Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various programs/adware re-installing periodically


  • Please log in to reply
5 replies to this topic

#1 Kitty-Nin

Kitty-Nin

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 22 April 2015 - 08:52 AM

I was working with boopme on this issue at this thread here. 

 

Here are my FRST Logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by Alex (administrator) on SEASHELL on 22-04-2015 09:45:20
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available profiles: Alex & Guest)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
() C:\Windows\System32\AsusService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corporation) C:\Program Files\Windows Network Accelerater\v5\winvxm.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
() C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\jnsuD229.tmp
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
() C:\Program Files\Asus\Eee Docking\Eee Docking.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(ASUS) C:\Program Files\Asus\CapsHook\CapsHook.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Dropbox, Inc.) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Ipswitch) C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
() C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\nso55A1.tmp
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1086888 2010-11-22] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] => C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] ()
HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe [689488 2010-06-07] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [116008 2010-03-19] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [191304 2011-01-13] ()
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-02-15] (ASUSTek Computer Inc.)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [ASUSWebStorage] => C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM\...\Run: [gmsd_us_458] => [X]
HKLM\...\RunOnce: [Update] => C:\Users\Alex\AppData\Roaming\ASPackage\ASPackage.exe /runonce
Winlogon\Notify\igfxcui: C:\windows\SYSTEM32\igfxdev.dll [2011-04-11] (Intel Corporation)
HKU\S-1-5-21-3254657708-2287284384-4047303455-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Alex\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 3cb5279cb1ef47d39a1d2524425307cf-1d5e5059c0a9d8438fd2dfc825036989dbabcfef --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters).
HKU\S-1-5-21-3254657708-2287284384-4047303455-1000\...\Run: [GoogleChromeAutoLaunch_AD2529C7DB5B63D28C23362385276129] => C:\Program Files\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3254657708-2287284384-4047303455-1000\...\MountPoints2: {2190503b-cc61-11e2-8016-f46d04b7ee3c} - F:\WIN\setup.exe -ap
HKU\S-1-5-21-3254657708-2287284384-4047303455-1000\...\MountPoints2: {cccd7a2c-72ec-11e1-bbc0-f46d04b7ee3c} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3254657708-2287284384-4047303455-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2014-06-25]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll [2010-09-02] ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll [2010-09-02] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3254657708-2287284384-4047303455-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-3254657708-2287284384-4047303455-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
HKU\S-1-5-21-3254657708-2287284384-4047303455-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://asus.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000 -> {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20110921&iesrc={referrer:source}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff32.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-09-21] (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-21] (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-09-21] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{C9E18F1F-A761-454C-9F97-E38D2BBB6950}: [NameServer] 172.26.38.1 172.26.38.2
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32.dll [2012-03-16] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
 
Chrome: 
=======
CHR HomePage: Profile 2 -> hxxp://www.trovi.com/?gd=&ctid=CT3334623&octid=EB_ORIGINAL_CTID&ISID=M91D92E56-C28E-4812-8A3F-0D8EB9B3CC96&SearchSource=55&CUI=&UM=8&UP=SP372C355F-2686-4C05-8EDD-9AD59320A413&D=032815&SSPV=
CHR DefaultSuggestURL: Profile 2 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-02-19]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-21]
CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-19]
CHR Extension: (¡ÅççéñţšPłüş!) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\godmhnikpeldmnmbflampdenbkbcnnml [2014-08-05]
CHR Extension: (Dictionary Instant) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngaklbjlbjhmoilkegninbmpfigheol [2014-02-11]
CHR Extension: (Disconnect) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-03-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Into The Mist) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2014-02-19]
CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Hover Zoom) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-02-19]
CHR Extension: (Thesaurus) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pddaeeclcbikcegjhhgocgkakehngcem [2014-02-11]
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Easy Auto Refresh) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2015-03-25]
CHR Extension: (Google Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-25]
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-25]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-25]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-25]
CHR Extension: (uBlock Origin) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-04-16]
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-25]
CHR Extension: (BetaFish Adblocker) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-27]
CHR Extension: (Bookmark Manager) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Dictionary Instant) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hngaklbjlbjhmoilkegninbmpfigheol [2015-03-25]
CHR Extension: (Disconnect) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-03-25]
CHR Extension: (The Great Suspender) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Into The Mist) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2015-03-31]
CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-25]
CHR Extension: (Hover Zoom) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-03-27]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-25]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-09-21]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () [File not signed]
S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 rewudily; C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\nso55A1.tmp [237568 2015-04-22] () [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WindowsVNT_R5; C:\Program Files\Windows Network Accelerater\v5\winvxm.exe [2976880 2015-03-24] (Microsoft Corporation) [File not signed]
R2 xuhejygu; C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\jnsuD229.tmp [131584 2015-03-23] () [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11520 2010-03-30] ()
R1 ElbyCDIO; C:\windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 ETD; C:\windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
S3 hamachi; C:\windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 swg3kser00; C:\windows\System32\DRIVERS\swg3kser00.sys [215552 2011-05-13] (Sierra Wireless Incorporated)
S3 swiwdmbus; C:\windows\System32\DRIVERS\swiwdmbus.sys [78720 2010-08-09] (Sierra Wireless Inc.) [File not signed]
S3 swiwdmbx; C:\windows\System32\DRIVERS\swiwdmbx.sys [83968 2011-05-16] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\windows\System32\DRIVERS\swnc8ua3.sys [237568 2011-05-28] (Sierra Wireless Inc.)
S3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 btwampfl; system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [X]
R1 cherimoya; system32\drivers\cherimoya.sys [X]
S1 gfilterdrv; system32\drivers\gfilterdrv.sys [X]
S3 lgccm; system32\DRIVERS\lgccmx32.sys [X]
S3 lgwnusbbus; system32\DRIVERS\lgwnusbbus.sys [X]
S3 lgwnusbmodem; system32\DRIVERS\lgwnusbmodem.sys [X]
S3 lgwnusbndis; system32\DRIVERS\lgwnusbndis62.sys [X]
S3 lgwnusbser01; system32\DRIVERS\lgwnusbser01.sys [X]
S3 lgwnusbser02; system32\DRIVERS\lgwnusbser02.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 PSMNBUS; system32\DRIVERS\PSMNBUS.sys [X]
S3 PSMNMDM; system32\DRIVERS\PSMNMDM.sys [X]
S3 PSMNMDMVSP; system32\DRIVERS\PSMNMDMVSP.sys [X]
S3 PSMNMSMVSP; system32\DRIVERS\PSMNMSMVSP.sys [X]
S3 PSMNNET61; system32\DRIVERS\PSMNNET61.sys [X]
S3 PSMNRMNET; system32\DRIVERS\PSMNRMNET.sys [X]
S2 SCWFPFilter; system32\DRIVERS\WFPFilter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-22 09:45 - 2015-04-22 09:46 - 00023284 _____ () C:\Users\Alex\Desktop\FRST.txt
2015-04-22 09:45 - 2015-04-22 09:45 - 00000000 ____D () C:\FRST
2015-04-22 09:44 - 2015-04-22 09:44 - 01139200 _____ (Farbar) C:\Users\Alex\Desktop\FRST.exe
2015-04-18 11:57 - 2015-04-18 12:02 - 00000000 ____D () C:\Program Files\globalUpdate
2015-04-18 11:57 - 2015-04-18 11:57 - 00000000 ____D () C:\Users\Alex\AppData\Local\globalUpdate
2015-04-18 11:57 - 2015-04-18 11:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Crossbrowse
2015-04-18 11:56 - 2015-04-18 11:58 - 00000000 ____D () C:\Users\Alex\AppData\Local\SmartWeb
2015-04-18 11:17 - 2015-04-18 11:17 - 00000000 ____D () C:\ProgramData\bdc331d9000009bb
2015-04-18 11:10 - 2015-04-18 11:15 - 00000000 ____D () C:\Users\Alex\AppData\Local\ZombieNews
2015-04-18 10:40 - 2015-04-18 10:40 - 00000000 ____D () C:\ProgramData\{3286d1b1-8088-a88c-3286-6d1b180846c6}
2015-04-18 10:37 - 2015-04-18 11:23 - 00000000 ____D () C:\ProgramData\iwGkwRGg
2015-04-18 10:31 - 2015-04-18 11:11 - 00000000 ____D () C:\Program Files\SearchProtect
2015-04-17 19:16 - 2015-04-17 19:16 - 00002818 _____ () C:\Users\Alex\.recently-used.xbel
2015-04-15 14:34 - 2015-04-15 14:34 - 00049857 _____ () C:\Users\Alex\Documents\2014 PA-40 Tax Return.html
2015-04-15 14:34 - 2015-04-15 14:34 - 00000000 ____D () C:\Users\Alex\Documents\2014 PA-40 Tax Return_files
2015-04-13 13:13 - 2015-04-16 09:13 - 00008704 _____ () C:\windows\system32\CCLOff.ini
2015-04-13 13:13 - 2015-04-13 13:14 - 00000000 ____D () C:\Users\Alex\Documents\MaxComputerCleaner
2015-04-13 13:13 - 2015-04-13 13:13 - 00000000 ____D () C:\Users\Alex\AppData\Local\Max_Computer_Cleaner
2015-04-13 13:13 - 2015-04-07 11:43 - 00341696 _____ (CC Corporation) C:\windows\system32\CCL.dll
2015-04-11 11:06 - 2015-04-11 15:09 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\CDisplayEx
2015-04-11 11:06 - 2015-04-11 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2015-04-11 11:06 - 2015-04-11 11:06 - 00000000 ____D () C:\Program Files\CDisplayEx
2015-04-10 21:05 - 2015-04-10 21:05 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\qBittorrent
2015-04-10 21:05 - 2015-04-10 21:05 - 00000000 ____D () C:\Users\Alex\AppData\Local\qBittorrent
2015-04-05 13:22 - 2015-04-05 13:22 - 00000000 ____D () C:\ProgramData\ded7dae000006293
2015-04-05 13:21 - 2015-04-14 08:38 - 00000000 ____D () C:\ProgramData\{c174582d-c98f-cd74-c174-4582dc9860b7}
2015-04-05 12:38 - 2015-04-05 12:38 - 00000000 ____D () C:\ProgramData\9f1f71e00000134d
2015-04-05 12:36 - 2015-04-05 12:36 - 00000000 ____D () C:\Program Files\predm
2015-04-04 13:25 - 2015-04-04 13:25 - 00000000 ____D () C:\Users\Alex\Documents\Optimizer Pro
2015-04-04 13:20 - 2015-04-05 12:40 - 00000000 ____D () C:\ProgramData\{f8c8db68-e377-394a-f8c8-8db68e376da3}
2015-04-04 13:19 - 2015-04-04 13:19 - 00000000 ____D () C:\ProgramData\{80cfb9ca-c07c-bab3-80cf-fb9cac07e72b}
2015-04-04 13:17 - 2015-04-04 13:17 - 00613255 _____ (CMI Limited) C:\Users\Alex\AppData\Local\nsa624D.tmp
2015-04-04 13:07 - 2015-04-18 11:56 - 00000045 _____ () C:\user.js
2015-04-02 16:44 - 2015-04-02 16:44 - 00000000 ____D () C:\Program Files\ESET
2015-04-02 16:35 - 2015-04-02 16:35 - 00000207 _____ () C:\windows\tweaking.com-regbackup-SEASHELL-Windows-7-Starter-(32-bit).dat
2015-04-02 16:34 - 2015-04-02 16:34 - 00000000 ____D () C:\RegBackup
2015-04-01 17:57 - 2015-04-01 17:59 - 00000000 ____D () C:\Users\Alex\Documents\Fax
2015-03-30 11:50 - 2015-03-30 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-03-30 11:50 - 2015-03-30 11:50 - 00000000 ____D () C:\Program Files\qBittorrent
2015-03-29 15:43 - 2015-04-05 12:37 - 00000000 ____D () C:\ProgramData\NetEngine
2015-03-28 19:51 - 2015-01-08 19:44 - 00419936 _____ () C:\windows\system32\locale.nls
2015-03-28 19:16 - 2015-03-28 19:46 - 00400866 _____ () C:\windows\msxml4-KB2758694-enu.LOG
2015-03-28 18:14 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2015-03-28 18:14 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2015-03-28 18:14 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2015-03-28 18:14 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2015-03-28 16:59 - 2015-03-28 16:59 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-28 16:59 - 2015-03-28 16:59 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 19720192 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 12827648 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 04300288 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-28 16:58 - 2015-03-28 16:58 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-28 16:58 - 2015-03-28 16:58 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-28 16:58 - 2015-03-28 16:58 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2015-03-28 16:58 - 2015-03-28 16:58 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00342696 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-03-28 16:58 - 2015-03-28 16:58 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00233472 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00208384 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2015-03-28 16:58 - 2015-03-28 16:58 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2015-03-28 16:58 - 2015-03-28 16:58 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-28 16:58 - 2015-03-28 16:58 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-28 16:58 - 2015-03-28 16:58 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2015-03-28 16:58 - 2015-03-28 16:58 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-03-28 16:58 - 2015-03-28 16:58 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2015-03-28 16:58 - 2015-03-28 16:58 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2015-03-28 16:58 - 2015-03-28 16:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-03-28 16:58 - 2015-03-28 16:58 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-03-28 16:58 - 2015-03-28 16:58 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-28 16:57 - 2015-03-28 16:57 - 01289096 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-03-28 16:57 - 2015-03-28 16:57 - 00640512 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-03-28 16:57 - 2015-03-28 16:57 - 00619520 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-03-28 16:57 - 2015-03-28 16:57 - 00231424 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2015-03-28 16:56 - 2015-03-28 16:56 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2015-03-28 16:55 - 2015-03-28 16:55 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 02284544 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 01988096 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 01158144 _____ (Microsoft Corporation) C:\windows\system32\XpsPrint.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 01080832 _____ (Microsoft Corporation) C:\windows\system32\d3d10.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00906240 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00604160 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\dxgi.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1core.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\d3d10core.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecsExt.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00187392 _____ (Microsoft Corporation) C:\windows\system32\UIAnimation.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00161792 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00010752 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00009728 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00005632 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00005632 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-03-28 16:55 - 2015-03-28 16:55 - 00002560 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-03-28 16:51 - 2015-03-28 17:03 - 00011857 _____ () C:\windows\IE11_main.log
2015-03-28 16:36 - 2013-10-11 22:03 - 00656896 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-03-28 16:36 - 2013-10-11 22:01 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-03-28 16:36 - 2013-10-11 22:01 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2015-03-28 16:36 - 2013-10-03 21:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2015-03-28 16:36 - 2013-10-03 21:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2015-03-28 16:36 - 2013-08-27 20:57 - 00434688 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2015-03-28 16:36 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2015-03-28 16:36 - 2013-06-25 18:56 - 00527064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2015-03-28 16:36 - 2013-05-12 23:08 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2015-03-28 16:36 - 2013-05-12 23:08 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2015-03-28 16:36 - 2013-05-09 23:20 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2015-03-28 16:36 - 2012-11-28 18:57 - 00047720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2015-03-28 16:36 - 2012-11-28 18:57 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Wdfres.dll
2015-03-28 16:36 - 2012-11-28 18:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-03-28 16:35 - 2014-03-04 05:17 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-03-28 16:35 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-03-28 16:35 - 2013-08-01 21:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-03-28 16:35 - 2013-08-01 21:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 20:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-03-28 16:35 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-03-28 16:35 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-03-28 16:33 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2015-03-28 16:33 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-03-28 16:33 - 2014-07-16 21:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2015-03-28 16:33 - 2014-07-16 21:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2015-03-28 16:33 - 2014-07-16 21:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2015-03-28 16:33 - 2014-07-16 21:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2015-03-28 16:33 - 2013-02-14 23:25 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-03-28 16:33 - 2012-04-26 00:45 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\rdpwsx.dll
2015-03-28 16:33 - 2012-04-26 00:41 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\rdrmemptylst.exe
2015-03-28 16:31 - 2015-03-06 01:15 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-28 16:31 - 2015-03-06 01:15 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-28 16:31 - 2015-03-06 01:10 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-28 16:31 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-28 16:31 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-28 16:31 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-28 16:31 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-28 16:31 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-28 16:31 - 2015-03-06 01:10 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-28 16:31 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-28 16:31 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-28 16:31 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-28 16:31 - 2015-03-06 01:10 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-28 16:31 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-28 16:31 - 2015-03-06 01:09 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-28 16:31 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-28 16:31 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-28 16:31 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-28 16:31 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2015-03-28 16:29 - 2014-11-07 22:45 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-03-28 16:29 - 2014-06-03 05:30 - 00101824 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-03-28 16:29 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-03-28 16:29 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-03-28 16:29 - 2012-10-03 12:42 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
2015-03-28 16:29 - 2012-10-03 12:40 - 00499712 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2015-03-28 16:29 - 2012-10-03 11:21 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2015-03-28 16:29 - 2012-08-21 16:12 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe
2015-03-28 16:28 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-28 16:28 - 2014-10-13 21:50 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-03-28 16:28 - 2014-10-03 21:42 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-03-28 16:28 - 2014-10-03 21:42 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-03-28 16:28 - 2014-02-03 22:07 - 00234432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2015-03-28 16:28 - 2014-02-03 22:07 - 00149440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2015-03-28 16:28 - 2014-02-03 22:07 - 00027072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2015-03-28 16:28 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2015-03-28 16:28 - 2012-10-03 12:42 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll
2015-03-28 16:27 - 2015-02-25 23:11 - 02381312 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-28 16:27 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-28 16:27 - 2014-12-18 22:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-03-28 16:27 - 2014-12-11 13:47 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-03-28 16:27 - 2014-10-24 21:32 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2015-03-28 16:27 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2015-03-28 16:27 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-03-28 16:27 - 2014-08-21 02:26 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-03-28 16:27 - 2014-08-21 02:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-03-28 16:27 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2015-03-28 16:27 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2015-03-28 16:27 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2015-03-28 16:27 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2015-03-28 16:27 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2015-03-28 16:27 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-03-28 16:27 - 2014-04-04 22:25 - 01294272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2015-03-28 16:27 - 2014-04-04 22:24 - 00187840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2015-03-28 16:27 - 2014-01-27 22:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2015-03-28 16:27 - 2014-01-23 22:18 - 01212352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2015-03-28 16:27 - 2013-11-26 07:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2015-03-28 16:27 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-03-28 16:27 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-03-28 16:27 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-03-28 16:27 - 2012-07-04 17:16 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\netapi32.dll
2015-03-28 16:27 - 2012-07-04 17:14 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\browser.dll
2015-03-28 16:27 - 2012-07-04 17:14 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\browcli.dll
2015-03-28 16:27 - 2012-06-06 01:03 - 00805376 _____ (Microsoft Corporation) C:\windows\system32\cdosys.dll
2015-03-28 16:26 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-28 16:26 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-28 16:26 - 2015-02-20 00:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-28 16:26 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-28 16:26 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-28 16:26 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-03-28 16:26 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-28 16:26 - 2015-02-02 23:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-28 16:26 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-28 16:26 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-28 16:26 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-28 16:26 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-28 16:26 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-28 16:26 - 2015-02-02 23:11 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-28 16:26 - 2015-02-02 23:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-28 16:26 - 2015-02-02 23:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-28 16:26 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-28 16:26 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-28 16:26 - 2015-02-02 23:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-28 16:26 - 2015-02-02 23:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-28 16:26 - 2015-02-02 23:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-28 16:26 - 2015-02-02 23:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-28 16:26 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-28 16:26 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-28 16:26 - 2015-02-02 23:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-28 16:26 - 2015-02-02 22:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-28 16:26 - 2015-01-30 19:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-28 16:26 - 2014-12-05 23:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-03-28 16:26 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-03-28 16:26 - 2014-10-31 18:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-28 16:26 - 2014-10-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2015-03-28 16:26 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-28 16:26 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-28 16:26 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2015-03-28 16:26 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2015-03-28 16:26 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2015-03-28 16:26 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2015-03-28 16:26 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2015-03-28 16:26 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2015-03-28 16:26 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2015-03-28 16:26 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2015-03-28 16:26 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2015-03-28 16:26 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2015-03-28 16:26 - 2013-11-26 21:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2015-03-28 16:26 - 2013-11-26 21:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2015-03-28 16:26 - 2013-11-26 21:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2015-03-28 16:26 - 2013-11-26 21:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2015-03-28 16:26 - 2013-11-26 21:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2015-03-28 16:26 - 2013-11-26 21:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2015-03-28 16:26 - 2013-08-04 21:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2015-03-28 16:26 - 2013-07-12 06:08 - 00146816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2015-03-28 16:26 - 2013-07-12 06:07 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2015-03-28 16:26 - 2012-10-03 12:42 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-03-28 16:26 - 2012-10-03 12:42 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-03-28 16:26 - 2012-09-25 18:47 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\synceng.dll
2015-03-28 16:25 - 2014-10-13 21:50 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2015-03-28 16:02 - 2014-12-18 21:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-03-28 16:02 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-03-28 16:02 - 2012-12-07 08:26 - 00308736 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
2015-03-28 16:02 - 2012-12-07 08:20 - 02576384 _____ (Microsoft Corporation) C:\windows\system32\gameux.dll
2015-03-28 16:02 - 2012-12-07 06:46 - 00055296 _____ (Microsoft) C:\windows\system32\cero.rs
2015-03-28 16:02 - 2012-12-07 06:46 - 00051712 _____ (Microsoft) C:\windows\system32\esrb.rs
2015-03-28 16:02 - 2012-12-07 06:46 - 00046592 _____ (Microsoft) C:\windows\system32\fpb.rs
2015-03-28 16:02 - 2012-12-07 06:46 - 00045568 _____ (Microsoft) C:\windows\system32\oflc-nz.rs
2015-03-28 16:02 - 2012-12-07 06:46 - 00044544 _____ (Microsoft) C:\windows\system32\pegibbfc.rs
2015-03-28 16:02 - 2012-12-07 06:46 - 00043520 _____ (Microsoft) C:\windows\system32\csrr.rs
2015-03-28 16:02 - 2012-12-07 06:46 - 00040960 _____ (Microsoft) C:\windows\system32\cob-au.rs
2015-03-28 16:02 - 2012-12-07 06:46 - 00030720 _____ (Microsoft) C:\windows\system32\usk.rs
2015-03-28 16:02 - 2012-12-07 06:46 - 00023552 _____ (Microsoft) C:\windows\system32\oflc.rs
2015-03-28 16:02 - 2012-12-07 06:46 - 00021504 _____ (Microsoft) C:\windows\system32\grb.rs
2015-03-28 16:02 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-pt.rs
2015-03-28 16:02 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-fi.rs
2015-03-28 16:02 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\windows\system32\pegi.rs
2015-03-28 16:02 - 2012-12-07 06:46 - 00015360 _____ (Microsoft) C:\windows\system32\djctq.rs
2015-03-28 16:01 - 2014-10-02 21:45 - 01177088 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-03-28 16:01 - 2014-10-02 21:45 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2015-03-28 16:01 - 2014-10-02 21:45 - 00214016 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-03-28 16:01 - 2014-10-02 21:45 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2015-03-28 16:01 - 2014-10-02 21:44 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2015-03-28 16:01 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2015-03-28 16:01 - 2012-10-09 13:40 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2015-03-28 16:01 - 2012-10-09 13:40 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2015-03-28 13:34 - 2015-03-28 13:34 - 00000000 ____D () C:\windows\system32\Flash
2015-03-27 19:49 - 2015-04-05 12:41 - 00000000 ____D () C:\ProgramData\7ab3a0c00002a75
2015-03-27 19:14 - 2015-03-27 19:14 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\20425664-1427498044-5557-1232-F46D04B7EE3C
2015-03-27 12:03 - 2015-04-04 12:22 - 00000000 ____D () C:\AdwCleaner
2015-03-27 11:56 - 2015-03-27 11:56 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-27 10:52 - 2015-03-27 10:52 - 00000004 _____ () C:\windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-03-27 09:52 - 2015-04-22 09:33 - 00001334 _____ () C:\windows\Tasks\SNRQKC.job
2015-03-26 15:14 - 2015-03-26 15:14 - 00005542 _____ () C:\Users\Alex\AppData\Roaming\SNRQKC
2015-03-23 18:54 - 2015-03-30 11:47 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-03-23 18:54 - 2015-03-24 20:20 - 00000000 ____D () C:\Program Files\Windows Network Accelerater
2015-03-23 12:39 - 2015-03-23 12:39 - 00000000 ____D () C:\Users\Alex\Documents\DreamVideoSoft
2015-03-23 12:38 - 2015-03-23 18:54 - 00000000 ____D () C:\ProgramData\Optimizer
2015-03-23 01:18 - 2015-04-02 21:16 - 00000000 ____D () C:\Users\Alex\AppData\Local\20425664-1427073534-5557-1232-F46D04B7EE3C
2015-03-23 01:14 - 2015-04-22 09:33 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-22 09:34 - 2014-07-10 19:27 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 09:32 - 2011-09-14 12:54 - 01582194 _____ () C:\windows\WindowsUpdate.log
2015-04-20 11:50 - 2014-07-10 19:27 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 15:48 - 2011-10-10 20:05 - 00000000 ____D () C:\Users\Alex\Desktop\Do bleep
2015-04-19 15:48 - 2011-09-13 21:02 - 00000000 ____D () C:\Users\Alex
2015-04-18 11:46 - 2009-07-27 06:11 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-18 11:31 - 2009-07-14 00:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-18 11:31 - 2009-07-14 00:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-18 11:26 - 2014-07-02 00:05 - 00000000 ___RD () C:\Users\Alex\Dropbox
2015-04-18 11:26 - 2011-10-24 03:05 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Dropbox
2015-04-18 11:24 - 2009-07-14 00:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-18 11:23 - 2011-09-21 19:10 - 00483426 _____ () C:\windows\PFRO.log
2015-04-18 11:23 - 2009-07-14 00:39 - 00123168 _____ () C:\windows\setupact.log
2015-04-18 10:35 - 2014-07-10 18:35 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-17 19:16 - 2013-02-25 05:22 - 00000000 ____D () C:\Users\Alex\.gimp-2.6
2015-04-17 19:16 - 2011-12-12 06:25 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\gtk-2.0
2015-04-17 19:13 - 2013-02-25 05:27 - 00000000 ____D () C:\Users\Alex\.thumbnails
2015-04-17 09:58 - 2011-02-15 18:35 - 00000000 ____D () C:\windows\PCHEALTH
2015-04-14 08:42 - 2014-07-02 00:04 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-13 23:27 - 2014-04-04 19:14 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Jarte
2015-04-12 13:41 - 2009-07-14 00:52 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-04-02 21:16 - 2015-01-25 17:11 - 00000000 ____D () C:\ProgramData\07ef66f0e2664a29a2d1d971bbd8e35b
2015-03-31 22:44 - 2011-09-13 21:02 - 00076976 _____ () C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-30 15:52 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\rescache
2015-03-30 13:55 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-03-30 11:34 - 2009-07-14 00:33 - 00315856 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-30 11:21 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\zh-TW
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\zh-HK
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\zh-CN
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\tr-TR
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\sv-SE
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\ru-RU
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\pt-PT
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\pt-BR
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\pl-PL
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\nl-NL
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\nb-NO
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\ko-KR
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\ja-JP
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\it-IT
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\hu-HU
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\fr-FR
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\fi-FI
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\el-GR
2015-03-30 11:21 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-03-28 09:55 - 2011-09-21 20:35 - 00000000 ____D () C:\Users\Alex\AppData\Local\uTorrent
2015-03-27 09:52 - 2014-07-10 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-25 21:40 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\Cursors
 
==================== Files in the root of some directories =======
 
2014-07-01 08:46 - 2014-07-01 08:47 - 0001130 _____ () C:\Users\Alex\AppData\Roaming\ACInitialize.log
2013-07-23 13:00 - 2013-07-23 13:00 - 0000838 _____ () C:\Users\Alex\AppData\Roaming\Roaming - Shortcut.lnk
2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\Alex\AppData\Roaming\SNRQKC
2011-11-16 00:28 - 2012-02-07 03:21 - 0004608 _____ () C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-04 13:17 - 2015-04-04 13:17 - 0613255 _____ (CMI Limited) C:\Users\Alex\AppData\Local\nsa624D.tmp
2011-02-15 18:30 - 2010-03-02 19:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
 
Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\559.exe
C:\Users\Alex\AppData\Local\Temp\6162.exe
C:\Users\Alex\AppData\Local\Temp\9814.exe
C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprhylfc.dll
C:\Users\Alex\AppData\Local\Temp\optprosetup.exe
C:\Users\Alex\AppData\Local\Temp\SpOrder.dll
C:\Users\Alex\AppData\Local\Temp\supoptsetup.exe
C:\Users\Alex\AppData\Local\Temp\Uninstall.exe
C:\Users\Alex\AppData\Local\Temp\UninstallModule.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 09:57
 
==================== End Of Log ============================
 
 
 
And here is the Additional Log:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-04-2015
Ran by Alex at 2015-04-22 09:47:34
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Titanium (Disabled - Up to date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
AS: Trend Micro Titanium (Disabled - Up to date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 1.1.0 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScreensaver (HKLM\...\{99E77016-BCF2-48C8-9119-43ECF5815F65}) (Version: 1.04 - AsusTek Computer Inc.)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.04.01 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
AxCrypt 1.7.2687.0 (HKLM\...\{9ED9D728-9D4A-46D8-AF73-264CB0090AEA}) (Version: 1.7.2687.0 - Axantum Software AB)
Broadcom Wireless Network Adapter (HKLM\...\{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}) (Version: 1.00.0000 - AzureWave)
calibre (HKLM\...\{8FAFEF8C-295D-4D71-95FC-91D9B7D75F3E}) (Version: 2.13.0 - Kovid Goyal)
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.7 - AsusTek Computer)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Complément Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3254657708-2287284384-4047303455-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.3.0 - AzureWave)
Eee Docking 3.8.1 (HKLM\...\Eee Docking_is1) (Version: 3.8.1 - ASUSTek Computer Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-x86 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
ExpressGateCloud (HKLM\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.7.25.173 - VideACE Co.)
ExpressGateCloud (Version: 2.7.25.173 - VideACE Co.) Hidden
FileZilla Client 3.10.1.1 (HKLM\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (Version: 1.01.0011 - ASUSTek) Hidden
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.32 - AsusTek Computer Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2364 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.3 - Ipswitch)
Jarte 5.2 (HKLM\...\Jarte_is1) (Version: 5.2 - Carolina Road Software L.L.C.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 3.4 (HKLM\...\{D64833F8-860D-4216-8EDC-DD08AD68C0B5}) (Version: 3.4.402 - LibreOffice)
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.25 - AsusTek Computer Inc.)
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft Editor 32 bits (HKLM\...\{4C2F0321-E959-47FB-9FF9-E2139B02B68A}) (Version: 1.9.8 - Axialmedia)
Minecraft1.4.7 (HKLM\...\Minecraft1.4.7) (Version:  - )
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.6 - Notepad++ Team)
OpenSSL 0.9.8l Light (32-bit) (HKLM\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
Opera 11.61 (HKLM\...\Opera 11.61.1250) (Version: 11.61.1250 - Opera Software ASA)
Paint Shop Pro 7 Anniversary Edition (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
qBittorrent 3.1.12 (HKLM\...\qBittorrent) (Version: 3.1.12 - The qBittorrent project)
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6186 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8312 - Skype Technologies S.A.)
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Songbird 1.10.2 (Build 2199) (HKLM\...\Songbird-release-2199) (Version:  - )
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.16 - AsusTek Computer)
syncables desktop SE (HKLM\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Trend Micro Titanium (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 2.20 - Trend Micro Inc.)
Trend Micro Titanium (Version: 1.0 - Trend Micro Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3254657708-2287284384-4047303455-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
19-04-2015 19:00:31 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2DAF4BF1-8655-4F36-8541-41327A4F2D5B} - System32\Tasks\MWYJXWQSR => C:\ProgramData\07ef66f0e2664a29a2d1d971bbd8e35b\07ef66f0e2664a29a2d1d971bbd8e35b.exe
Task: {2FBA02C4-B46A-4298-B731-A8DA3A1FAD3D} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Alex\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {32D6E906-7539-49A1-9B99-3E20259526CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-10] (Google Inc.)
Task: {423DB811-D794-4E80-A4A9-2A3271AED716} - System32\Tasks\MaxComputerCleaner_Start => C:\Program Files\Max Computer Cleaner\MaxComputerCleaner.exe
Task: {5FF9839C-6062-4194-A6BF-D85AE6CE12D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-10] (Google Inc.)
Task: {708B35B8-EEB2-4820-A935-4EA5FED1E939} - System32\Tasks\SNRQKC => C:\Users\Alex\AppData\Roaming\SNRQKC.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SNRQKC.job => C:\Users\Alex\AppData\Roaming\SNRQKC.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2011-02-15 18:45 - 2009-07-08 09:02 - 00049152 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2011-02-15 18:45 - 2009-07-08 09:05 - 00057344 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2011-02-15 18:32 - 2009-08-18 21:35 - 00219136 _____ () C:\Windows\System32\AsusService.exe
2011-02-15 18:45 - 2009-08-29 09:37 - 00401408 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2011-02-15 18:46 - 2010-03-19 06:30 - 00173344 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2011-01-12 16:22 - 2011-01-12 16:22 - 00091464 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-12-24 18:51 - 2010-12-24 18:51 - 00157000 _____ () C:\ExpressGateUtil\libexpat.dll
2011-01-03 17:08 - 2011-01-03 17:08 - 00061768 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2015-03-23 01:14 - 2015-03-23 01:15 - 00131584 _____ () C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\jnsuD229.tmp
2010-09-02 07:08 - 2010-09-02 07:08 - 00118784 _____ () C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll
2015-02-01 07:17 - 2015-02-01 07:17 - 00039200 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2014-05-26 16:57 - 2010-09-28 15:56 - 06551672 _____ () C:\Program Files\Ipswitch\WS_FTP 12\res0409.dll
2011-02-15 18:43 - 2010-06-10 17:12 - 00414384 _____ () C:\Program Files\Asus\Eee Docking\Eee Docking.exe
2010-11-22 15:12 - 2010-11-22 15:12 - 00181664 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll
2011-02-15 18:45 - 2009-07-08 09:02 - 00049152 _____ () C:\PROGRAM FILES\TREND MICRO\AMSP\boost_thread-vc80-mt-1_36.dll
2011-02-15 18:45 - 2009-07-08 09:05 - 00057344 _____ () C:\PROGRAM FILES\TREND MICRO\AMSP\boost_date_time-vc80-mt-1_36.dll
2011-01-13 16:09 - 2011-01-13 16:09 - 00191304 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2011-07-28 19:08 - 2011-07-28 19:08 - 01259376 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2011-07-28 19:09 - 2011-07-28 19:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2015-04-18 11:26 - 2015-04-18 11:26 - 00043008 _____ () c:\users\alex\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprhylfc.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\Alex\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\Alex\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\Alex\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\Alex\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-05-26 16:57 - 2010-09-28 15:53 - 00948496 _____ () C:\Program Files\Ipswitch\WS_FTP 12\LIBEAY32.dll
2014-05-26 16:57 - 2010-09-28 15:53 - 00153360 _____ () C:\Program Files\Ipswitch\WS_FTP 12\SSLEAY32.dll
2015-04-22 09:33 - 2015-04-22 09:33 - 00237568 _____ () C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\nso55A1.tmp
2015-04-16 00:56 - 2015-04-13 17:55 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3254657708-2287284384-4047303455-1000\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3254657708-2287284384-4047303455-500 - Administrator - Disabled)
Alex (S-1-5-21-3254657708-2287284384-4047303455-1000 - Administrator - Enabled) => C:\Users\Alex
Guest (S-1-5-21-3254657708-2287284384-4047303455-501 - Limited - Enabled) => C:\Users\Guest
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: SCWFPFilter
Description: SCWFPFilter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SCWFPFilter
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: gfilterdrv
Description: gfilterdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: gfilterdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/21/2015 05:54:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/21/2015 05:54:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/21/2015 05:54:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/21/2015 05:54:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/21/2015 05:54:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/21/2015 05:54:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/21/2015 05:54:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/21/2015 05:54:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/21/2015 05:54:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/21/2015 05:54:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/19/2015 09:03:13 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (04/18/2015 11:57:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The csrcc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/18/2015 11:57:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The 70F4EEDB-1367-4b4f-8247-3133551A7415 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/18/2015 11:24:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
gfilterdrv
 
Error: (04/18/2015 11:24:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SCWFPFilter service failed to start due to the following error: 
%%2
 
Error: (04/17/2015 09:58:45 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
gfilterdrv
 
Error: (04/17/2015 09:58:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SCWFPFilter service failed to start due to the following error: 
%%2
 
Error: (04/17/2015 09:57:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (04/17/2015 09:09:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cherimoya
gfilterdrv
 
Error: (04/17/2015 09:09:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SCWFPFilter service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (04/21/2015 05:54:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\WSCTool.exe
 
Error: (04/21/2015 05:54:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\WSCHandler.exe
 
Error: (04/21/2015 05:54:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\VizorShortCut.exe
 
Error: (04/21/2015 05:54:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\VizorHtmlDialog.exe
 
Error: (04/21/2015 05:54:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\SupportTool.exe
 
Error: (04/21/2015 05:54:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\ShorcutLauncher.exe
 
Error: (04/21/2015 05:54:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\Remove.exe
 
Error: (04/21/2015 05:54:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files\trend micro\BackUp\UCPlugin\c11t1104v0.0.0l1p5889r1o1\uiWinMgr.exe
 
Error: (04/21/2015 05:54:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files\trend micro\BackUp\UCPlugin\c11t1104v0.0.0l1p5889r1o1\uiWatchDog.exe
 
Error: (04/21/2015 05:54:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files\trend micro\BackUp\UCPlugin\c11t1104v0.0.0l1p5889r1o1\uiSeAgnt.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Atom™ CPU N570 @ 1.66GHz
Percentage of memory in use: 64%
Total physical RAM: 2038.12 MB
Available physical RAM: 731.79 MB
Total Pagefile: 4076.23 MB
Available Pagefile: 2300.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.56 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100 GB) (Free:28.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.87 GB) (Free:25.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 56F1D36F)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=117.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:09 AM

Posted 22 April 2015 - 10:11 AM

Please download this attached [attachment=164082:fixlist.txt] file and save it in the same directory as FRST is saved.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Please download ComboFix from Here to your Desktop.
 
**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

-----------------------------------------------------------

  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • Install the Recovery Console if prompted.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" .
    • **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note_2: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Kitty-Nin

Kitty-Nin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 22 April 2015 - 02:48 PM

FRST Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015
Ran by Alex at 2015-04-22 14:18:28 Run:1
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available profiles: Alex & Guest)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff32.dll No File
R2 xuhejygu; C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\jnsuD229.tmp [131584 2015-03-23] () [File not signed]
R2 rewudily; C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\nso55A1.tmp [237568 2015-04-22] () [File not signed]
C:\Users\Alex\AppData\Local\Temp\559.exe
C:\Users\Alex\AppData\Local\Temp\6162.exe
C:\Users\Alex\AppData\Local\Temp\9814.exe
C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprhylfc.dll
C:\Users\Alex\AppData\Local\Temp\optprosetup.exe
C:\Users\Alex\AppData\Local\Temp\SpOrder.dll
C:\Users\Alex\AppData\Local\Temp\supoptsetup.exe
C:\Users\Alex\AppData\Local\Temp\Uninstall.exe
C:\Users\Alex\AppData\Local\Temp\UninstallModule.exe
C:\Users\Alex\AppData\Roaming\ACInitialize.log
C:\Users\Alex\AppData\Roaming\Roaming - Shortcut.lnk
C:\Users\Alex\AppData\Roaming\SNRQKC
C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Alex\AppData\Local\nsa624D.tmp
C:\ProgramData\FullRemove.exe
C:\Windows\System32\AsusService.exe
C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\jnsuD229.tmp
C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\nsnF03E.tmp
EmptyTemp:
End
*****************
 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3254657708-2287284384-4047303455-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3254657708-2287284384-4047303455-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}" => Key deleted successfully.
"HKCR\CLSID\{5081D2D4-1637-404c-B74F-50526718257D}" => Key deleted successfully.
xuhejygu => Service stopped successfully.
xuhejygu => Service deleted successfully.
rewudily => Service not found.
C:\Users\Alex\AppData\Local\Temp\559.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\6162.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\9814.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprhylfc.dll => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\supoptsetup.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\Uninstall.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\UninstallModule.exe => Moved successfully.
C:\Users\Alex\AppData\Roaming\ACInitialize.log => Moved successfully.
C:\Users\Alex\AppData\Roaming\Roaming - Shortcut.lnk => Moved successfully.
C:\Users\Alex\AppData\Roaming\SNRQKC => Moved successfully.
C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\Alex\AppData\Local\nsa624D.tmp => Moved successfully.
C:\ProgramData\FullRemove.exe => Moved successfully.
C:\Windows\System32\AsusService.exe => Moved successfully.
C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\jnsuD229.tmp => Moved successfully.
"C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\nsnF03E.tmp" => File/Directory not found.
EmptyTemp: => Removed 1.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:19:07 ====
 
 
ComboFix Log:
 
ComboFix 15-04-19.01 - Alex 04/22/2015  14:31:19.1.4 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.2038.727 [GMT -4:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Titanium *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB2758694-enu.LOG
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_hyzucyro
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-22 to 2015-04-22  )))))))))))))))))))))))))))))))
.
.
2015-04-22 13:45 . 2015-04-22 18:20 -------- d-----w- C:\FRST
2015-04-18 15:57 . 2015-04-18 16:02 -------- d-----w- c:\program files\globalUpdate
2015-04-18 15:57 . 2015-04-18 15:57 -------- d-----w- c:\users\Alex\AppData\Local\globalUpdate
2015-04-18 15:57 . 2015-04-18 15:57 -------- d-----w- c:\users\Administrator\AppData\Local\Crossbrowse
2015-04-18 15:56 . 2015-04-18 15:58 -------- d-----w- c:\users\Alex\AppData\Local\SmartWeb
2015-04-18 15:17 . 2015-04-18 15:17 -------- d-----w- c:\programdata\bdc331d9000009bb
2015-04-18 15:10 . 2015-04-18 15:15 -------- d-----w- c:\users\Alex\AppData\Local\ZombieNews
2015-04-18 14:40 . 2015-04-18 14:40 -------- d-----w- c:\programdata\{3286d1b1-8088-a88c-3286-6d1b180846c6}
2015-04-18 14:37 . 2015-04-18 15:23 -------- d-----w- c:\programdata\iwGkwRGg
2015-04-18 14:31 . 2015-04-18 15:11 -------- d-----w- c:\program files\SearchProtect
2015-04-13 17:13 . 2015-04-07 15:43 341696 ----a-w- c:\windows\system32\CCL.dll
2015-04-13 17:13 . 2015-04-13 17:13 -------- d-----w- c:\users\Alex\AppData\Local\Max_Computer_Cleaner
2015-04-11 15:06 . 2015-04-11 19:09 -------- d-----w- c:\users\Alex\AppData\Roaming\CDisplayEx
2015-04-11 15:06 . 2015-04-11 15:06 -------- d-----w- c:\program files\CDisplayEx
2015-04-11 01:05 . 2015-04-11 01:05 -------- d-----w- c:\users\Alex\AppData\Local\qBittorrent
2015-04-11 01:05 . 2015-04-11 01:05 -------- d-----w- c:\users\Alex\AppData\Roaming\qBittorrent
2015-04-05 17:22 . 2015-04-05 17:22 -------- d-----w- c:\programdata\ded7dae000006293
2015-04-05 17:21 . 2015-04-14 12:38 -------- d-----w- c:\programdata\{c174582d-c98f-cd74-c174-4582dc9860b7}
2015-04-05 16:38 . 2015-04-05 16:38 -------- d-----w- c:\programdata\9f1f71e00000134d
2015-04-05 16:36 . 2015-04-05 16:36 -------- d-----w- c:\program files\predm
2015-04-04 17:20 . 2015-04-05 16:40 -------- d-----w- c:\programdata\{f8c8db68-e377-394a-f8c8-8db68e376da3}
2015-04-04 17:19 . 2015-04-04 17:19 -------- d-----w- c:\programdata\{80cfb9ca-c07c-bab3-80cf-fb9cac07e72b}
2015-04-04 17:07 . 2015-04-18 15:56 45 ----a-w- C:\user.js
2015-04-02 20:44 . 2015-04-02 20:44 -------- d-----w- c:\program files\ESET
2015-04-02 20:34 . 2015-04-02 20:34 -------- d-----w- C:\RegBackup
2015-03-30 15:50 . 2015-03-30 15:50 -------- d-----w- c:\program files\qBittorrent
2015-03-29 19:43 . 2015-04-05 16:37 -------- d-----w- c:\programdata\NetEngine
2015-03-28 23:14 . 2015-03-23 06:32 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE75880C-5E37-45D5-A975-58A55036ABF1}\mpengine.dll
2015-03-28 22:14 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2015-03-28 22:14 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2015-03-28 22:14 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2015-03-28 22:14 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-03-28 21:31 . 2015-03-28 21:31 -------- d-----w- c:\windows\Migration
2015-03-28 20:59 . 2015-03-28 20:59 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-03-28 20:59 . 2015-03-28 20:59 194048 ----a-w- c:\windows\system32\elshyph.dll
2015-03-28 20:57 . 2015-03-28 20:57 640512 ----a-w- c:\windows\system32\advapi32.dll
2015-03-28 20:57 . 2015-03-28 20:57 619520 ----a-w- c:\windows\system32\tdh.dll
2015-03-28 20:57 . 2015-03-28 20:57 1289096 ----a-w- c:\windows\system32\ntdll.dll
2015-03-28 20:57 . 2015-03-28 20:57 231424 ----a-w- c:\windows\system32\mswsock.dll
2015-03-28 20:56 . 2015-03-28 20:56 49152 ----a-w- c:\windows\system32\taskhost.exe
2015-03-28 20:36 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2015-03-28 20:36 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2015-03-28 20:36 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-03-28 20:36 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-03-28 20:36 . 2013-10-12 02:01 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2015-03-28 20:36 . 2013-10-12 02:03 656896 ----a-w- c:\windows\system32\nshwfp.dll
2015-03-28 20:36 . 2013-10-12 02:01 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2015-03-28 20:36 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll
2015-03-28 20:36 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2015-03-28 20:36 . 2012-11-28 22:57 9728 ----a-w- c:\windows\system32\Wdfres.dll
2015-03-28 20:36 . 2012-11-28 22:57 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2015-03-28 20:36 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2015-03-28 20:33 . 2014-07-17 01:39 304128 ----a-w- c:\windows\system32\winlogon.exe
2015-03-28 20:33 . 2014-07-17 01:39 1051136 ----a-w- c:\windows\system32\mstsc.exe
2015-03-28 20:33 . 2014-07-17 01:40 157696 ----a-w- c:\windows\system32\winsta.dll
2015-03-28 20:33 . 2014-07-17 01:39 130048 ----a-w- c:\windows\system32\rdpcorekmts.dll
2015-03-28 20:33 . 2014-07-17 01:03 184320 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2015-03-28 20:33 . 2014-07-17 01:02 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2015-03-28 20:33 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2015-03-28 20:33 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2015-03-28 20:33 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2015-03-28 20:29 . 2014-11-08 02:45 2048 ----a-w- c:\windows\system32\tzres.dll
2015-03-28 20:29 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2015-03-28 20:29 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe
2015-03-28 20:29 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll
2015-03-28 20:29 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll
2015-03-28 20:29 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2015-03-28 20:29 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2015-03-28 20:29 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2015-03-28 20:28 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2015-03-28 20:28 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2015-03-28 20:28 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2015-03-28 20:28 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2015-03-28 20:28 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2015-03-28 20:28 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2015-03-28 20:28 . 2014-10-04 01:42 3221504 ----a-w- c:\windows\system32\mstscax.dll
2015-03-28 20:28 . 2014-10-04 01:42 131584 ----a-w- c:\windows\system32\aaclient.dll
2015-03-28 20:26 . 2014-11-26 03:32 571904 ----a-w- c:\windows\system32\oleaut32.dll
2015-03-28 20:25 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2015-03-28 20:01 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-03-28 20:01 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2015-03-28 20:01 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2015-03-28 20:01 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2015-03-28 20:01 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2015-03-28 20:01 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2015-03-28 20:01 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2015-03-28 20:01 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2015-03-28 17:34 . 2015-03-28 17:34 -------- d-----w- c:\windows\system32\Flash
2015-03-27 23:49 . 2015-04-05 16:41 -------- d-----w- c:\programdata\7ab3a0c00002a75
2015-03-27 23:14 . 2015-03-27 23:14 -------- d-----w- c:\users\Alex\AppData\Roaming\20425664-1427498044-5557-1232-F46D04B7EE3C
2015-03-27 16:03 . 2015-04-04 16:22 -------- d-----w- C:\AdwCleaner
2015-03-27 15:56 . 2015-03-27 15:56 -------- d-----w- c:\program files\VS Revo Group
2015-03-23 22:54 . 2015-03-30 15:47 -------- d-----w- c:\programdata\Windows VXM
2015-03-23 22:54 . 2015-03-25 00:20 -------- d-----w- c:\program files\Windows Network Accelerater
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-18 14:35 . 2014-07-10 22:35 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-24 08:23 . 2013-07-21 01:49 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-22 03:07 . 2015-02-22 03:09 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_AD2529C7DB5B63D28C23362385276129"="c:\program files\Google\Chrome\Application\chrome.exe" [2015-04-13 812872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HotkeyMon"="AsusSender.exe" [2010-11-22 34728]
"HotkeyService"="AsusSender.exe" [2010-11-22 34728]
"SuperHybridEngine"="AsusSender.exe" [2010-11-22 34728]
"LiveUpdate"="AsusSender.exe" [2010-11-22 34728]
"CapsHook"="AsusSender.exe" [2010-11-22 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-06-10 414384]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\VizorHtmlDialog.exe" [2010-06-07 689488]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-03-19 116008]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-01-13 191304]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-02-15 2018032]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 174360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 150808]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-4-2 43382072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\Asus\AsusVibe\AsusVibeLauncher.exe /start [2014-6-25 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 cherimoya;cherimoya;c:\windows\system32\drivers\cherimoya.sys [x]
R1 gfilterdrv;gfilterdrv;c:\windows\system32\drivers\gfilterdrv.sys [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
R2 SCWFPFilter;SCWFPFilter;c:\windows\system32\DRIVERS\WFPFilter.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-28 102912]
R3 lgccm;LGE Change Configuration Module Service;c:\windows\system32\DRIVERS\lgccmx32.sys [x]
R3 lgwnusbbus;LGE Wireless NDIS Composite USB Device;c:\windows\system32\DRIVERS\lgwnusbbus.sys [x]
R3 lgwnusbmodem;LGE Wireless NDIS USB Modem;c:\windows\system32\DRIVERS\lgwnusbmodem.sys [x]
R3 lgwnusbndis;LGE Wireless NDIS Ethernet Adapter Service;c:\windows\system32\DRIVERS\lgwnusbndis62.sys [x]
R3 lgwnusbser01;LGE Wireless NDIS USB Serial01 Device;c:\windows\system32\DRIVERS\lgwnusbser01.sys [x]
R3 lgwnusbser02;LGE Wireless NDIS USB Serial02 Device;c:\windows\system32\DRIVERS\lgwnusbser02.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 PSMNBUS;Pantech Android USB Composite Device Ver1 Driver;c:\windows\system32\DRIVERS\PSMNBUS.sys [x]
R3 PSMNMDM;Pantech Android USB Modem Ver1 Drivers;c:\windows\system32\DRIVERS\PSMNMDM.sys [x]
R3 PSMNMDMVSP;Pantech Android MDM Diagnostic Serial Port Ver1;c:\windows\system32\DRIVERS\PSMNMDMVSP.sys [x]
R3 PSMNMSMVSP;Pantech Android MSM Diagnostic Serial Port Ver1;c:\windows\system32\DRIVERS\PSMNMSMVSP.sys [x]
R3 PSMNNET61;Pantech Android MDM WWAN (NDIS6.1);c:\windows\system32\DRIVERS\PSMNNET61.sys [x]
R3 PSMNRMNET;Pantech Android MDM RMNET Device;c:\windows\system32\DRIVERS\PSMNRMNET.sys [x]
R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\swg3kser00.sys [2011-05-13 215552]
R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbus.sys [2010-08-09 78720]
R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\DRIVERS\swiwdmbx.sys [2011-05-16 83968]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2011-05-28 237568]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-01-12 91464]
S2 WindowsVNT_R5;Windows Virtual Network (WVN5);c:\program files\Windows Network Accelerater\v5\winvxm.exe [2015-03-25 2976880]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-09-27 68208]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-10 23:27]
.
2015-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-10 23:27]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{C9E18F1F-A761-454C-9F97-E38D2BBB6950}: NameServer = 172.26.38.1 172.26.38.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-ROC_ROC_APR2013_AV - c:\users\Alex\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
HKLM-Run-3D BubbleSound - c:\program files\BubbleSound\3D BubbleSound.exe
HKLM-Run-gmsd_us_458 - (no file)
AddRemove-Minecraft1.4.7 - c:\users\Alex\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3540)
c:\progra~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Trend Micro\AMSP\coreServiceShell.exe
c:\program files\Trend Micro\AMSP\AMSP_LogServer.exe
c:\windows\system32\conhost.exe
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2015-04-22  15:31:03 - machine was rebooted
ComboFix-quarantined-files.txt  2015-04-22 19:31
.
Pre-Run: 31,153,041,408 bytes free
Post-Run: 30,783,234,048 bytes free
.
- - End Of File - - C960A97A9B3B046185E65D093A9DBB99
A36C5E4F47E84449FF07ED3517B43A31
 


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:09 AM

Posted 22 April 2015 - 07:20 PM

Re-scan with malwarebytes antimalware and post its report.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Kitty-Nin

Kitty-Nin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 25 April 2015 - 11:01 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/25/2015
Scan Time: 11:12:17 AM
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.04.25.02
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Alex
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 381169
Time Elapsed: 23 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 14
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\Extension.jshep, , [36904b256d1dc96d49d5d06fe22140c0], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\Extension.jshep.1, , [36904b256d1dc96d49d5d06fe22140c0], 
PUP.Optional.Crossbrowse.A, HKLM\SOFTWARE\Crossbrowse, , [d8eea9c761298bab784710b662a1c53b], 
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [1ea8cba593f72214c09c982cf80be51b], 
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, , [ae18aec2dbaffc3a78a8cb8cd233fc04], 
Rootkit.cherimoya.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya, , [992d83edb8d265d1da5ce6ed699aba46], 
PUP.Optional.Shopperz.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, , [aa1c5f11b6d40f27e2b45c6e19ea52ae], 
PUP.Optional.Shopperz.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, , [e9dd18582d5d3105b4e27c4e8281c937], 
PUP.Optional.Shopperz.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, , [6c5af57bbdcd51e52c6a9d2d3dc609f7], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaPlus-3.4cV18.04-nv-ie, , [65613937d4b6171f3bbb36a418ebf60a], 
PUP.Optional.Crossbrowse.A, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Crossbrowse, , [cef8c5ab69216cca318d04c24ab9f60a], 
PUP.Optional.MultiIE.A, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [eed86a06741655e112165cea6a9b3dc3], 
PUP.Optional.GamesDesktop.A, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GAMESDESKTOP, , [b511125e3d4d0036281fe773af56ba46], 
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, , [2d999fd18802999d4247fdc95ba8669a], 
 
Registry Values: 6
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{5081D2D4-1637-404c-B74F-50526718257D}, , [36904b256d1dc96d49d5d06fe22140c0], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{5081D2D4-1637-404C-B74F-50526718257D}, C:\Program Files\shopperz\Firefox, , [36904b256d1dc96d49d5d06fe22140c0]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{5081D2D4-1637-404C-B74F-50526718257D}, C:\Program Files\shopperz\Firefox, , [36904b256d1dc96d49d5d06fe22140c0]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{5081D2D4-1637-404c-B74F-50526718257D}, , [20a69cd4b9d1c86ea9750639a06312ee], 
PUP.Optional.GamesDesktop.A, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GAMESDESKTOP|mj, 15.04.05.0, , [b511125e3d4d0036281fe773af56ba46]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, , [2d999fd18802999d4247fdc95ba8669a]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.ZombieNews.A, C:\Users\Alex\AppData\Local\ZombieNews, , [6462264a4f3b8bab6bb15852996acc34], 
PUP.Optional.Crossbrowse.C, C:\Users\Administrator\AppData\Local\Crossbrowse, , [8442d69ad6b4e056a57d6c5603005da3], 
PUP.Optional.Crossbrowse.C, C:\Users\Administrator\AppData\Local\Crossbrowse\Crossbrowse, , [8442d69ad6b4e056a57d6c5603005da3], 
PUP.Optional.Crossbrowse.C, C:\Users\Administrator\AppData\Local\Crossbrowse\Crossbrowse\User Data, , [8442d69ad6b4e056a57d6c5603005da3], 
PUP.Optional.Crossbrowse.C, C:\Users\Administrator\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, , [8442d69ad6b4e056a57d6c5603005da3], 
 
Files: 6
PUP.Optional.OptimizerPro, C:\ProgramData\{3286d1b1-8088-a88c-3286-6d1b180846c6}\hqghumeaylnlf.exe, , [c7ff92deb7d36acc8877f05004fed32d], 
PUP.Optional.ZombieInvasion.A, C:\ProgramData\iwGkwRGg\dat\CTmZqd.dll, , [9d29462a95f549ed7bde18dc9b6a6c94], 
PUP.Optional.ZombieNews.A, C:\ProgramData\iwGkwRGg\dat\oOaAHH.exe, , [cdf9313f9eec6bcbcd876d5cd32eab55], 
PUP.Optional.SmartWeb.A, C:\Users\Alex\AppData\Local\SmartWeb\__u.exe, , [23a3f67a731753e351b3ce3307fbf010], 
PUP.Optional.SmartWeb.A, C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task, , [e5e1b4bc97f364d24530cb0fcf347f81], 
PUP.Optional.ZombieNews.A, C:\Users\Alex\AppData\Local\ZombieNews\data2.dat, , [6462264a4f3b8bab6bb15852996acc34], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:09 AM

Posted 25 April 2015 - 07:37 PM

You are not quarantining them. They seem to be Potentially Unwanted programs. Have MBAM quarantining them.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users