Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UUnisAlues is killing me


  • This topic is locked This topic is locked
16 replies to this topic

#1 Alcaseltzer

Alcaseltzer

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 02 February 2015 - 11:35 PM

Hey there, complete newbie to the site.... Im having a pain in the rear with this UUnisAlues Adware Malware Crapware that keeps screwing my computer up. I can't click on the address bar on chrome without popup windows popping up all over the place. And the stupid thing doesn't seem to be leaving me alone. Although I've removed it from the extensions and When I try to delete it off from Add/Remove Programs I get a message saying 

 

 

This will completely remove the browser add-on. In order for the uninstall to be completed your computer must restart, please click "YES" in order to complete the uninstall process and install an alternate browser extension which will save you money while you shop online. Click "NO"  to only uninstall and restart your computer. Click "Cancel" to abort the uninstall process.

 

 

So being a wise guy, I clicked NO.... And here I am seeking some kinda help.

 

Please!!!



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:12 PM

Posted 03 February 2015 - 11:24 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
  • My Help is completely free of charge!
    Just if you like to donate me some money you can do it and I'd appreciate it. :)
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Alcaseltzer

Alcaseltzer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 04 February 2015 - 08:11 PM

Hi there Machiavelli,

 

Thank you for assisting me in my malware problem.

 

Right now I am currently running FRST scan.

 

When it is finished its jobarrow-10x10.png I will post back a reply with FRST.txt and Addition.txt as you have mentioned

 

Thank youu


This is the FRST.txt

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Anthony (administrator) on TONY on 04-02-2015 20:06:34
Running from C:\Users\Anthony\Desktop
Loaded Profiles: UpdatusUser & Anthony (Available profiles: UpdatusUser & Anthony)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Config.Msi\1c798397.rbf
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-23] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [644656 2013-08-17] (McAfee, Inc.)
HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-29] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3327030430-57195599-3507464872-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:65124;https=127.0.0.1:65124
ProxyEnable: [S-1-5-21-3327030430-57195599-3507464872-1002] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3327030430-57195599-3507464872-1002] => http=127.0.0.1:58855;https=127.0.0.1:58855
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=20054&r=2015/01/08&hid=17741130954812382376&lg=EN&cc=CA&unqvl=74
HKU\S-1-5-21-3327030430-57195599-3507464872-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKU\S-1-5-21-3327030430-57195599-3507464872-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-3327030430-57195599-3507464872-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=20054&r=2015/01/08&hid=17741130954812382376&lg=EN&cc=CA&unqvl=74
HKU\S-1-5-21-3327030430-57195599-3507464872-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20054&r=2015/01/08&hid=17741130954812382376&lg=EN&cc=CA&unqvl=74
SearchScopes: HKU\S-1-5-21-3327030430-57195599-3507464872-1002 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20054&r=2015/01/08&hid=17741130954812382376&lg=EN&cc=CA&unqvl=74
SearchScopes: HKU\S-1-5-21-3327030430-57195599-3507464872-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={F12AB41F-621B-4278-A7E1-5AE144E8E62C}&mid=d39d168a666a47d39dcebd389f982085-3bb80d987e4e03b64e04b8afa5fc76e02c573a2b&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-08 13:38:03&v=17.0.0.12&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3327030430-57195599-3507464872-1002 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20054&r=2015/01/08&hid=17741130954812382376&lg=EN&cc=CA&unqvl=74
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-3327030430-57195599-3507464872-1002 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova.net/en/downloads/getmodule.aspx?lang=en
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-12]
CHR Extension: (Google Drive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-21]
CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-21]
CHR Extension: (ICE Quick Stream) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2014-06-20]
CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-21]
CHR Extension: (unisallES) - C:\ProgramData\oegbgbagpjgjedkbjckpnakdlcklophl\ [2014-04-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [31632 2013-01-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-18] (Intel Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-18] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-18] (globalUpdate) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [File not signed]
S4 Security Updates Service;  [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-18] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-18] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 20:06 - 2015-02-04 20:07 - 00023008 _____ () C:\Users\Anthony\Desktop\FRST.txt
2015-02-04 20:06 - 2015-02-04 20:06 - 00000000 ____D () C:\FRST
2015-02-04 20:04 - 2015-02-04 20:04 - 02131968 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe
2015-02-02 23:42 - 2015-02-02 23:42 - 00003766 _____ () C:\WINDOWS\System32\Tasks\RunTool
2015-02-02 23:42 - 2015-02-02 23:42 - 00000000 ____D () C:\Users\Anthony\AppData\Local\d306a3f2-87d9-48c1-8645-9ca5f410c75c
2015-02-02 23:17 - 2014-12-31 06:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-02 22:47 - 2015-02-02 22:47 - 00000000 ____D () C:\zoek_backup
2015-01-28 10:13 - 2015-01-28 10:19 - 00236080 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2015-01-28 10:04 - 2015-01-28 10:04 - 00262836 _____ () C:\Users\Anthony\AppData\Local\census.cache
2015-01-28 10:04 - 2015-01-28 10:04 - 00195856 _____ () C:\Users\Anthony\AppData\Local\ars.cache
2015-01-28 09:54 - 2015-01-28 09:54 - 00000010 _____ () C:\Users\Anthony\AppData\Local\sponge.last.runtime.cache
2015-01-28 09:45 - 2015-01-28 09:45 - 02494944 _____ (Trend Micro Inc.) C:\Users\Anthony\Downloads\HousecallLauncher64.exe
2015-01-28 09:45 - 2015-01-28 09:45 - 00000036 _____ () C:\Users\Anthony\AppData\Local\housecall.guid.cache
2015-01-28 09:45 - 2013-09-27 21:56 - 00285208 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-01-28 09:40 - 2015-01-28 09:40 - 00002704 _____ () C:\Users\Anthony\Downloads\Peak Products - Bolton.vcf
2015-01-23 11:55 - 2015-01-23 11:55 - 00071250 _____ () C:\Users\Anthony\Downloads\Paystub from Industrial Temporary Solutions Inc (1).zip
2015-01-20 16:48 - 2015-02-02 22:45 - 00000000 ____D () C:\Users\Anthony\Desktop\Fam Pics
2015-01-16 01:27 - 2015-01-16 01:27 - 00071150 _____ () C:\Users\Anthony\Downloads\Paystub from Industrial Temporary Solutions Inc.zip
2015-01-15 00:07 - 2015-01-15 00:07 - 00000370 _____ () C:\Users\Anthony\Downloads\temp_file-[Blackish.S01E12.720p.HDTV.X264-DIMENSION.mkv][180upload].xspf
2015-01-15 00:03 - 2015-01-15 00:03 - 00588168 _____ () C:\Users\Anthony\Downloads\setup (2).exe
2015-01-14 15:11 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 15:11 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 15:11 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 15:11 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 15:11 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 15:11 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 15:11 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 15:11 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 15:11 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 15:11 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 15:11 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 15:11 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 15:11 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 15:11 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 15:11 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 15:11 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 15:11 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 15:11 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 15:11 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 15:11 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 15:11 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 15:11 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 15:11 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 15:11 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-11 23:58 - 2015-01-11 23:58 - 00021405 _____ () C:\Users\Anthony\Desktop\GETFILE_Super Mario World 2 - Yoshis Island (U) (M3) (V1.0) [!].zip
2015-01-11 23:52 - 2015-01-11 23:52 - 04943004 _____ () C:\Users\Anthony\Downloads\Snes9x GX 4.3.2.zip
2015-01-11 23:43 - 2015-01-11 23:44 - 02682192 _____ () C:\Users\Anthony\Downloads\Super Mario RPG - Legend of the Seven Stars (USA).zip
2015-01-11 23:41 - 2015-01-11 23:41 - 01335858 _____ () C:\Users\Anthony\Downloads\Super Mario All-Stars + Super Mario World (USA).zip
2015-01-11 20:53 - 2015-01-11 20:53 - 02836572 _____ () C:\Users\Anthony\Downloads\Super Street Fighter II - The New Challengers (E) [!].zip
2015-01-11 20:50 - 2015-01-11 20:50 - 02542754 _____ () C:\Users\Anthony\Downloads\Snes9x GX Channel Installer 1.2.zip
2015-01-11 20:40 - 2015-01-11 20:40 - 00077282 _____ () C:\Users\Anthony\Downloads\Super Mario Bros. 2 (USA).zip
2015-01-11 20:37 - 2015-01-11 20:37 - 00000000 ____D () C:\Users\Anthony\Desktop\fceugx
2015-01-11 20:36 - 2015-01-11 20:36 - 04582130 _____ () C:\Users\Anthony\Downloads\FCE Ultra GX 3.3.4.zip
2015-01-08 20:19 - 2015-01-08 20:19 - 00423109 _____ () C:\Users\Anthony\Downloads\PTT-20141214-WA0005.aac
2015-01-08 20:12 - 2015-01-08 23:26 - 593052680 _____ () C:\Users\Anthony\Downloads\SSQE01.rar
2015-01-08 19:56 - 2015-01-08 19:56 - 00012395 _____ () C:\Users\Anthony\Downloads\Mario_Party_9_[NTSC][Wii][Multi3].torrent
2015-01-08 19:47 - 2015-01-08 19:47 - 00026461 _____ () C:\Users\Anthony\Downloads\Wii-Mario.Party.8.USA.torrent
2015-01-08 19:47 - 2015-01-08 19:47 - 00000000 ____D () C:\Users\Anthony\AppData\Local\WBFSManager
2015-01-08 19:45 - 2015-01-23 12:05 - 00001018 _____ () C:\Users\Anthony\Desktop\WBFS Manager 3.0.lnk
2015-01-08 19:45 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Anthony\Documents\WBFS Manager Covers
2015-01-08 19:45 - 2015-01-08 19:45 - 02847970 _____ () C:\Users\Anthony\Downloads\WBFSManager3.0.1-RTW-x64.zip
2015-01-08 19:45 - 2015-01-08 19:45 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager
2015-01-08 19:45 - 2015-01-08 19:45 - 00000000 ____D () C:\Program Files\WBFS
2015-01-08 19:39 - 2015-01-08 19:39 - 00022076 _____ () C:\Users\Anthony\Downloads\Wii-Mario.Party.8.PAL.Multi5.torrent
2015-01-08 19:38 - 2015-01-08 19:38 - 02623374 _____ () C:\Users\Anthony\Downloads\WBFSManager3.0.1-RTW-x86.zip
2015-01-08 17:14 - 2015-01-08 17:14 - 13381768 _____ () C:\Users\Anthony\Downloads\doulCi™ Activator Official For Windows.rar
2015-01-08 17:12 - 2015-01-08 17:12 - 00478400 _____ () C:\Users\Anthony\Downloads\Extractor__8680_i1442734096_il58.exe
2015-01-08 17:00 - 2015-01-08 17:00 - 00137184 _____ () C:\Users\Anthony\Documents\Font List.html
2015-01-08 16:59 - 2015-01-08 16:59 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FontList
2015-01-08 16:59 - 2015-01-08 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontList
2015-01-08 16:59 - 2015-01-08 16:59 - 00000000 ____D () C:\Program Files (x86)\FontList
2015-01-08 16:58 - 2015-01-08 16:58 - 00583528 _____ () C:\Users\Anthony\Downloads\Hack Tool.exe
2015-01-08 16:56 - 2015-01-08 16:57 - 00478400 _____ () C:\Users\Anthony\Downloads\IOS Soft Dev Pack Downloader__3687_i1442721260_il1328663.exe
2015-01-08 16:53 - 2015-01-08 16:53 - 01351872 _____ () C:\Users\Anthony\Downloads\iOS Soft Dev Pack.exe
2015-01-08 15:42 - 2015-01-08 15:42 - 00000000 ____D () C:\Program Files (x86)\UUnisAlues
2015-01-08 15:41 - 2015-01-08 15:41 - 00000000 ____D () C:\ProgramData\oegbgbagpjgjedkbjckpnakdlcklophl
2015-01-08 15:41 - 2015-01-08 15:41 - 00000000 ____D () C:\ProgramData\13894028908374821943
2015-01-08 15:41 - 2015-01-08 15:41 - 00000000 ____D () C:\Program Files (x86)\unisallES
2015-01-08 15:40 - 2015-01-08 15:40 - 01350848 _____ () C:\Users\Anthony\Downloads\iCloud iEvader Setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 20:06 - 2014-09-24 02:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-04 20:04 - 2014-11-11 22:12 - 01291295 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-04 20:03 - 2013-10-08 14:52 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3327030430-57195599-3507464872-1002
2015-02-04 20:02 - 2014-11-22 01:37 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CFEAC846-BF22-49E0-9351-246C5BEEEB99}
2015-02-04 20:02 - 2014-11-12 06:10 - 00000000 ___RD () C:\Users\Anthony\OneDrive
2015-02-04 20:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-03 08:43 - 2013-10-08 14:44 - 00000062 _____ () C:\Users\Anthony\AppData\Roaming\sp_data.sys
2015-02-03 08:42 - 2014-12-18 17:41 - 00003772 _____ () C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-1.job
2015-02-03 08:42 - 2014-12-18 17:41 - 00002778 _____ () C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-5_user.job
2015-02-03 08:42 - 2014-12-18 17:41 - 00002778 _____ () C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-5.job
2015-02-03 08:42 - 2014-12-18 17:41 - 00002434 _____ () C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-2.job
2015-02-03 08:42 - 2014-12-18 17:40 - 00005850 _____ () C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-7.job
2015-02-03 08:42 - 2014-12-18 17:40 - 00005850 _____ () C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-6.job
2015-02-03 08:42 - 2014-12-18 17:40 - 00001702 _____ () C:\WINDOWS\Tasks\SOETRDG.job
2015-02-03 08:42 - 2014-12-18 17:40 - 00000918 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-03 08:42 - 2013-12-25 14:25 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Adobe
2015-02-03 08:42 - 2013-10-12 16:45 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 23:45 - 2014-12-18 17:40 - 00000922 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-02 23:42 - 2014-12-18 17:41 - 00004320 _____ () C:\WINDOWS\System32\Tasks\RocketTab Update Task
2015-02-02 23:42 - 2014-12-18 17:41 - 00003534 _____ () C:\WINDOWS\System32\Tasks\RocketTab
2015-02-02 23:42 - 2014-12-18 17:40 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2015-02-02 23:34 - 2013-10-12 16:46 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 23:18 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-02 23:16 - 2013-10-08 15:23 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-02 23:14 - 2013-10-08 15:34 - 00000000 ___HD () C:\$AVG
2015-02-02 23:14 - 2013-10-08 15:34 - 00000000 ____D () C:\ProgramData\AVG2014
2015-02-02 23:14 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-02-02 22:54 - 2014-04-05 21:54 - 00000310 _____ () C:\WINDOWS\Tasks\MySearchDial.job
2015-02-01 21:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-28 10:31 - 2013-08-22 09:46 - 00341742 _____ () C:\WINDOWS\setupact.log
2015-01-28 10:31 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-28 10:30 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-28 10:17 - 2014-12-18 17:40 - 00000000 ____D () C:\Program Files (x86)\Ge-Force
2015-01-28 10:14 - 2014-12-18 18:35 - 00000000 ____D () C:\Program Files (x86)\Security Updates Service
2015-01-27 13:39 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-24 15:20 - 2014-09-24 04:55 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 15:20 - 2014-09-24 04:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 12:06 - 2014-12-10 16:43 - 00000000 ____D () C:\Users\Anthony\Desktop\Anthony
2015-01-15 00:43 - 2014-09-24 02:03 - 00010528 _____ () C:\WINDOWS\PFRO.log
2015-01-15 00:15 - 2013-12-14 22:02 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\vlc
2015-01-15 00:09 - 2013-12-14 22:02 - 00001084 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-14 15:17 - 2013-10-10 19:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 15:13 - 2013-10-10 19:09 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-08 20:03 - 2013-12-21 15:47 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\uTorrent
 
==================== Files in the root of some directories =======
 
2014-09-03 16:36 - 2014-09-03 16:36 - 0001248 _____ () C:\Users\Anthony\AppData\Roaming\SOETRDG
2013-10-08 14:44 - 2015-02-03 08:43 - 0000062 _____ () C:\Users\Anthony\AppData\Roaming\sp_data.sys
2014-04-05 21:54 - 2014-11-16 00:54 - 0000147 _____ () C:\Users\Anthony\AppData\Roaming\WB.CFG
2015-01-28 10:04 - 2015-01-28 10:04 - 0195856 _____ () C:\Users\Anthony\AppData\Local\ars.cache
2015-01-28 10:04 - 2015-01-28 10:04 - 0262836 _____ () C:\Users\Anthony\AppData\Local\census.cache
2015-01-28 09:45 - 2015-01-28 09:45 - 0000036 _____ () C:\Users\Anthony\AppData\Local\housecall.guid.cache
2015-01-28 09:54 - 2015-01-28 09:54 - 0000010 _____ () C:\Users\Anthony\AppData\Local\sponge.last.runtime.cache
2012-11-27 13:26 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-27 13:26 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-27 13:26 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
Some content of TEMP:
====================
C:\Users\Anthony\AppData\Local\Temp\2e1D7dEb56a5D.exe
C:\Users\Anthony\AppData\Local\Temp\B011C.exe
C:\Users\Anthony\AppData\Local\Temp\e6B5E9DE7C7.exe
C:\Users\Anthony\AppData\Local\Temp\insHv14.exe
C:\Users\Anthony\AppData\Local\Temp\jsonparser.dll
C:\Users\Anthony\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Anthony\AppData\Local\Temp\rt-update.exe
C:\Users\Anthony\AppData\Local\Temp\SPINT-G.exe
C:\Users\Anthony\AppData\Local\Temp\sqlite3.exe
C:\Users\Anthony\AppData\Local\Temp\sysad.exe
C:\Users\Anthony\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Anthony\AppData\Local\Temp\System.Data.SQLited306a3f2-87d9-48c1-8645-9ca5f410c75c.dll
C:\Users\Anthony\AppData\Local\Temp\tu17p84.exe
C:\Users\Anthony\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-01 21:10
 
==================== End Of Log ============================

This is the FRST.txt

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Anthony (administrator) on TONY on 04-02-2015 20:06:34
Running from C:\Users\Anthony\Desktop
Loaded Profiles: UpdatusUser & Anthony (Available profiles: UpdatusUser & Anthony)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Config.Msi\1c798397.rbf
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-23] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [644656 2013-08-17] (McAfee, Inc.)
HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-29] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3327030430-57195599-3507464872-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:65124;https=127.0.0.1:65124
ProxyEnable: [S-1-5-21-3327030430-57195599-3507464872-1002] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3327030430-57195599-3507464872-1002] => http=127.0.0.1:58855;https=127.0.0.1:58855
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=20054&r=2015/01/08&hid=17741130954812382376&lg=EN&cc=CA&unqvl=74
HKU\S-1-5-21-3327030430-57195599-3507464872-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKU\S-1-5-21-3327030430-57195599-3507464872-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-3327030430-57195599-3507464872-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=20054&r=2015/01/08&hid=17741130954812382376&lg=EN&cc=CA&unqvl=74
HKU\S-1-5-21-3327030430-57195599-3507464872-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20054&r=2015/01/08&hid=17741130954812382376&lg=EN&cc=CA&unqvl=74
SearchScopes: HKU\S-1-5-21-3327030430-57195599-3507464872-1002 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20054&r=2015/01/08&hid=17741130954812382376&lg=EN&cc=CA&unqvl=74
SearchScopes: HKU\S-1-5-21-3327030430-57195599-3507464872-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={F12AB41F-621B-4278-A7E1-5AE144E8E62C}&mid=d39d168a666a47d39dcebd389f982085-3bb80d987e4e03b64e04b8afa5fc76e02c573a2b&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-08 13:38:03&v=17.0.0.12&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3327030430-57195599-3507464872-1002 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20054&r=2015/01/08&hid=17741130954812382376&lg=EN&cc=CA&unqvl=74
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-3327030430-57195599-3507464872-1002 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova.net/en/downloads/getmodule.aspx?lang=en
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-12]
CHR Extension: (Google Drive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-21]
CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-21]
CHR Extension: (ICE Quick Stream) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2014-06-20]
CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-21]
CHR Extension: (unisallES) - C:\ProgramData\oegbgbagpjgjedkbjckpnakdlcklophl\ [2014-04-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [31632 2013-01-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-18] (Intel Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-18] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-18] (globalUpdate) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [File not signed]
S4 Security Updates Service;  [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-18] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-18] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 20:06 - 2015-02-04 20:07 - 00023008 _____ () C:\Users\Anthony\Desktop\FRST.txt
2015-02-04 20:06 - 2015-02-04 20:06 - 00000000 ____D () C:\FRST
2015-02-04 20:04 - 2015-02-04 20:04 - 02131968 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe
2015-02-02 23:42 - 2015-02-02 23:42 - 00003766 _____ () C:\WINDOWS\System32\Tasks\RunTool
2015-02-02 23:42 - 2015-02-02 23:42 - 00000000 ____D () C:\Users\Anthony\AppData\Local\d306a3f2-87d9-48c1-8645-9ca5f410c75c
2015-02-02 23:17 - 2014-12-31 06:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-02 22:47 - 2015-02-02 22:47 - 00000000 ____D () C:\zoek_backup
2015-01-28 10:13 - 2015-01-28 10:19 - 00236080 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2015-01-28 10:04 - 2015-01-28 10:04 - 00262836 _____ () C:\Users\Anthony\AppData\Local\census.cache
2015-01-28 10:04 - 2015-01-28 10:04 - 00195856 _____ () C:\Users\Anthony\AppData\Local\ars.cache
2015-01-28 09:54 - 2015-01-28 09:54 - 00000010 _____ () C:\Users\Anthony\AppData\Local\sponge.last.runtime.cache
2015-01-28 09:45 - 2015-01-28 09:45 - 02494944 _____ (Trend Micro Inc.) C:\Users\Anthony\Downloads\HousecallLauncher64.exe
2015-01-28 09:45 - 2015-01-28 09:45 - 00000036 _____ () C:\Users\Anthony\AppData\Local\housecall.guid.cache
2015-01-28 09:45 - 2013-09-27 21:56 - 00285208 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-01-28 09:40 - 2015-01-28 09:40 - 00002704 _____ () C:\Users\Anthony\Downloads\Peak Products - Bolton.vcf
2015-01-23 11:55 - 2015-01-23 11:55 - 00071250 _____ () C:\Users\Anthony\Downloads\Paystub from Industrial Temporary Solutions Inc (1).zip
2015-01-20 16:48 - 2015-02-02 22:45 - 00000000 ____D () C:\Users\Anthony\Desktop\Fam Pics
2015-01-16 01:27 - 2015-01-16 01:27 - 00071150 _____ () C:\Users\Anthony\Downloads\Paystub from Industrial Temporary Solutions Inc.zip
2015-01-15 00:07 - 2015-01-15 00:07 - 00000370 _____ () C:\Users\Anthony\Downloads\temp_file-[Blackish.S01E12.720p.HDTV.X264-DIMENSION.mkv][180upload].xspf
2015-01-15 00:03 - 2015-01-15 00:03 - 00588168 _____ () C:\Users\Anthony\Downloads\setup (2).exe
2015-01-14 15:11 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 15:11 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 15:11 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 15:11 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 15:11 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 15:11 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 15:11 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 15:11 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 15:11 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 15:11 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 15:11 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 15:11 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 15:11 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 15:11 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 15:11 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 15:11 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 15:11 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 15:11 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 15:11 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 15:11 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 15:11 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 15:11 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 15:11 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 15:11 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-11 23:58 - 2015-01-11 23:58 - 00021405 _____ () C:\Users\Anthony\Desktop\GETFILE_Super Mario World 2 - Yoshis Island (U) (M3) (V1.0) [!].zip
2015-01-11 23:52 - 2015-01-11 23:52 - 04943004 _____ () C:\Users\Anthony\Downloads\Snes9x GX 4.3.2.zip
2015-01-11 23:43 - 2015-01-11 23:44 - 02682192 _____ () C:\Users\Anthony\Downloads\Super Mario RPG - Legend of the Seven Stars (USA).zip
2015-01-11 23:41 - 2015-01-11 23:41 - 01335858 _____ () C:\Users\Anthony\Downloads\Super Mario All-Stars + Super Mario World (USA).zip
2015-01-11 20:53 - 2015-01-11 20:53 - 02836572 _____ () C:\Users\Anthony\Downloads\Super Street Fighter II - The New Challengers (E) [!].zip
2015-01-11 20:50 - 2015-01-11 20:50 - 02542754 _____ () C:\Users\Anthony\Downloads\Snes9x GX Channel Installer 1.2.zip
2015-01-11 20:40 - 2015-01-11 20:40 - 00077282 _____ () C:\Users\Anthony\Downloads\Super Mario Bros. 2 (USA).zip
2015-01-11 20:37 - 2015-01-11 20:37 - 00000000 ____D () C:\Users\Anthony\Desktop\fceugx
2015-01-11 20:36 - 2015-01-11 20:36 - 04582130 _____ () C:\Users\Anthony\Downloads\FCE Ultra GX 3.3.4.zip
2015-01-08 20:19 - 2015-01-08 20:19 - 00423109 _____ () C:\Users\Anthony\Downloads\PTT-20141214-WA0005.aac
2015-01-08 20:12 - 2015-01-08 23:26 - 593052680 _____ () C:\Users\Anthony\Downloads\SSQE01.rar
2015-01-08 19:56 - 2015-01-08 19:56 - 00012395 _____ () C:\Users\Anthony\Downloads\Mario_Party_9_[NTSC][Wii][Multi3].torrent
2015-01-08 19:47 - 2015-01-08 19:47 - 00026461 _____ () C:\Users\Anthony\Downloads\Wii-Mario.Party.8.USA.torrent
2015-01-08 19:47 - 2015-01-08 19:47 - 00000000 ____D () C:\Users\Anthony\AppData\Local\WBFSManager
2015-01-08 19:45 - 2015-01-23 12:05 - 00001018 _____ () C:\Users\Anthony\Desktop\WBFS Manager 3.0.lnk
2015-01-08 19:45 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Anthony\Documents\WBFS Manager Covers
2015-01-08 19:45 - 2015-01-08 19:45 - 02847970 _____ () C:\Users\Anthony\Downloads\WBFSManager3.0.1-RTW-x64.zip
2015-01-08 19:45 - 2015-01-08 19:45 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager
2015-01-08 19:45 - 2015-01-08 19:45 - 00000000 ____D () C:\Program Files\WBFS
2015-01-08 19:39 - 2015-01-08 19:39 - 00022076 _____ () C:\Users\Anthony\Downloads\Wii-Mario.Party.8.PAL.Multi5.torrent
2015-01-08 19:38 - 2015-01-08 19:38 - 02623374 _____ () C:\Users\Anthony\Downloads\WBFSManager3.0.1-RTW-x86.zip
2015-01-08 17:14 - 2015-01-08 17:14 - 13381768 _____ () C:\Users\Anthony\Downloads\doulCi™ Activator Official For Windows.rar
2015-01-08 17:12 - 2015-01-08 17:12 - 00478400 _____ () C:\Users\Anthony\Downloads\Extractor__8680_i1442734096_il58.exe
2015-01-08 17:00 - 2015-01-08 17:00 - 00137184 _____ () C:\Users\Anthony\Documents\Font List.html
2015-01-08 16:59 - 2015-01-08 16:59 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FontList
2015-01-08 16:59 - 2015-01-08 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontList
2015-01-08 16:59 - 2015-01-08 16:59 - 00000000 ____D () C:\Program Files (x86)\FontList
2015-01-08 16:58 - 2015-01-08 16:58 - 00583528 _____ () C:\Users\Anthony\Downloads\Hack Tool.exe
2015-01-08 16:56 - 2015-01-08 16:57 - 00478400 _____ () C:\Users\Anthony\Downloads\IOS Soft Dev Pack Downloader__3687_i1442721260_il1328663.exe
2015-01-08 16:53 - 2015-01-08 16:53 - 01351872 _____ () C:\Users\Anthony\Downloads\iOS Soft Dev Pack.exe
2015-01-08 15:42 - 2015-01-08 15:42 - 00000000 ____D () C:\Program Files (x86)\UUnisAlues
2015-01-08 15:41 - 2015-01-08 15:41 - 00000000 ____D () C:\ProgramData\oegbgbagpjgjedkbjckpnakdlcklophl
2015-01-08 15:41 - 2015-01-08 15:41 - 00000000 ____D () C:\ProgramData\13894028908374821943
2015-01-08 15:41 - 2015-01-08 15:41 - 00000000 ____D () C:\Program Files (x86)\unisallES
2015-01-08 15:40 - 2015-01-08 15:40 - 01350848 _____ () C:\Users\Anthony\Downloads\iCloud iEvader Setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 20:06 - 2014-09-24 02:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-04 20:04 - 2014-11-11 22:12 - 01291295 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-04 20:03 - 2013-10-08 14:52 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3327030430-57195599-3507464872-1002
2015-02-04 20:02 - 2014-11-22 01:37 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CFEAC846-BF22-49E0-9351-246C5BEEEB99}
2015-02-04 20:02 - 2014-11-12 06:10 - 00000000 ___RD () C:\Users\Anthony\OneDrive
2015-02-04 20:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-03 08:43 - 2013-10-08 14:44 - 00000062 _____ () C:\Users\Anthony\AppData\Roaming\sp_data.sys
2015-02-03 08:42 - 2014-12-18 17:41 - 00003772 _____ () C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-1.job
2015-02-03 08:42 - 2014-12-18 17:41 - 00002778 _____ () C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-5_user.job
2015-02-03 08:42 - 2014-12-18 17:41 - 00002778 _____ () C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-5.job
2015-02-03 08:42 - 2014-12-18 17:41 - 00002434 _____ () C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-2.job
2015-02-03 08:42 - 2014-12-18 17:40 - 00005850 _____ () C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-7.job
2015-02-03 08:42 - 2014-12-18 17:40 - 00005850 _____ () C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-6.job
2015-02-03 08:42 - 2014-12-18 17:40 - 00001702 _____ () C:\WINDOWS\Tasks\SOETRDG.job
2015-02-03 08:42 - 2014-12-18 17:40 - 00000918 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-03 08:42 - 2013-12-25 14:25 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Adobe
2015-02-03 08:42 - 2013-10-12 16:45 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 23:45 - 2014-12-18 17:40 - 00000922 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-02 23:42 - 2014-12-18 17:41 - 00004320 _____ () C:\WINDOWS\System32\Tasks\RocketTab Update Task
2015-02-02 23:42 - 2014-12-18 17:41 - 00003534 _____ () C:\WINDOWS\System32\Tasks\RocketTab
2015-02-02 23:42 - 2014-12-18 17:40 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2015-02-02 23:34 - 2013-10-12 16:46 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 23:18 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-02 23:16 - 2013-10-08 15:23 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-02 23:14 - 2013-10-08 15:34 - 00000000 ___HD () C:\$AVG
2015-02-02 23:14 - 2013-10-08 15:34 - 00000000 ____D () C:\ProgramData\AVG2014
2015-02-02 23:14 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-02-02 22:54 - 2014-04-05 21:54 - 00000310 _____ () C:\WINDOWS\Tasks\MySearchDial.job
2015-02-01 21:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-28 10:31 - 2013-08-22 09:46 - 00341742 _____ () C:\WINDOWS\setupact.log
2015-01-28 10:31 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-28 10:30 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-28 10:17 - 2014-12-18 17:40 - 00000000 ____D () C:\Program Files (x86)\Ge-Force
2015-01-28 10:14 - 2014-12-18 18:35 - 00000000 ____D () C:\Program Files (x86)\Security Updates Service
2015-01-27 13:39 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-24 15:20 - 2014-09-24 04:55 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 15:20 - 2014-09-24 04:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 12:06 - 2014-12-10 16:43 - 00000000 ____D () C:\Users\Anthony\Desktop\Anthony
2015-01-15 00:43 - 2014-09-24 02:03 - 00010528 _____ () C:\WINDOWS\PFRO.log
2015-01-15 00:15 - 2013-12-14 22:02 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\vlc
2015-01-15 00:09 - 2013-12-14 22:02 - 00001084 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-14 15:17 - 2013-10-10 19:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 15:13 - 2013-10-10 19:09 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-08 20:03 - 2013-12-21 15:47 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\uTorrent
 
==================== Files in the root of some directories =======
 
2014-09-03 16:36 - 2014-09-03 16:36 - 0001248 _____ () C:\Users\Anthony\AppData\Roaming\SOETRDG
2013-10-08 14:44 - 2015-02-03 08:43 - 0000062 _____ () C:\Users\Anthony\AppData\Roaming\sp_data.sys
2014-04-05 21:54 - 2014-11-16 00:54 - 0000147 _____ () C:\Users\Anthony\AppData\Roaming\WB.CFG
2015-01-28 10:04 - 2015-01-28 10:04 - 0195856 _____ () C:\Users\Anthony\AppData\Local\ars.cache
2015-01-28 10:04 - 2015-01-28 10:04 - 0262836 _____ () C:\Users\Anthony\AppData\Local\census.cache
2015-01-28 09:45 - 2015-01-28 09:45 - 0000036 _____ () C:\Users\Anthony\AppData\Local\housecall.guid.cache
2015-01-28 09:54 - 2015-01-28 09:54 - 0000010 _____ () C:\Users\Anthony\AppData\Local\sponge.last.runtime.cache
2012-11-27 13:26 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-27 13:26 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-27 13:26 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
Some content of TEMP:
====================
C:\Users\Anthony\AppData\Local\Temp\2e1D7dEb56a5D.exe
C:\Users\Anthony\AppData\Local\Temp\B011C.exe
C:\Users\Anthony\AppData\Local\Temp\e6B5E9DE7C7.exe
C:\Users\Anthony\AppData\Local\Temp\insHv14.exe
C:\Users\Anthony\AppData\Local\Temp\jsonparser.dll
C:\Users\Anthony\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Anthony\AppData\Local\Temp\rt-update.exe
C:\Users\Anthony\AppData\Local\Temp\SPINT-G.exe
C:\Users\Anthony\AppData\Local\Temp\sqlite3.exe
C:\Users\Anthony\AppData\Local\Temp\sysad.exe
C:\Users\Anthony\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Anthony\AppData\Local\Temp\System.Data.SQLited306a3f2-87d9-48c1-8645-9ca5f410c75c.dll
C:\Users\Anthony\AppData\Local\Temp\tu17p84.exe
C:\Users\Anthony\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-01 21:10
 
==================== End Of Log ============================


#4 Alcaseltzer

Alcaseltzer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 04 February 2015 - 08:15 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Anthony at 2015-02-04 20:07:37
Running from C:\Users\Anthony\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3327030430-57195599-3507464872-1002\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUSarrow-10x10.png Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Updatearrow-10x10.png (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.6.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version:  - Canon Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Document.Editor 2013.26 (HKLM-x32\...\Document.Editor) (Version: 2013.26 - Semagsoft)
FlvPlayer (HKU\S-1-5-21-3327030430-57195599-3507464872-1002\...\FlvPlayer) (Version: ${VERSION} - ) <==== ATTENTION
Fontlist (HKLM-x32\...\Fontlist) (Version:  - Edwin Martin)
GadgetWide Cloud Control Service (HKLM-x32\...\{6147344A-2A3D-4CE0-9F09-E99CE1C45573}) (Version: 1.2.0.6 - GadgetWide)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ge-Force (HKLM-x32\...\Ge-Force) (Version: 1.35.12.18 - iWebar) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloudarrow-10x10.png (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.7.1084 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3327030430-57195599-3507464872-1002\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6829 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
RocketTab (HKLM-x32\...\RocketTab) (Version:  - RocketTab) <==== ATTENTION!
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
UUnisAlues (HKLM-x32\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version:  - ) <==== ATTENTION
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3327030430-57195599-3507464872-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3327030430-57195599-3507464872-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3327030430-57195599-3507464872-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3327030430-57195599-3507464872-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
02-01-2015 14:33:15 Scheduled Checkpoint
10-01-2015 21:30:03 Scheduled Checkpoint
14-01-2015 15:12:35 Windows Update
27-01-2015 13:38:05 Windows Update
02-02-2015 23:11:47 Removed AVG 2014
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01412520-C6A7-4B40-9F44-67755FE7005F} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-18] (globalUpdate) <==== ATTENTION
Task: {1FF32EC3-F48F-468A-B417-FC61E5BE7ED3} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {216320C4-557D-48A0-9035-23D57D9F6532} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)
Task: {2EAE977E-8B50-43FF-B47A-9064BC5FB1A7} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {3398CDD7-0AEF-4D51-A0E8-8C12E8A19A4B} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2015-02-02] () <==== ATTENTION
Task: {3526736B-2EEC-45B7-8AE6-D31D772B05C7} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-18] (globalUpdate) <==== ATTENTION
Task: {3A493E09-04B1-48C0-B0DB-4FEEA2B6405C} - System32\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-7 => C:\Program Files (x86)\Ge-Force\a3b209d3-5c93-4d89-8a09-43484c29ddc3-7.exe <==== ATTENTION
Task: {487BFF9D-52D2-45D3-B0BB-071FC90F83AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12] (Google Inc.)
Task: {4B1A40FB-7550-455E-A7F4-99F8E518317B} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {5262A0C7-D521-4277-9C59-F0E558D9C46A} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {6288D920-C204-4357-994F-A87A86EEA9DC} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {7BD1E339-4695-43B9-A258-21BE73651959} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()
Task: {81B853DF-6256-4580-8DA0-7D5DAA272103} - System32\Tasks\RunTool => C:\Users\Anthony\AppData\Local\d306a3f2-87d9-48c1-8645-9ca5f410c75c\sysad.exe [2015-02-04] ()
Task: {84F1F867-54CA-49B1-BEFB-A01D33C7E1FE} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {85010C73-15CB-4853-8596-70F72E809A28} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {8F13418E-E181-4F1E-907A-0CD6FCD94E09} - \a3b209d3-5c93-4d89-8a09-43484c29ddc3-2 No Task File <==== ATTENTION
Task: {95C7874E-191F-4B3D-AB24-F1C8972ACECA} - System32\Tasks\SOETRDG => C:\Users\Anthony\AppData\Roaming\SOETRDG.exe <==== ATTENTION
Task: {9E43A7A2-11B4-4C18-98B2-26CBEEEDCF1A} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {A0B788C8-65E9-4760-8518-74F2F54C1562} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-b__anthony@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {A39FC390-66FB-4119-A81F-B9FB8CD36097} - System32\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-1 => C:\Program Files (x86)\Ge-Force\Ge-Force-codedownloader.exe <==== ATTENTION
Task: {A8C68E5E-C790-429F-A1E7-914B9E4D0762} - \a3b209d3-5c93-4d89-8a09-43484c29ddc3-6 No Task File <==== ATTENTION
Task: {AA935826-CDF9-46FA-BC96-57224B62DC12} - \a3b209d3-5c93-4d89-8a09-43484c29ddc3-5 No Task File <==== ATTENTION
Task: {ABB84081-B8BE-440E-B085-7B2F9BB609ED} - System32\Tasks\MySearchDial => C:\Users\Anthony\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {BEAE57F5-28E6-4B69-8FC7-F4E4FEE16A50} - \a3b209d3-5c93-4d89-8a09-43484c29ddc3-5_user No Task File <==== ATTENTION
Task: {C288D8FA-3776-4233-83EC-F126749BE6E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12] (Google Inc.)
Task: {C4B9AE90-C7F8-4DB1-9523-5D032BEEF398} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {FAAC0BB7-DCA3-4D66-8DA1-631B5F1A56E0} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {FFA147E1-E8DF-4908-B2F9-80613FDB6974} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-1.jobarrow-10x10.png => C:\Program Files (x86)\Ge-Force\Ge-Force-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-2.job => C:\Program Files (x86)\Ge-Force\a3b209d3-5c93-4d89-8a09-43484c29ddc3-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-5.job => C:\Program Files (x86)\Ge-Force\a3b209d3-5c93-4d89-8a09-43484c29ddc3-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-5_user.job => C:\Program Files (x86)\Ge-Force\a3b209d3-5c93-4d89-8a09-43484c29ddc3-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-6.job => C:\Program Files (x86)\Ge-Force\a3b209d3-5c93-4d89-8a09-43484c29ddc3-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a3b209d3-5c93-4d89-8a09-43484c29ddc3-7.job => C:\Program Files (x86)\Ge-Force\a3b209d3-5c93-4d89-8a09-43484c29ddc3-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MySearchDial.job => C:\Users\Anthony\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\SOETRDG.job => C:\Users\Anthony\AppData\Roaming\SOETRDG.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2014-08-11 11:04 - 2014-08-11 11:04 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-11-11 22:12 - 2013-10-23 03:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-11-29 19:15 - 2012-11-29 19:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-11-26 22:52 - 2014-11-26 22:52 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-02-02 23:42 - 2015-02-02 23:42 - 02610688 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-29 20:59 - 2012-09-29 20:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-09-29 21:01 - 2012-09-29 21:01 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-09-26 14:40 - 2014-09-26 14:40 - 06237856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-11 11:04 - 2014-08-11 11:04 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2013-05-08 20:12 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-12-10 16:35 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-10 16:35 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-10 16:35 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 16:35 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-12-10 16:35 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Anthony\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Anthony\Downloads\Reference so I can get back to work.eml:OECustomProperty
AlternateDataStreams: C:\Users\Anthony\Downloads\Return to work.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3327030430-57195599-3507464872-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3327030430-57195599-3507464872-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Anthony\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKU\S-1-5-21-3327030430-57195599-3507464872-1002\...\StartupApproved\Run: => "YTDownloader"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3327030430-57195599-3507464872-500 - Administrator - Disabled)
Anthony (S-1-5-21-3327030430-57195599-3507464872-1002 - Administrator - Enabled) => C:\Users\Anthony
Guest (S-1-5-21-3327030430-57195599-3507464872-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3327030430-57195599-3507464872-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Virtual Bluetooth Support
Description: Virtual Bluetooth Support
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/03/2015 00:46:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8906
 
Error: (02/03/2015 00:46:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8906
 
Error: (02/03/2015 00:46:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/03/2015 00:46:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6265
 
Error: (02/03/2015 00:46:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6265
 
Error: (02/03/2015 00:46:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/03/2015 00:46:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2062
 
Error: (02/03/2015 00:46:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2062
 
Error: (02/03/2015 00:46:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/02/2015 09:32:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1312
 
 
System errors:
=============
Error: (01/28/2015 10:33:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (01/28/2015 10:33:17 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/28/2015 10:13:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Security Updates Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/27/2015 01:38:05 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (01/21/2015 09:48:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (01/21/2015 09:48:28 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (01/21/2015 09:48:27 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (01/21/2015 09:48:26 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (01/21/2015 09:48:25 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (01/21/2015 09:48:24 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
 
Microsoft Office Sessions:
=========================
Error: (02/03/2015 00:46:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8906
 
Error: (02/03/2015 00:46:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8906
 
Error: (02/03/2015 00:46:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/03/2015 00:46:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6265
 
Error: (02/03/2015 00:46:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6265
 
Error: (02/03/2015 00:46:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/03/2015 00:46:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2062
 
Error: (02/03/2015 00:46:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2062
 
Error: (02/03/2015 00:46:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/02/2015 09:32:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1312
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 38%
Total physical RAM: 6029.54 MB
Available physical RAM: 3704.64 MB
Total Pagefile: 7373.54 MB
Available Pagefile: 4845.54 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:279.01 GB) (Free:204.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:397.87 GB) (Free:397.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 337AEAFE)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:12 PM

Posted 05 February 2015 - 11:21 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 Alcaseltzer

Alcaseltzer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 06 February 2015 - 02:39 PM

Heyyy
 
so i did all the steps and posting them right now. I do However notice a significant change in my browsing so far. UniSaaAAAlUes is finally gone.. I checked add/remove programs and its not there no more..
 
I hope this means its absolutely gone forever?
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Anthony (administrator) on TONY on 06-02-2015 14:35:40
Running from C:\Users\Anthony\Desktop
Loaded Profiles: Anthony (Available profiles: UpdatusUser & Anthony)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-23] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [644656 2013-08-17] (McAfee, Inc.)
HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:65124;https=127.0.0.1:65124
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-3327030430-57195599-3507464872-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-3327030430-57195599-3507464872-1002 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova.net/en/downloads/getmodule.aspx?lang=en
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-12]
CHR Extension: (Google Drive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-21]
CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-21]
CHR Extension: (ICE Quick Stream) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2014-06-20]
CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [31632 2013-01-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-18] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-18] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-18] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
U0 ysay; C:\Windows\System32\drivers\tahojr.sys [79064 2015-02-06] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 14:30 - 2015-02-06 14:30 - 00000773 _____ () C:\Users\Anthony\Desktop\JRT.txt
2015-02-06 14:19 - 2015-02-06 14:19 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\tahojr.sys
2015-02-06 13:15 - 2015-02-06 13:21 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 13:13 - 2015-02-06 13:13 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 13:13 - 2015-02-06 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 13:12 - 2015-02-06 13:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 13:12 - 2015-02-06 13:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 13:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-06 13:12 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-06 13:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-05 16:27 - 2015-02-06 13:07 - 00000000 ____D () C:\AdwCleaner
2015-02-05 16:27 - 2015-02-05 16:27 - 01388274 _____ (Thisisu) C:\Users\Anthony\Desktop\JRT.exe
2015-02-05 16:25 - 2015-02-05 16:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Anthony\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-05 16:24 - 2015-02-05 16:24 - 02194432 _____ () C:\Users\Anthony\Desktop\AdwCleaner.exe
2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Users\Anthony\Desktop\2015_02_04
2015-02-04 20:07 - 2015-02-04 20:08 - 00030855 _____ () C:\Users\Anthony\Desktop\Addition.txt
2015-02-04 20:06 - 2015-02-06 14:35 - 00018129 _____ () C:\Users\Anthony\Desktop\FRST.txt
2015-02-04 20:06 - 2015-02-06 14:35 - 00000000 ____D () C:\FRST
2015-02-04 20:04 - 2015-02-04 20:04 - 02131968 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe
2015-02-02 23:42 - 2015-02-02 23:42 - 00003766 _____ () C:\WINDOWS\System32\Tasks\RunTool
2015-02-02 23:42 - 2015-02-02 23:42 - 00000000 ____D () C:\Users\Anthony\AppData\Local\d306a3f2-87d9-48c1-8645-9ca5f410c75c
2015-02-02 23:17 - 2014-12-31 06:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-02 22:47 - 2015-02-02 22:47 - 00000000 ____D () C:\zoek_backup
2015-01-28 10:13 - 2015-01-28 10:19 - 00236080 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2015-01-28 10:04 - 2015-01-28 10:04 - 00262836 _____ () C:\Users\Anthony\AppData\Local\census.cache
2015-01-28 10:04 - 2015-01-28 10:04 - 00195856 _____ () C:\Users\Anthony\AppData\Local\ars.cache
2015-01-28 09:54 - 2015-01-28 09:54 - 00000010 _____ () C:\Users\Anthony\AppData\Local\sponge.last.runtime.cache
2015-01-28 09:45 - 2015-01-28 09:45 - 02494944 _____ (Trend Micro Inc.) C:\Users\Anthony\Downloads\HousecallLauncher64.exe
2015-01-28 09:45 - 2015-01-28 09:45 - 00000036 _____ () C:\Users\Anthony\AppData\Local\housecall.guid.cache
2015-01-28 09:45 - 2013-09-27 21:56 - 00285208 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-01-28 09:40 - 2015-01-28 09:40 - 00002704 _____ () C:\Users\Anthony\Downloads\Peak Products - Bolton.vcf
2015-01-23 11:55 - 2015-01-23 11:55 - 00071250 _____ () C:\Users\Anthony\Downloads\Paystub from Industrial Temporary Solutions Inc (1).zip
2015-01-20 16:48 - 2015-02-02 22:45 - 00000000 ____D () C:\Users\Anthony\Desktop\Fam Pics
2015-01-16 01:27 - 2015-01-16 01:27 - 00071150 _____ () C:\Users\Anthony\Downloads\Paystub from Industrial Temporary Solutions Inc.zip
2015-01-15 00:07 - 2015-01-15 00:07 - 00000370 _____ () C:\Users\Anthony\Downloads\temp_file-[Blackish.S01E12.720p.HDTV.X264-DIMENSION.mkv][180upload].xspf
2015-01-14 15:11 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 15:11 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 15:11 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 15:11 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 15:11 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 15:11 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 15:11 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 15:11 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 15:11 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 15:11 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 15:11 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 15:11 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 15:11 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 15:11 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 15:11 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 15:11 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 15:11 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 15:11 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 15:11 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 15:11 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 15:11 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 15:11 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 15:11 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 15:11 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-11 23:58 - 2015-01-11 23:58 - 00021405 _____ () C:\Users\Anthony\Desktop\GETFILE_Super Mario World 2 - Yoshis Island (U) (M3) (V1.0) [!].zip
2015-01-11 23:52 - 2015-01-11 23:52 - 04943004 _____ () C:\Users\Anthony\Downloads\Snes9x GX 4.3.2.zip
2015-01-11 23:43 - 2015-01-11 23:44 - 02682192 _____ () C:\Users\Anthony\Downloads\Super Mario RPG - Legend of the Seven Stars (USA).zip
2015-01-11 23:41 - 2015-01-11 23:41 - 01335858 _____ () C:\Users\Anthony\Downloads\Super Mario All-Stars + Super Mario World (USA).zip
2015-01-11 20:53 - 2015-01-11 20:53 - 02836572 _____ () C:\Users\Anthony\Downloads\Super Street Fighter II - The New Challengers (E) [!].zip
2015-01-11 20:50 - 2015-01-11 20:50 - 02542754 _____ () C:\Users\Anthony\Downloads\Snes9x GX Channel Installer 1.2.zip
2015-01-11 20:40 - 2015-01-11 20:40 - 00077282 _____ () C:\Users\Anthony\Downloads\Super Mario Bros. 2 (USA).zip
2015-01-11 20:37 - 2015-01-11 20:37 - 00000000 ____D () C:\Users\Anthony\Desktop\fceugx
2015-01-11 20:36 - 2015-01-11 20:36 - 04582130 _____ () C:\Users\Anthony\Downloads\FCE Ultra GX 3.3.4.zip
2015-01-08 20:19 - 2015-01-08 20:19 - 00423109 _____ () C:\Users\Anthony\Downloads\PTT-20141214-WA0005.aac
2015-01-08 20:12 - 2015-01-08 23:26 - 593052680 _____ () C:\Users\Anthony\Downloads\SSQE01.rar
2015-01-08 19:56 - 2015-01-08 19:56 - 00012395 _____ () C:\Users\Anthony\Downloads\Mario_Party_9_[NTSC][Wii][Multi3].torrent
2015-01-08 19:47 - 2015-01-08 19:47 - 00026461 _____ () C:\Users\Anthony\Downloads\Wii-Mario.Party.8.USA.torrent
2015-01-08 19:47 - 2015-01-08 19:47 - 00000000 ____D () C:\Users\Anthony\AppData\Local\WBFSManager
2015-01-08 19:45 - 2015-01-23 12:05 - 00001018 _____ () C:\Users\Anthony\Desktop\WBFS Manager 3.0.lnk
2015-01-08 19:45 - 2015-01-08 19:49 - 00000000 ____D () C:\Users\Anthony\Documents\WBFS Manager Covers
2015-01-08 19:45 - 2015-01-08 19:45 - 02847970 _____ () C:\Users\Anthony\Downloads\WBFSManager3.0.1-RTW-x64.zip
2015-01-08 19:45 - 2015-01-08 19:45 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager
2015-01-08 19:45 - 2015-01-08 19:45 - 00000000 ____D () C:\Program Files\WBFS
2015-01-08 19:39 - 2015-01-08 19:39 - 00022076 _____ () C:\Users\Anthony\Downloads\Wii-Mario.Party.8.PAL.Multi5.torrent
2015-01-08 19:38 - 2015-01-08 19:38 - 02623374 _____ () C:\Users\Anthony\Downloads\WBFSManager3.0.1-RTW-x86.zip
2015-01-08 17:14 - 2015-01-08 17:14 - 13381768 _____ () C:\Users\Anthony\Downloads\doulCi™ Activator Official For Windows.rar
2015-01-08 17:00 - 2015-01-08 17:00 - 00137184 _____ () C:\Users\Anthony\Documents\Font List.html
2015-01-08 16:59 - 2015-01-08 16:59 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FontList
2015-01-08 16:59 - 2015-01-08 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontList
2015-01-08 16:59 - 2015-01-08 16:59 - 00000000 ____D () C:\Program Files (x86)\FontList
2015-01-08 16:53 - 2015-01-08 16:53 - 01351872 _____ () C:\Users\Anthony\Downloads\iOS Soft Dev Pack.exe
2015-01-08 15:40 - 2015-01-08 15:40 - 01350848 _____ () C:\Users\Anthony\Downloads\iCloud iEvader Setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 14:36 - 2014-11-11 22:12 - 01863153 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-06 14:34 - 2013-10-12 16:46 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 14:30 - 2013-10-08 14:52 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3327030430-57195599-3507464872-1002
2015-02-06 14:19 - 2014-12-18 17:40 - 00000000 ____D () C:\Program Files (x86)\d0fda995-5329-4ab0-ae1b-265477b5ee6f
2015-02-06 14:19 - 2014-12-17 16:26 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Angry_Birds_Space
2015-02-06 14:19 - 2014-12-16 23:42 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Angry_Birds_Halloween
2015-02-06 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-02-06 14:19 - 2013-05-08 20:09 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-06 14:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-06 13:56 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-06 13:11 - 2014-11-12 06:10 - 00000000 ____D () C:\Users\Anthony\OneDrive
2015-02-06 13:11 - 2013-10-08 14:44 - 00000062 _____ () C:\Users\Anthony\AppData\Roaming\sp_data.sys
2015-02-06 13:09 - 2014-12-18 17:40 - 00001702 _____ () C:\WINDOWS\Tasks\SOETRDG.job
2015-02-06 13:09 - 2013-12-25 14:25 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Adobe
2015-02-06 13:09 - 2013-10-12 16:45 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 13:08 - 2014-09-24 02:03 - 00027166 _____ () C:\WINDOWS\PFRO.log
2015-02-06 13:08 - 2013-10-08 15:34 - 00000000 ____D () C:\ProgramData\AVG2014
2015-02-06 13:08 - 2013-10-08 15:23 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-06 13:08 - 2013-08-22 09:46 - 00341819 _____ () C:\WINDOWS\setupact.log
2015-02-06 13:08 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-06 13:07 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-06 13:05 - 2014-11-22 01:37 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CFEAC846-BF22-49E0-9351-246C5BEEEB99}
2015-02-06 13:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-04 20:06 - 2014-09-24 02:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-03 14:31 - 2014-09-24 04:55 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2014-09-24 04:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 23:18 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-02 23:14 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-23 12:06 - 2014-12-10 16:43 - 00000000 ____D () C:\Users\Anthony\Desktop\Anthony
2015-01-15 00:15 - 2013-12-14 22:02 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\vlc
2015-01-15 00:09 - 2013-12-14 22:02 - 00001084 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-14 15:17 - 2013-10-10 19:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 15:13 - 2013-10-10 19:09 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-08 20:03 - 2013-12-21 15:47 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\uTorrent
 
==================== Files in the root of some directories =======
 
2014-09-03 16:36 - 2014-09-03 16:36 - 0001248 _____ () C:\Users\Anthony\AppData\Roaming\SOETRDG
2013-10-08 14:44 - 2015-02-06 13:11 - 0000062 _____ () C:\Users\Anthony\AppData\Roaming\sp_data.sys
2014-04-05 21:54 - 2014-11-16 00:54 - 0000147 _____ () C:\Users\Anthony\AppData\Roaming\WB.CFG
2015-01-28 10:04 - 2015-01-28 10:04 - 0195856 _____ () C:\Users\Anthony\AppData\Local\ars.cache
2015-01-28 10:04 - 2015-01-28 10:04 - 0262836 _____ () C:\Users\Anthony\AppData\Local\census.cache
2015-01-28 09:45 - 2015-01-28 09:45 - 0000036 _____ () C:\Users\Anthony\AppData\Local\housecall.guid.cache
2015-01-28 09:54 - 2015-01-28 09:54 - 0000010 _____ () C:\Users\Anthony\AppData\Local\sponge.last.runtime.cache
2012-11-27 13:26 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-27 13:26 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-27 13:26 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
Some content of TEMP:
====================
C:\Users\Anthony\AppData\Local\Temp\2e1D7dEb56a5D.exe
C:\Users\Anthony\AppData\Local\Temp\B011C.exe
C:\Users\Anthony\AppData\Local\Temp\e6B5E9DE7C7.exe
C:\Users\Anthony\AppData\Local\Temp\insHv14.exe
C:\Users\Anthony\AppData\Local\Temp\jsonparser.dll
C:\Users\Anthony\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Anthony\AppData\Local\Temp\rt-update.exe
C:\Users\Anthony\AppData\Local\Temp\sqlite3.dll
C:\Users\Anthony\AppData\Local\Temp\sqlite3.exe
C:\Users\Anthony\AppData\Local\Temp\sysad.exe
C:\Users\Anthony\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Anthony\AppData\Local\Temp\System.Data.SQLited306a3f2-87d9-48c1-8645-9ca5f410c75c.dll
C:\Users\Anthony\AppData\Local\Temp\tu17p84.exe
C:\Users\Anthony\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-06 13:48
 
==================== End Of Log ============================

Attached Files



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:12 PM

Posted 07 February 2015 - 08:19 AM

Can you please post the logs into the thread rather than attaching them? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:12 PM

Posted 11 February 2015 - 07:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:12 PM

Posted 11 February 2015 - 11:09 AM

User returned.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Alcaseltzer

Alcaseltzer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 12 February 2015 - 08:38 AM

Testing



#11 Alcaseltzer

Alcaseltzer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 12 February 2015 - 08:45 AM

Ok so I am having some serious issues right now.

 

I am trying to copy and paste the first log "AdwCleaner[SO]" into this post.

 

I can very well do that, but the moment I click "Post" a popup box states I do not have permission to do so

 

So now Im in a pickle


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Anthony (administrator) on TONY on 09-02-2015 14:46:32
Running from C:\Users\Anthony\Desktop
Loaded Profiles: Anthony &  (Available profiles: UpdatusUser & Anthony)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-23] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [644656 2013-08-17] (McAfee, Inc.)
HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3327030430-57195599-3507464872-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:65124;https=127.0.0.1:65124
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-3327030430-57195599-3507464872-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKU\S-1-5-21-3327030430-57195599-3507464872-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-3327030430-57195599-3507464872-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-3327030430-57195599-3507464872-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3327030430-57195599-3507464872-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-3327030430-57195599-3507464872-1002 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-3327030430-57195599-3507464872-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova.net/en/downloads/getmodule.aspx?lang=en
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-12]
CHR Extension: (Google Drive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-21]
CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-21]
CHR Extension: (ICE Quick Stream) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2014-06-20]
CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [31632 2013-01-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-18] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-18] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-18] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-09 14:46 - 2015-02-09 14:46 - 00000000 ____D () C:\Users\Anthony\Desktop\FRST-OlderVersion
2015-02-09 14:41 - 2015-02-09 14:42 - 00067694 _____ () C:\Users\Anthony\Desktop\Quarantine.txt
2015-02-06 15:26 - 2015-02-06 15:48 - 988125097 _____ () C:\Users\Anthony\Desktop\Annabell 2014.mp4
2015-02-06 14:30 - 2015-02-06 14:30 - 00000773 _____ () C:\Users\Anthony\Desktop\JRT.txt
2015-02-06 13:15 - 2015-02-09 14:38 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 13:13 - 2015-02-06 13:13 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 13:13 - 2015-02-06 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 13:12 - 2015-02-06 13:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 13:12 - 2015-02-06 13:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 13:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-06 13:12 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-06 13:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-05 16:27 - 2015-02-06 13:07 - 00000000 ____D () C:\AdwCleaner
2015-02-05 16:27 - 2015-02-05 16:27 - 01388274 _____ (Thisisu) C:\Users\Anthony\Desktop\JRT.exe
2015-02-05 16:25 - 2015-02-05 16:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Anthony\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-05 16:24 - 2015-02-05 16:24 - 02194432 _____ () C:\Users\Anthony\Desktop\AdwCleaner.exe
2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Users\Anthony\Desktop\2015_02_04
2015-02-04 20:07 - 2015-02-04 20:08 - 00030855 _____ () C:\Users\Anthony\Desktop\Addition.txt
2015-02-04 20:06 - 2015-02-09 14:46 - 00020102 _____ () C:\Users\Anthony\Desktop\FRST.txt
2015-02-04 20:06 - 2015-02-09 14:46 - 00000000 ____D () C:\FRST
2015-02-04 20:04 - 2015-02-09 14:46 - 02132992 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe
2015-02-02 23:42 - 2015-02-02 23:42 - 00003766 _____ () C:\WINDOWS\System32\Tasks\RunTool
2015-02-02 23:42 - 2015-02-02 23:42 - 00000000 ____D () C:\Users\Anthony\AppData\Local\d306a3f2-87d9-48c1-8645-9ca5f410c75c
2015-02-02 23:17 - 2014-12-31 06:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-02 22:47 - 2015-02-02 22:47 - 00000000 ____D () C:\zoek_backup
2015-01-28 10:13 - 2015-01-28 10:19 - 00236080 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2015-01-28 10:04 - 2015-01-28 10:04 - 00262836 _____ () C:\Users\Anthony\AppData\Local\census.cache
2015-01-28 10:04 - 2015-01-28 10:04 - 00195856 _____ () C:\Users\Anthony\AppData\Local\ars.cache
2015-01-28 09:54 - 2015-01-28 09:54 - 00000010 _____ () C:\Users\Anthony\AppData\Local\sponge.last.runtime.cache
2015-01-28 09:45 - 2015-01-28 09:45 - 02494944 _____ (Trend Micro Inc.) C:\Users\Anthony\Downloads\HousecallLauncher64.exe
2015-01-28 09:45 - 2015-01-28 09:45 - 00000036 _____ () C:\Users\Anthony\AppData\Local\housecall.guid.cache
2015-01-28 09:45 - 2013-09-27 21:56 - 00285208 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-01-28 09:40 - 2015-01-28 09:40 - 00002704 _____ () C:\Users\Anthony\Downloads\Peak Products - Bolton.vcf
2015-01-23 11:55 - 2015-01-23 11:55 - 00071250 _____ () C:\Users\Anthony\Downloads\Paystub from Industrial Temporary Solutions Inc (1).zip
2015-01-20 16:48 - 2015-02-02 22:45 - 00000000 ____D () C:\Users\Anthony\Desktop\Fam Pics
2015-01-16 01:27 - 2015-01-16 01:27 - 00071150 _____ () C:\Users\Anthony\Downloads\Paystub from Industrial Temporary Solutions Inc.zip
2015-01-15 00:07 - 2015-01-15 00:07 - 00000370 _____ () C:\Users\Anthony\Downloads\temp_file-[Blackish.S01E12.720p.HDTV.X264-DIMENSION.mkv][180upload].xspf
2015-01-14 15:11 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 15:11 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 15:11 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 15:11 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 15:11 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 15:11 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 15:11 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 15:11 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 15:11 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 15:11 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 15:11 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 15:11 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 15:11 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 15:11 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 15:11 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 15:11 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 15:11 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 15:11 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 15:11 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 15:11 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 15:11 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 15:11 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 15:11 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 15:11 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 15:11 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-11 23:58 - 2015-01-11 23:58 - 00021405 _____ () C:\Users\Anthony\Desktop\GETFILE_Super Mario World 2 - Yoshis Island (U) (M3) (V1.0) [!].zip
2015-01-11 23:52 - 2015-01-11 23:52 - 04943004 _____ () C:\Users\Anthony\Downloads\Snes9x GX 4.3.2.zip
2015-01-11 23:43 - 2015-01-11 23:44 - 02682192 _____ () C:\Users\Anthony\Downloads\Super Mario RPG - Legend of the Seven Stars (USA).zip
2015-01-11 23:41 - 2015-01-11 23:41 - 01335858 _____ () C:\Users\Anthony\Downloads\Super Mario All-Stars + Super Mario World (USA).zip
2015-01-11 20:53 - 2015-01-11 20:53 - 02836572 _____ () C:\Users\Anthony\Downloads\Super Street Fighter II - The New Challengers (E) [!].zip
2015-01-11 20:50 - 2015-01-11 20:50 - 02542754 _____ () C:\Users\Anthony\Downloads\Snes9x GX Channel Installer 1.2.zip
2015-01-11 20:40 - 2015-01-11 20:40 - 00077282 _____ () C:\Users\Anthony\Downloads\Super Mario Bros. 2 (USA).zip
2015-01-11 20:37 - 2015-01-11 20:37 - 00000000 ____D () C:\Users\Anthony\Desktop\fceugx
2015-01-11 20:36 - 2015-01-11 20:36 - 04582130 _____ () C:\Users\Anthony\Downloads\FCE Ultra GX 3.3.4.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-09 14:46 - 2013-12-25 14:25 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Adobe
2015-02-09 14:45 - 2014-11-22 01:37 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CFEAC846-BF22-49E0-9351-246C5BEEEB99}
2015-02-09 14:44 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-09 14:38 - 2014-11-11 22:12 - 01966210 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-09 14:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-06 21:34 - 2013-10-12 16:46 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 21:33 - 2013-10-12 16:45 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 15:25 - 2014-12-18 17:40 - 00001702 _____ () C:\WINDOWS\Tasks\SOETRDG.job
2015-02-06 15:25 - 2014-11-12 06:10 - 00000000 ___RD () C:\Users\Anthony\OneDrive
2015-02-06 15:25 - 2013-10-08 14:44 - 00000062 _____ () C:\Users\Anthony\AppData\Roaming\sp_data.sys
2015-02-06 15:21 - 2014-09-24 02:03 - 00046124 _____ () C:\WINDOWS\PFRO.log
2015-02-06 15:21 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-02-06 15:21 - 2013-08-22 09:46 - 00341896 _____ () C:\WINDOWS\setupact.log
2015-02-06 15:21 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-06 15:21 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-06 14:44 - 2013-10-08 14:52 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3327030430-57195599-3507464872-1002
2015-02-06 14:19 - 2014-12-18 17:40 - 00000000 ____D () C:\Program Files (x86)\d0fda995-5329-4ab0-ae1b-265477b5ee6f
2015-02-06 14:19 - 2014-12-17 16:26 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Angry_Birds_Space
2015-02-06 14:19 - 2014-12-16 23:42 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Angry_Birds_Halloween
2015-02-06 14:19 - 2013-05-08 20:09 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-06 13:56 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-06 13:08 - 2013-10-08 15:34 - 00000000 ____D () C:\ProgramData\AVG2014
2015-02-06 13:08 - 2013-10-08 15:23 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-04 20:06 - 2014-09-24 02:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-03 14:31 - 2014-09-24 04:55 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2014-09-24 04:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 23:18 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-02 23:14 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-23 12:06 - 2014-12-10 16:43 - 00000000 ____D () C:\Users\Anthony\Desktop\Anthony
2015-01-23 12:05 - 2015-01-08 19:45 - 00001018 _____ () C:\Users\Anthony\Desktop\WBFS Manager 3.0.lnk
2015-01-15 00:15 - 2013-12-14 22:02 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\vlc
2015-01-15 00:09 - 2013-12-14 22:02 - 00001084 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-14 15:17 - 2013-10-10 19:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 15:13 - 2013-10-10 19:09 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-09-03 16:36 - 2014-09-03 16:36 - 0001248 _____ () C:\Users\Anthony\AppData\Roaming\SOETRDG
2013-10-08 14:44 - 2015-02-06 15:25 - 0000062 _____ () C:\Users\Anthony\AppData\Roaming\sp_data.sys
2014-04-05 21:54 - 2014-11-16 00:54 - 0000147 _____ () C:\Users\Anthony\AppData\Roaming\WB.CFG
2015-01-28 10:04 - 2015-01-28 10:04 - 0195856 _____ () C:\Users\Anthony\AppData\Local\ars.cache
2015-01-28 10:04 - 2015-01-28 10:04 - 0262836 _____ () C:\Users\Anthony\AppData\Local\census.cache
2015-01-28 09:45 - 2015-01-28 09:45 - 0000036 _____ () C:\Users\Anthony\AppData\Local\housecall.guid.cache
2015-01-28 09:54 - 2015-01-28 09:54 - 0000010 _____ () C:\Users\Anthony\AppData\Local\sponge.last.runtime.cache
2012-11-27 13:26 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-27 13:26 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-27 13:26 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
Some content of TEMP:
====================
C:\Users\Anthony\AppData\Local\Temp\2e1D7dEb56a5D.exe
C:\Users\Anthony\AppData\Local\Temp\B011C.exe
C:\Users\Anthony\AppData\Local\Temp\e6B5E9DE7C7.exe
C:\Users\Anthony\AppData\Local\Temp\insHv14.exe
C:\Users\Anthony\AppData\Local\Temp\jsonparser.dll
C:\Users\Anthony\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Anthony\AppData\Local\Temp\rt-update.exe
C:\Users\Anthony\AppData\Local\Temp\sqlite3.dll
C:\Users\Anthony\AppData\Local\Temp\sqlite3.exe
C:\Users\Anthony\AppData\Local\Temp\sysad.exe
C:\Users\Anthony\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Anthony\AppData\Local\Temp\System.Data.SQLited306a3f2-87d9-48c1-8645-9ca5f410c75c.dll
C:\Users\Anthony\AppData\Local\Temp\tu17p84.exe
C:\Users\Anthony\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-06 15:44
 
==================== End Of Log ============================

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 2/6/2015

Scan Time: 1:21:02 PM

Logfile: malwarebyteslog.txt

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.02.06.07

Rootkit Database: v2015.02.03.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Anthony

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 383595

Time Elapsed: 55 min, 15 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 6

PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\Ge-Force, Quarantined, [14fec456b4d6d660849d82834cb97b85],

PUP.Optional.GeForce.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, Quarantined, [60b24ccea0eadf57041fdf26996cb050],

PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3327030430-57195599-3507464872-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SearchProtectIN4T, Quarantined, [060c0b0fc5c5eb4b57a98487e61f8b75],

PUP.Optional.GeForce.A, HKU\S-1-5-21-3327030430-57195599-3507464872-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, Quarantined, [3fd3a872e6a4ec4ab073fe0709fc41bf],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [759d27f3028890a63a47c4a20cf7916f],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [759d27f3028890a63a47c4a20cf7916f],

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 3

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.292130, Quarantined, [759d27f3028890a63a47c4a20cf7916f],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.45174, Quarantined, [8e84e337305a66d0344d5c0a31d2b24e],

PUP.Optional.Yappyz.A, C:\Users\Anthony\AppData\Local\YappyzUninstall, Quarantined, [6ca6a278a0eaea4c5d640973c73c16ea],

 

Files: 65

PUP.Optional.Yappyz.A, C:\Users\Anthony\AppData\Roaming\Angry_Birds_Halloween\Angry_Birds_Halloween.exe, Quarantined, [fb17af6bf39760d639a3bf3c21e036ca],

PUP.Optional.Yappyz.A, C:\Users\Anthony\AppData\Roaming\Angry_Birds_Space\Angry_Birds_Space.exe, Quarantined, [26ec0f0b6624fc3a627a708bcf327888],

PUP.Optional.Nova.A, C:\Program Files (x86)\AGEIA Technologies\4012ec44-ca76-45b5-bc7a-b6a04e16c3ef.dll, Quarantined, [0210f228bfcb350137121de9dd257888],

PUP.Optional.Nova.A, C:\Program Files (x86)\d0fda995-5329-4ab0-ae1b-265477b5ee6f\e997b4ef-7d84-41b8-a405-2e9ebec99152.dll, Quarantined, [ee24fd1deb9fe74f400930d649b930d0],

PUP.Optional.Bundle, C:\$Recycle.Bin\S-1-5-21-3327030430-57195599-3507464872-1002\$R4SB7E1.exe, Quarantined, [22f078a2cfbb76c01a76d437ce3432ce],

PUP.Optional.SearchProtect.A, C:\Users\Anthony\AppData\Local\Temp\SPINT-G.exe, Quarantined, [20f229f14c3ecb6be1e18f18966b56aa],

Trojan.Agent, C:\Users\Anthony\AppData\Local\Temp\Quarantine.exe, Quarantined, [68aa51c9bdcd1323354162bad72bb24e],

Trojan.Agent, C:\Users\Anthony\AppData\Local\Temp\PHQGHU.tmp\CEONWLyANyu1PN.exe, Quarantined, [23ef60ba99f171c5f2f3ff053bc76d93],

Trojan.Agent, C:\Users\Anthony\AppData\Local\Temp\PHQGHUm.tmp\CEONWLyANyu1PN.exe, Quarantined, [28ea4ad00b7f86b0b33255afd32f8080],

PUP.Optional.CrossRider.A, C:\Users\Anthony\AppData\Local\Temp\Install_32509\ins_geforce.exe, Quarantined, [868c7f9b6426270f825a10d644bd649c],

PUP.Optional.CrossRider.A, C:\Users\Anthony\AppData\Local\Temp\Install_32509\ins_sense.exe, Quarantined, [16fcf02aa2e82b0b8b5108de21e035cb],

PUP.Optional.MultiPlug.A, C:\Users\Anthony\AppData\Local\Temp\Fb9fE1f7C9A\temp\hpds_setup.exe, Quarantined, [16fcd34702889a9c1c7a9d92ab571de3],

Trojan.Agent, C:\Users\Anthony\AppData\Local\Temp\PHQGHUme.tmp\CEONWLyANyu1PN.exe, Quarantined, [af634ccecbbff5419d4808fcfc06e020],

Trojan.Agent, C:\Users\Anthony\AppData\Local\Temp\PHQGHUmea.tmp\CEONWLyANyu1PN.exe, Quarantined, [ec261604dbaf979f737213f12cd6c43c],

Trojan.Agent, C:\Users\Anthony\AppData\Local\Temp\PHQGHUmeay.tmp\CEONWLyANyu1PN.exe, Quarantined, [ca4866b4cebc4ee8d411cb390bf7bb45],

Trojan.Agent, C:\Users\Anthony\AppData\Local\Temp\PHQGHUmeayl.tmp\CEONWLyANyu1PN.exe, Quarantined, [b35fdb3f1a703303667fbd4717eb31cf],

Trojan.Agent, C:\Users\Anthony\AppData\Local\Temp\PHQGHUmeayln.tmp\CEONWLyANyu1PN.exe, Quarantined, [9181c65425652f0792539e6637cb14ec],

Trojan.Agent, C:\Users\Anthony\AppData\Local\Temp\PHQGHUmeaylnl.tmp\CEONWLyANyu1PN.exe, Quarantined, [49c9a872b9d154e253925aaa05fd52ae],

Trojan.Agent, C:\Users\Anthony\AppData\Local\Temp\PHQGHUmeaylnlf.tmp\CEONWLyANyu1PN.exe, Quarantined, [dd3546d4711936009253986cbb47a35d],

Trojan.Agent, C:\Users\Anthony\AppData\Local\Temp\PHQGHUmeaylnlfd.tmp\CEONWLyANyu1PN.exe, Quarantined, [5eb46cae494169cd5095a0646d95d927],

PUP.Optional.WeCan.A, C:\Users\Anthony\Downloads\PDFCreatorInstaller.exe, Quarantined, [60b278a27d0db680998c7b2659ace818],

PUP.Optional.Bundle, C:\Users\Anthony\Downloads\Extractor__8680_i1442734096_il58.exe, Quarantined, [8a8851c90c7e46f09cf4eb20ad557e82],

PUP.Optional.InstallCore.A, C:\Users\Anthony\Downloads\FlvPlayerSetup (1).exe, Quarantined, [53bfc7531d6d0c2adb23937e5da5c937],

PUP.Optional.LiveSoftAction, C:\Users\Anthony\Downloads\Angry Birds Space provided through Ads Med Network CPA (1).exe, Quarantined, [dc36b169e3a706304b45c4233bca59a7],

PUP.Optional.LiveSoftAction, C:\Users\Anthony\Downloads\Angry Birds Halloween provided through Ads Med Network CPA (1).exe, Quarantined, [2fe3ee2c7b0fcf675a361dca24e146ba],

PUP.Optional.LiveSoftAction, C:\Users\Anthony\Downloads\Angry Birds Halloween provided through Ads Med Network CPA (2).exe, Quarantined, [f9199c7e3a5006305d33b92e37ce58a8],

PUP.Optional.LiveSoftAction, C:\Users\Anthony\Downloads\Angry Birds Halloween provided through Ads Med Network CPA.exe, Quarantined, [a072a6749af0be787917826533d204fc],

PUP.Optional.OutBrowse.gen, C:\Users\Anthony\Downloads\setup (2).exe, Quarantined, [0d050416cebc2b0b673aee26b052c63a],

PUP.Optional.OptimumInstaller.A, C:\Users\Anthony\Downloads\Setup.exe, Quarantined, [c74b81990f7b9e98d8e8027113eed828],

PUP.Optional.WeCan.A, C:\Users\Anthony\Downloads\MediaPlayerClassicInstaller.exe, Quarantined, [15fd4ccef496bb7b39ec049db25343bd],

PUP.Optional.ClientConnect, C:\Users\Anthony\Downloads\Minecraft_TSV64PDT7.exe, Quarantined, [a66cd2488604f3432ce4115322de738d],

PUP.Optional.OutBrowse, C:\Users\Anthony\Downloads\Installation.exe, Quarantined, [c250d9412f5b2d09077cc939649e10f0],

PUP.Optional.Bundle, C:\Users\Anthony\Downloads\IOS Soft Dev Pack Downloader__3687_i1442721260_il1328663.exe, Quarantined, [51c18496206a171feea253b87e84b050],

Trojan.Agent.FSAVXGen, C:\Users\Anthony\Downloads\video.hd_72192.zip, Quarantined, [070bc2588dfd51e50730cdd2b64b7d83],

PUP.Optional.WeCan.A, C:\Users\Anthony\Downloads\GimpInstaller (1).exe, Quarantined, [8d850b0f9eecb2848f96b8e94fb6916f],

PUP.Optional.WeCan.A, C:\Users\Anthony\Downloads\GimpInstaller.exe, Quarantined, [ff13e7330d7dfd3901241b869e67d828],

PUP.Optional.OutBrowse, C:\Users\Anthony\Downloads\Hack Tool.exe, Quarantined, [d0423ae0c5c52f07d31b8883877be719],

PUP.Optional.Amonetize, C:\Users\Anthony\Downloads\ICLOUD ACTIVATION BYPASS Downloader__3687_i1425241658_il444257.exe, Quarantined, [dd35ff1b8cfec373b1bc8978ed1529d7],

PUP.Optional.Amonetize, C:\Users\Anthony\Downloads\ICLOUD ACTIVATION BYPASS Downloader__3687_i1425241762_il444309.exe, Quarantined, [b260c2586723e551b1bc27da847e25db],

PUP.Optional.LiveSoftAction, C:\Users\Anthony\Downloads\Angry Birds Space provided through Ads Med Network CPA.exe, Quarantined, [c74b36e4d9b1ce68e9a7f4f3c83dee12],

PUP.Optional.DownloadAssistant, C:\Users\Anthony\Downloads\wrar511.exe, Quarantined, [e929c7530585f244612313dba958619f],

PUP.Optional.WeCan.A, C:\Users\Anthony\Downloads\XvidInstaller.exe, Quarantined, [e62c39e1f397d5611b0a49585aab51af],

PUP.Optional.Yappyz.A, C:\Users\Anthony\AppData\Local\YappyzUninstall\YappyzUninstall.exe, Quarantined, [6aa8a67423677db98656b843a45d748c],

PUP.Optional.TheSearchPage.A, C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.thesearchpage.info_0.localstorage, Quarantined, [d83a9585a7e33303c194760ff31034cc],

PUP.Optional.TheSearchPage.A, C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.thesearchpage.info_0.localstorage-journal, Quarantined, [9f73f129e1a91a1cbe976124df24be42],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.292130\GoogleCrashHandler.exe, Quarantined, [759d27f3028890a63a47c4a20cf7916f],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.292130\GoogleUpdate.exe, Quarantined, [759d27f3028890a63a47c4a20cf7916f],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.292130\GoogleUpdateBroker.exe, Quarantined, [759d27f3028890a63a47c4a20cf7916f],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.292130\GoogleUpdateHelper.msi, Quarantined, [759d27f3028890a63a47c4a20cf7916f],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.292130\GoogleUpdateOnDemand.exe, Quarantined, [759d27f3028890a63a47c4a20cf7916f],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.292130\goopdate.dll, Quarantined, [759d27f3028890a63a47c4a20cf7916f],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.292130\goopdateres_en.dll, Quarantined, [759d27f3028890a63a47c4a20cf7916f],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.292130\npGoogleUpdate4.dll, Quarantined, [759d27f3028890a63a47c4a20cf7916f],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.292130\psmachine.dll, Quarantined, [759d27f3028890a63a47c4a20cf7916f],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.292130\psuser.dll, Quarantined, [759d27f3028890a63a47c4a20cf7916f],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.45174\GoogleCrashHandler.exe, Quarantined, [8e84e337305a66d0344d5c0a31d2b24e],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.45174\GoogleUpdate.exe, Quarantined, [8e84e337305a66d0344d5c0a31d2b24e],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.45174\GoogleUpdateBroker.exe, Quarantined, [8e84e337305a66d0344d5c0a31d2b24e],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.45174\GoogleUpdateHelper.msi, Quarantined, [8e84e337305a66d0344d5c0a31d2b24e],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.45174\GoogleUpdateOnDemand.exe, Quarantined, [8e84e337305a66d0344d5c0a31d2b24e],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.45174\goopdate.dll, Quarantined, [8e84e337305a66d0344d5c0a31d2b24e],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.45174\goopdateres_en.dll, Quarantined, [8e84e337305a66d0344d5c0a31d2b24e],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.45174\npGoogleUpdate4.dll, Quarantined, [8e84e337305a66d0344d5c0a31d2b24e],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.45174\psmachine.dll, Quarantined, [8e84e337305a66d0344d5c0a31d2b24e],

PUP.Optional.GlobalUpdate.A, C:\Users\Anthony\AppData\Local\Temp\comh.45174\psuser.dll, Quarantined, [8e84e337305a66d0344d5c0a31d2b24e],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)



#12 Alcaseltzer

Alcaseltzer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 12 February 2015 - 08:48 AM

Just redoing the JRT scan... Im not to sure why I am able to copy and paste all the logs except for the AdwCleaner



#13 Alcaseltzer

Alcaseltzer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 12 February 2015 - 12:55 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Anthony on Thu 02/12/2015 at  8:47:50.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/12/2015 at  8:55:44.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:12 PM

Posted 12 February 2015 - 01:28 PM

Then attach the Adwarecleaner log. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Alcaseltzer

Alcaseltzer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 13 February 2015 - 01:48 PM

Here you go good sir

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users