat,
Here is the RK log. I had an old version of RK and updated with new download then ran. I did not delete any of the Rootkits identified in "AntiRootkit" panel. There were several. One of the "Processes" identified is NexDef. I know that is a video player I use. Here is the log. Thank you!
robert

RogueKiller V10.0.0.0 (x64) [Oct 7 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : ASUS1 [Administrator]
Mode : Scan -- Date : 10/08/2014 12:28:08

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] nexdef.exe -- C:\Users\ASUS1\AppData\Local\Autobahn\nexdef.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 4 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2727560164-433847042-2156822035-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0 --mode=LBS --helperBridgeName={B895AC12-9652-42A5-99BF-01F7838CE7EA} --lbsWorkflowID={284AEAF8-5C54-4A53-9748-9CEAB2230D10} --aamHelperPipeName="{B895AC12-9652-42A5-99BF-01F7838CE7EA}" --accPipeName="{2AACDCFA-89D1-4158-AF0D-0CC6D3CF0CFC}" --acccUpdated="true" --mode="update" --selfDelete="C:\Users\ASUS1\AppData\Local\Temp\CreativeCloudSet-Up.exe" --shouldLaunchACC="false" --workflowId="{284AEAF8-5C54-4A53-9748-9CEAB2230D10}" /RestartByRestartManager:912735A2-4387-4e3d-9AF5-C175CDB284E8 -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2727560164-433847042-2156822035-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0 --mode=LBS --helperBridgeName={B895AC12-9652-42A5-99BF-01F7838CE7EA} --lbsWorkflowID={284AEAF8-5C54-4A53-9748-9CEAB2230D10} --aamHelperPipeName="{B895AC12-9652-42A5-99BF-01F7838CE7EA}" --accPipeName="{2AACDCFA-89D1-4158-AF0D-0CC6D3CF0CFC}" --acccUpdated="true" --mode="update" --selfDelete="C:\Users\ASUS1\AppData\Local\Temp\CreativeCloudSet-Up.exe" --shouldLaunchACC="false" --workflowId="{284AEAF8-5C54-4A53-9748-9CEAB2230D10}" /RestartByRestartManager:912735A2-4387-4e3d-9AF5-C175CDB284E8 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] NexDef Plug-in.lnk -- C:\Users\ASUS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk [LNK@] C:\Users\ASUS1\AppData\Local\Autobahn\nexdef.exe -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA DT01ACA100 SATA Disk Device +++++
--- User ---
[MBR] 2d5e8746713bcb73327a19a946e5e930
[BSP] b8bfbd6e2a3dd814f8d700bb556d55d0 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

#10 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:15 PM

Posted 08 October 2014 - 12:52 PM

What Rootkit entries? I don't see any in your logfile.
 

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

 
 
However please perform this scan for now:



gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.
icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#11 gothijacked?

gothijacked?
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:11:15 AM

Posted 08 October 2014 - 02:08 PM

Naat,
I saw an enry in the "AntiRootkit" panel in the user interfacse of the RK program. I guess it was not something that had to go into the log as a threat.
Anyway here is the log from GMER.
Thank you!
r
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-08 14:04:08
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 TOSHIBA_DT01ACA100 rev.MS2OA7L0 931.51GB
Running: f1oor6eo.exe; Driver: C:\Users\ASUS1\AppData\Local\Temp\pglorpoc.sys


---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\atiesrxx.exe[908] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb5786177a 4 bytes [86, 57, FB, 07]
.text C:\WINDOWS\system32\atiesrxx.exe[908] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb57861782 4 bytes [86, 57, FB, 07]
.text C:\WINDOWS\system32\atieclxx.exe[652] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb5786177a 4 bytes [86, 57, FB, 07]
.text C:\WINDOWS\system32\atieclxx.exe[652] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb57861782 4 bytes [86, 57, FB, 07]
.text C:\WINDOWS\system32\atieclxx.exe[652] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742 000007fb54871b32 4 bytes [87, 54, FB, 07]
.text C:\WINDOWS\system32\atieclxx.exe[652] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750 000007fb54871b3a 4 bytes [87, 54, FB, 07]
.text C:\WINDOWS\Explorer.EXE[1912] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb40a71532 4 bytes [A7, 40, FB, 07]
.text C:\WINDOWS\Explorer.EXE[1912] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb40a7153a 4 bytes [A7, 40, FB, 07]
.text C:\WINDOWS\Explorer.EXE[1912] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb40a7165a 4 bytes [A7, 40, FB, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2132] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb5786177a 4 bytes [86, 57, FB, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2132] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb57861782 4 bytes [86, 57, FB, 07]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2956] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fb5786177a 4 bytes [86, 57, FB, 07]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2956] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fb57861782 4 bytes [86, 57, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3384] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb40a71532 4 bytes [A7, 40, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3384] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb40a7153a 4 bytes [A7, 40, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3384] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb40a7165a 4 bytes [A7, 40, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3116] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb40a71532 4 bytes [A7, 40, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3116] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb40a7153a 4 bytes [A7, 40, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3116] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb40a7165a 4 bytes [A7, 40, FB, 07]
.text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1792] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb40a71532 4 bytes [A7, 40, FB, 07]
.text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1792] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb40a7153a 4 bytes [A7, 40, FB, 07]
.text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1792] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb40a7165a 4 bytes [A7, 40, FB, 07]
.text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1792] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb5786177a 4 bytes [86, 57, FB, 07]
.text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1792] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb57861782 4 bytes [86, 57, FB, 07]
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3068] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fb5786177a 4 bytes [86, 57, FB, 07]
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3068] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fb57861782 4 bytes [86, 57, FB, 07]
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2668] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb5786177a 4 bytes [86, 57, FB, 07]
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2668] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb57861782 4 bytes [86, 57, FB, 07]
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2668] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb54871b32 4 bytes [87, 54, FB, 07]
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2668] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb54871b3a 4 bytes [87, 54, FB, 07]

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [628:640] fffff960009335e8
Thread C:\WINDOWS\system32\csrss.exe [628:656] fffff960009335e8
Thread C:\WINDOWS\system32\csrss.exe [628:664] fffff960009335e8
Thread C:\WINDOWS\system32\csrss.exe [628:676] fffff960009335e8
Thread C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [1956:4704] 00000000575ad80c
Thread C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [1956:4700] 00000000566e8748
Thread C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [1956:4728] 0000000056dd8a9a
Thread C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [1956:4900] 0000000056dd8a9a
Thread C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [1956:4456] 0000000056dd8a9a
Thread C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [1956:4512] 0000000056dd8a9a
Thread C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [1956:848] 0000000056dd8a9a
Thread C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [1956:4960] 0000000056dd8a9a
Thread C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [1956:2404] 0000000056dd8a9a
Thread C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [1956:2120] 0000000056dd8a9a

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

#12 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:15 PM

Posted 08 October 2014 - 02:20 PM

I still don't see anything that could be relevant in this problem.

Did you remove SpyHunter?

Please perform a fresh FRST scan. Post generated logfile.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#13 gothijacked?

gothijacked?
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:11:15 AM

Posted 08 October 2014 - 06:03 PM

Naat,
Forgot to uninsatll SH; just did so. Ran FRST scan and the results are here.
What else would cause the delayed load time on IE besides malware etc?
Thank you for your help with this.
robert

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by ASUS1 (administrator) on ASUS on 08-10-2014 17:56:32
Running from C:\Users\ASUS1\Desktop
Loaded Profile: ASUS1 (Available profiles: ASUS1)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Microsoft) C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe
(SOS Online Backup) C:\Program Files (x86)\SOS Online Backup\SUpdateNotifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SOS Online Backup) C:\Program Files (x86)\SOS Online Backup\SAgent.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
() C:\Users\ASUS1\AppData\Local\Autobahn\nexdef.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(SOS Online Backup) C:\Program Files (x86)\SOS Online Backup\SMessaging.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Farbar) C:\Users\ASUS1\Desktop\FRST64 (1).exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-15] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SOSUAUI] => C:\Program Files (x86)\SOS Online Backup\sosuploadagent.exe [57864 2014-07-16] (SOS Online Backup)
HKLM-x32\...\Run: [SMessaging] => C:\Program Files (x86)\SOS Online Backup\SMessaging.exe [67592 2014-07-16] (SOS Online Backup)
HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\SOS Online Backup\AccountCreatorRunner.exe [22024 2014-07-16] (SOS Online Backup)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-2727560164-433847042-2156822035-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-2727560164-433847042-2156822035-1002\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKU\S-1-5-21-2727560164-433847042-2156822035-1002\...\Policies\Explorer: [NoSaveSettings] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\WINDOWS\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico ()
Startup: C:\Users\ASUS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\ASUS1\AppData\Local\Autobahn\nexdef.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-29]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-21]
CHR Extension: (Google Drive) - C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (YouTube) - C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-21]
CHR Extension: (Google Search) - C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-21]
CHR Extension: (Google Wallet) - C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-21]
CHR Extension: (Gmail) - C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-03-14] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-03-14] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-03-14] (ASUSTeK Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 sagentservice; C:\Program Files (x86)\SOS Online Backup\SAgent.Service.exe [44552 2014-07-16] (SOS Online Backup)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 14:04 - 2014-10-08 14:04 - 00008445 _____ () C:\Users\ASUS1\Desktop\gmer.log
2014-10-08 13:55 - 2014-10-08 13:55 - 00380416 _____ () C:\Users\ASUS1\Desktop\f1oor6eo.exe
2014-10-08 12:24 - 2014-10-08 12:24 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-10-08 12:24 - 2014-10-08 12:24 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-08 12:23 - 2014-10-08 12:24 - 18482776 _____ () C:\Users\ASUS1\Downloads\RogueKillerX64.exe
2014-10-07 17:24 - 2014-10-07 17:24 - 00001310 _____ () C:\Users\ASUS1\Desktop\AdwCleaner[R5].txt
2014-10-07 17:23 - 2014-10-07 17:23 - 00001372 _____ () C:\Users\ASUS1\Desktop\AdwCleaner[S5].txt
2014-10-07 15:59 - 2014-10-07 15:59 - 00001492 _____ () C:\Users\ASUS1\Desktop\AdwCleaner[S6].txt
2014-10-07 15:56 - 2014-10-07 15:59 - 00001430 _____ () C:\Users\ASUS1\Desktop\AdwCleaner[R6].txt
2014-10-07 11:54 - 2014-10-07 11:54 - 00035065 _____ () C:\Users\ASUS1\Desktop\Addition.txt
2014-10-07 11:53 - 2014-10-08 17:56 - 00018373 _____ () C:\Users\ASUS1\Desktop\FRST.txt
2014-10-07 11:51 - 2014-10-07 11:52 - 02109952 _____ (Farbar) C:\Users\ASUS1\Desktop\FRST64 (1).exe
2014-10-03 10:36 - 2014-10-03 10:36 - 00000850 _____ () C:\Users\ASUS1\Downloads\CSV_download_10-03-2014.csv
2014-10-02 18:13 - 2014-10-02 18:17 - 00018586 _____ () C:\Users\ASUS1\Desktop\DDS.10.2.14.txt
2014-10-02 18:13 - 2014-10-02 18:13 - 00106522 _____ () C:\Users\ASUS1\Desktop\Attach.BC.10.2.14.txt
2014-10-02 18:01 - 2014-10-02 18:01 - 00106522 _____ () C:\Users\ASUS1\Desktop\attach.txt
2014-10-02 18:01 - 2014-10-02 18:01 - 00018586 _____ () C:\Users\ASUS1\Desktop\dds.txt
2014-10-02 18:00 - 2014-10-02 18:00 - 00688992 ____R (Swearware) C:\Users\ASUS1\Downloads\dds.com
2014-09-30 13:59 - 2014-09-30 13:59 - 01373475 _____ () C:\Users\ASUS1\Downloads\AdwCleaner (2).exe
2014-09-30 13:58 - 2014-09-30 13:58 - 01373475 _____ () C:\Users\ASUS1\Downloads\AdwCleaner (1).exe
2014-09-30 13:56 - 2014-09-30 13:56 - 00000620 _____ () C:\Users\ASUS1\Desktop\JRT.txt
2014-09-30 13:51 - 2014-09-30 13:59 - 01699276 _____ (Thisisu) C:\Users\ASUS1\Downloads\JRT (1).exe
2014-09-25 18:31 - 2014-09-25 18:31 - 00000000 ____D () C:\WINDOWS\Sun
2014-09-19 14:34 - 2014-09-19 14:34 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-09-16 12:08 - 2014-09-16 12:08 - 00164190 _____ () C:\Users\ASUS1\Downloads\MDLC700Gemini (1).zip
2014-09-15 17:27 - 2014-09-15 17:27 - 00263035 _____ () C:\Users\ASUS1\Downloads\MDLC700Gemini.zip
2014-09-15 11:34 - 2014-09-15 11:48 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-09-14 21:28 - 2014-09-14 21:28 - 00000000 ____D () C:\AMD
2014-09-14 20:35 - 2014-09-14 20:35 - 00000000 __SHD () C:\Recovery
2014-09-14 20:15 - 2014-09-14 20:15 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-09-14 16:46 - 2014-09-14 16:46 - 00002061 _____ () C:\WINDOWS\comsetup.log
2014-09-14 16:36 - 2014-09-14 16:51 - 00022863 _____ () C:\WINDOWS\diagwrn.xml
2014-09-14 16:36 - 2014-09-14 16:51 - 00022863 _____ () C:\WINDOWS\diagerr.xml
2014-09-11 17:50 - 2014-09-11 17:50 - 00508784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-10 16:59 - 2014-09-15 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-10 16:59 - 2014-09-10 16:59 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-09-10 16:59 - 2014-09-10 16:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-09-10 16:59 - 2014-09-10 16:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-09-10 16:59 - 2014-09-10 16:59 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-09-10 16:59 - 2014-09-10 16:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-10 15:38 - 2014-08-16 04:34 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-10 15:38 - 2014-08-16 04:34 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-10 15:38 - 2014-08-16 04:34 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-09-10 15:38 - 2014-08-16 04:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-10 15:38 - 2014-08-16 04:33 - 19280384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-10 15:38 - 2014-08-16 04:33 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-10 15:38 - 2014-08-16 04:33 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 15399424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-10 15:38 - 2014-08-16 04:32 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-10 15:38 - 2014-08-16 04:32 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-10 15:38 - 2014-08-16 02:37 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-10 15:38 - 2014-08-16 02:37 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 13757440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-10 15:38 - 2014-08-16 02:36 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-10 15:38 - 2014-08-16 02:35 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-10 15:38 - 2014-03-06 19:47 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-10 15:38 - 2013-05-15 17:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-10 15:38 - 2013-05-15 17:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-10 15:38 - 2013-05-14 08:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-10 15:38 - 2013-05-14 04:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-10 15:38 - 2013-02-21 05:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-09-10 15:38 - 2013-02-21 05:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-10 15:38 - 2013-02-21 05:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-10 15:38 - 2013-02-21 05:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-10 15:38 - 2013-02-21 05:14 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-09-10 15:38 - 2013-02-21 05:14 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-10 15:38 - 2013-02-19 04:53 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-09-10 15:38 - 2012-11-07 23:20 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-10 15:38 - 2012-11-07 23:20 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-10 15:38 - 2012-07-25 22:06 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-10 15:37 - 2014-08-16 02:36 - 14369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-10 15:33 - 2014-08-28 06:34 - 00059400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-10 15:33 - 2014-08-28 01:05 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-10 15:33 - 2014-08-28 01:05 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-09-10 15:33 - 2014-08-28 01:05 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-10 15:33 - 2014-08-28 01:05 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-09-10 15:33 - 2014-08-28 01:02 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-09-10 15:33 - 2014-08-28 01:01 - 03285504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 01623552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-10 15:33 - 2014-08-28 01:01 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-09-10 15:33 - 2014-07-31 18:40 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-10 15:33 - 2014-06-04 20:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2014-09-10 15:33 - 2014-06-03 18:12 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2014-09-10 15:31 - 2014-07-23 22:33 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-10 15:31 - 2014-07-23 22:33 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-10 15:27 - 2014-08-09 03:30 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-09-10 15:27 - 2014-08-09 03:29 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2014-09-10 15:02 - 2014-09-10 15:02 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-09-10 15:01 - 2014-09-10 16:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-10 15:01 - 2014-09-10 15:01 - 00000000 ____D () C:\ProgramData\Sun
2014-09-10 15:00 - 2014-09-10 15:00 - 00918440 _____ (Oracle Corporation) C:\Users\ASUS1\Downloads\JavaSetup7u67.exe
2014-09-08 16:25 - 2014-09-08 16:25 - 00000000 ____D () C:\Users\ASUS1\Desktop\R3
2014-09-08 16:19 - 2014-09-19 11:06 - 00000000 ____D () C:\Users\ASUS1\Desktop\Aden

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 17:56 - 2014-05-03 00:25 - 00000000 ____D () C:\FRST
2014-10-08 17:55 - 2014-06-05 12:43 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-08 17:53 - 2014-05-05 16:45 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ASUS-ASUS1 ASUS
2014-10-08 17:52 - 2014-08-28 11:08 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 17:52 - 2014-06-26 17:40 - 00000454 _____ () C:\WINDOWS\Tasks\Online Backup Update Notifier.job
2014-10-08 17:52 - 2014-06-05 12:43 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-08 17:52 - 2012-07-26 02:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-08 17:50 - 2014-04-20 17:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-08 17:00 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-08 16:30 - 2014-04-14 16:12 - 01146550 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-08 12:48 - 2014-04-14 18:20 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2727560164-433847042-2156822035-1002
2014-10-08 12:17 - 2014-04-29 12:06 - 00000000 ____D () C:\Users\ASUS1\AppData\Local\CrashDumps
2014-10-08 12:17 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-08 12:11 - 2014-04-27 00:45 - 00000000 ____D () C:\Users\ASUS1\Desktop\RK_Quarantine
2014-10-08 11:46 - 2014-04-14 17:24 - 00000000 ____D () C:\Users\ASUS1\AppData\Local\Packages
2014-10-08 10:23 - 2014-04-20 13:42 - 00000000 ____D () C:\Users\ASUS1\AppData\Local\Adobe
2014-10-08 03:50 - 2014-06-26 17:42 - 00000520 _____ () C:\WINDOWS\Tasks\SOS Online Backup - rsmith@houstonsuburbanrealestate.com.job
2014-10-08 03:50 - 2014-06-26 17:39 - 00000000 ____D () C:\ProgramData\SOS Online Backup
2014-10-07 18:54 - 2014-08-21 13:29 - 00000000 ____D () C:\Users\ASUS1\Desktop\Online Orders
2014-10-07 18:54 - 2014-04-29 19:06 - 00948224 ___SH () C:\Users\ASUS1\Desktop\Thumbs.db
2014-10-07 18:54 - 2014-04-19 19:14 - 00000000 ____D () C:\Users\ASUS1\AppData\Local\CutePDF Writer
2014-10-03 10:39 - 2014-04-20 23:30 - 00002279 _____ () C:\Users\ASUS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2014-10-03 10:19 - 2013-05-15 13:43 - 00031644 _____ () C:\WINDOWS\PFRO.log
2014-10-01 17:15 - 2014-04-14 17:24 - 00000000 ____D () C:\Users\ASUS1
2014-10-01 17:07 - 2014-05-03 00:46 - 00000000 ____D () C:\Users\ASUS1\Desktop\BAPS
2014-09-30 14:02 - 2014-04-20 23:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-30 14:00 - 2014-05-03 00:19 - 00000000 ____D () C:\AdwCleaner
2014-09-30 13:47 - 2014-07-03 13:36 - 00000000 ____D () C:\Users\ASUS1\Desktop\E&O
2014-09-30 08:21 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-09-25 10:54 - 2014-04-20 17:45 - 08577496 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-09-25 10:54 - 2013-04-25 09:30 - 00463116 _____ () C:\WINDOWS\system32\prfh0404.dat
2014-09-25 10:54 - 2013-04-25 09:30 - 00138186 _____ () C:\WINDOWS\system32\prfc0404.dat
2014-09-25 10:54 - 2013-04-25 09:23 - 00448796 _____ () C:\WINDOWS\system32\prfh0804.dat
2014-09-25 10:54 - 2013-04-25 09:23 - 00138186 _____ () C:\WINDOWS\system32\prfc0804.dat
2014-09-25 10:54 - 2013-04-25 09:17 - 00802648 _____ () C:\WINDOWS\system32\prfh0816.dat
2014-09-25 10:54 - 2013-04-25 09:17 - 00165608 _____ () C:\WINDOWS\system32\prfc0816.dat
2014-09-25 10:54 - 2013-04-25 09:12 - 00811504 _____ () C:\WINDOWS\system32\perfh013.dat
2014-09-25 10:54 - 2013-04-25 09:12 - 00164220 _____ () C:\WINDOWS\system32\perfc013.dat
2014-09-25 10:54 - 2013-04-25 09:05 - 00806930 _____ () C:\WINDOWS\system32\perfh010.dat
2014-09-25 10:54 - 2013-04-25 09:05 - 00158242 _____ () C:\WINDOWS\system32\perfc010.dat
2014-09-25 10:54 - 2013-04-25 08:59 - 00815976 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-09-25 10:54 - 2013-04-25 08:59 - 00160718 _____ () C:\WINDOWS\system32\perfc00C.dat
2014-09-25 10:54 - 2013-04-25 08:52 - 00813900 _____ () C:\WINDOWS\system32\perfh00A.dat
2014-09-25 10:54 - 2013-04-25 08:52 - 00167988 _____ () C:\WINDOWS\system32\perfc00A.dat
2014-09-25 10:54 - 2013-04-25 08:42 - 00567746 _____ () C:\WINDOWS\system32\perfh008.dat
2014-09-25 10:54 - 2013-04-25 08:42 - 00094492 _____ () C:\WINDOWS\system32\perfc008.dat
2014-09-25 10:54 - 2013-04-25 08:36 - 00767754 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-25 10:54 - 2013-04-25 08:36 - 00160994 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-19 14:34 - 2013-05-15 15:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-19 14:12 - 2014-08-29 13:58 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-09-19 14:12 - 2014-08-29 13:58 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-09-19 14:12 - 2014-08-29 13:58 - 00002056 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-09-19 13:39 - 2014-07-29 10:27 - 00000000 ____D () C:\Users\ASUS1\Desktop\700 Gemini
2014-09-19 11:06 - 2014-08-21 14:11 - 00000000 ____D () C:\Users\ASUS1\Desktop\Sachin MSC
2014-09-19 11:06 - 2014-04-30 10:44 - 00000000 ____D () C:\Users\ASUS1\Desktop\ALCC 2013
2014-09-19 11:05 - 2014-08-21 13:20 - 00000000 ____D () C:\Users\ASUS1\Desktop\Imad
2014-09-16 01:21 - 2013-05-15 14:42 - 00000000 ____D () C:\WINDOWS\Panther
2014-09-15 15:36 - 2012-07-26 02:28 - 08411634 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-15 14:29 - 2014-08-28 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 14:29 - 2014-07-14 17:27 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-15 14:29 - 2014-06-26 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOS Online Backup
2014-09-15 14:29 - 2014-06-05 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-15 14:29 - 2014-06-05 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-09-15 14:29 - 2014-06-05 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-15 14:29 - 2014-04-27 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-15 14:29 - 2014-04-26 00:35 - 00000000 ____D () C:\Users\ASUS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-09-15 14:29 - 2014-04-20 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-15 14:29 - 2014-04-20 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter
2014-09-15 14:29 - 2014-04-18 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-09-15 14:29 - 2014-04-14 17:24 - 00000000 ___RD () C:\Users\ASUS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-15 14:29 - 2014-04-14 17:24 - 00000000 ___RD () C:\Users\ASUS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 14:29 - 2014-04-14 16:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUSDVD
2014-09-15 14:29 - 2014-04-14 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\nl
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\it
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\fr
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\es
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\en
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\el
2014-09-15 14:29 - 2013-05-15 15:20 - 00000000 ____D () C:\WINDOWS\de
2014-09-15 14:29 - 2013-05-15 15:04 - 00000000 ____D () C:\ProgramData\PRICache
2014-09-15 14:29 - 2013-05-15 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-09-15 14:29 - 2013-04-25 08:46 - 00000000 ____D () C:\WINDOWS\en-GB
2014-09-15 14:29 - 2012-07-26 03:18 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\IME
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\Help
2014-09-15 14:29 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-15 14:29 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2014-09-15 14:29 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2014-09-15 14:29 - 2012-07-26 02:49 - 00000000 ____D () C:\WINDOWS\system32\WCN
2014-09-15 14:29 - 2012-07-26 00:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2014-09-15 14:29 - 2012-07-26 00:38 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-09-15 11:34 - 2014-03-18 06:47 - 00000000 ___HD () C:\$Windows.~BT
2014-09-14 21:40 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-14 16:51 - 2012-07-26 02:21 - 00404423 _____ () C:\WINDOWS\setupact.log
2014-09-14 16:50 - 2012-07-26 03:13 - 00003611 _____ () C:\WINDOWS\DtcInstall.log
2014-09-14 16:46 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\registration
2014-09-11 07:24 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-10 15:59 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-10 15:59 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-10 15:59 - 2012-07-26 02:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-10 15:57 - 2012-07-26 03:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-10 15:57 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-10 15:56 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-10 15:37 - 2014-04-19 18:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 15:35 - 2014-04-19 18:34 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-10 15:02 - 2014-08-21 13:28 - 00000000 ____D () C:\Users\ASUS1\Desktop\Website stuff
2014-09-10 15:02 - 2014-04-27 22:00 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-08 16:24 - 2014-08-21 14:18 - 00000000 ____D () C:\Users\ASUS1\Desktop\Website Art
2014-09-08 16:24 - 2014-07-14 19:47 - 00000033 _____ () C:\Users\ASUS1\AppData\Roaming\AdobeWLCMCache.dat
2014-09-08 16:21 - 2014-04-20 22:50 - 00000000 ___RD () C:\Users\ASUS1\Desktop\Unused Shortcuts
2014-09-08 16:18 - 2014-05-23 19:27 - 00000000 ____D () C:\Users\ASUS1\Desktop\Ellis Offer
2014-09-08 14:23 - 2014-06-18 20:09 - 00000000 ____D () C:\Users\ASUS1\Desktop\LREC
2014-09-08 14:22 - 2014-08-11 15:54 - 00000000 ____D () C:\Users\ASUS1\Desktop\Soderberg.Kirby

Some content of TEMP:
====================
C:\Users\ASUS1\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\ASUS1\AppData\Local\Temp\esg_cleanup.exe
C:\Users\ASUS1\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-01 06:58

==================== End Of Log ============================

#14 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:15 PM

Posted 09 October 2014 - 01:10 AM

Hi :)



51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    iedefaults;
    resetiecache;
    C:\ProgramData\InstallMate;f
    autoclean;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#15 gothijacked?

gothijacked?
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston
  • Local time:11:15 AM

Posted 09 October 2014 - 02:06 AM

Naat,
It appears this made the load time faster on some destinations and about the same on others. I had cleared the caches previous to asking for help on BC and I see that the script cleared the caches during this procedure if I understand some of what it is doing. Were a few other tasks were completed also? I think this helped. Do you have a AV recommendation?
The following steps per your instructions were executed.
Thanks again for all you do Naat!
robert

1) AV disabled
2) ZOEK.exe downloaded
3) Copy/pasted your script to ZOEK script panel
4) checked "scan all users"
5) scanned with zoek as admin
6) rebooted
7) reset av to on
8) copy/pasted the folowing log here

Zoek.exe v5.0.0.0 Updated 07-October-2014
Tool run by ASUS1 on Thu 10/09/2014 at 1:35:31.54.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ASUS1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/9/2014 1:37:50 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted
C:\found.000 deleted
C:\found.001 deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [09/19/2014 02:12 PM]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[09/12/2014 04:43 AM]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ASUS1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ASUS1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\ASUS1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=59 folders=32 20809669 bytes)

==== Empty Temp Folders ======================

C:\Users\ASUS1\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\ASUS1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Thu 10/09/2014 at 1:49:31.28 ======================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users