Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

redirect popups and greatest hits arcade popups [Closed]


  • This topic is locked This topic is locked

#1
steph13

steph13

    New Member

  • Member
  • Pip
  • 6 posts

i use google chrome on a windows 7 computer and constantly get redirect pop up windows and videos with greatest arcade hits typed under. i have ran malware and antivirus with no luck. please help. not sure what other info you need.


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.

  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!
Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your machine and see what's going on.


Step 1: Scan with Farbar's Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:

FRST Log

Additions.txt Log

aswMBR Log

  • 0

#3
steph13

steph13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
So I did step number one and everything was fine. I started scan number 2 and at some point The screen went blue and said something about a crash dump before the computer turned off and said windows is shutting down to prevent something. when restarted it said windows had recovered. What do I do? Should run them again?
  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

So I did step number one and everything was fine. I started scan number 2 and at some point The screen went blue and said something about a crash dump before the computer turned off and said windows is shutting down to prevent something. when restarted it said windows had recovered. What do I do? Should run them again?


Hold up on the 2nd step. Please post the logs from the Farbar Scan (FRST Log and Additions.txt log) and we'll go from there. :thumbsup:
  • 0

#5
steph13

steph13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
this is the only log i could find. I'm not sure if this is both of them
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by steph (administrator) on STEPH-PC on 28-04-2014 15:15:44
Running from C:\Users\steph\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Users\steph\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\Asus\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [dnsshield] => C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe [214016 2013-11-28] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-01] (Microsoft Corporation)
HKU\S-1-5-21-4010653172-623774165-1176597284-1001\...\Run: [uTorrent] => C:\Users\steph\AppData\Roaming\uTorrent\uTorrent.exe [1266520 2014-04-25] (BitTorrent Inc.)
HKU\S-1-5-21-4010653172-623774165-1176597284-1001\...\Run: [Google Update] => C:\Users\steph\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-20] (Google Inc.)
HKU\S-1-5-21-4010653172-623774165-1176597284-1001\...\Run: [GoogleChromeAutoLaunch_F93EFB3DD44213C0D4E7C2DEA6F95C5C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-01] (Google Inc.)
AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File Not Found
AppInit_DLLs-x32: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => "C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...5A34AB1DC&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Social Privacy - {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files (x86)\Social Privacy\sp.dll ()
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\steph\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3BD90CE2-2058-41CD-8FD8-3637A49D5CA7}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{74F9D3B9-726F-4F04-B58C-7ABA91CBE8D0}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{79056CFD-8C06-4990-8D76-397229840373}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{84B157F0-3AD5-4883-8A82-AFE96AFEF7FD}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\steph\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\steph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\steph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\steph\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\steph\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\steph\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\steph\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKCU\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\steph\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\
FF Extension: GreatArcadeHits Add-on - C:\Users\steph\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ []
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Social Privacy\FF\
FF Extension: Social Privacy - C:\Program Files (x86)\Social Privacy\FF\ []
 
Chrome: 
=======
CHR HomePage: hxxp://www.yahoo.com/
CHR StartupUrls: "hxxp://www.goodsearch.com/", "hxxp://www.yahoo.com/"
CHR DefaultSearchKeyword: www.goodsearch.com
CHR DefaultSearchProvider: Search with GoodSearch
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-20]
CHR Extension: (Google Drive) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-20]
CHR Extension: (YouTube) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-20]
CHR Extension: (Google Search) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-20]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2014-01-01]
CHR Extension: (InvisibleHand) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2014-01-01]
CHR Extension: (Google Wallet) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (GreatArcadeHits) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh [2014-01-20]
CHR Extension: (Gmail) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files (x86)\pandasecuritytb\chrome-newtab-search.crx [2013-11-20]
 
==================== Services (Whitelisted) =================
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-28 15:15 - 2014-04-28 15:16 - 00016250 _____ () C:\Users\steph\Downloads\FRST.txt
2014-04-28 15:14 - 2014-04-28 15:15 - 00000000 ____D () C:\FRST
2014-04-28 15:13 - 2014-04-28 15:14 - 02061824 _____ (Farbar) C:\Users\steph\Downloads\FRST64.exe
2014-04-26 15:04 - 2014-04-28 14:24 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4010653172-623774165-1176597284-1001.job
2014-04-26 15:04 - 2014-04-26 15:04 - 00003588 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4010653172-623774165-1176597284-1001
2014-04-26 15:04 - 2014-04-26 15:04 - 00002559 _____ () C:\Users\steph\Desktop\GoToMeeting Quick Connect.lnk
2014-04-26 15:03 - 2014-04-26 15:04 - 00000000 ____D () C:\Users\steph\AppData\Local\Citrix
2014-04-26 11:39 - 2014-04-26 11:39 - 00071398 _____ (jpshortstuff) C:\Users\steph\Downloads\GooredFix (1).exe
2014-04-26 11:37 - 2014-04-26 11:39 - 00000814 _____ () C:\Users\steph\Desktop\GooredFix.txt
2014-04-26 11:37 - 2014-04-26 11:39 - 00000000 ____D () C:\Users\steph\Desktop\GooredFix Backups
2014-04-26 11:36 - 2014-04-26 11:36 - 00071398 _____ (jpshortstuff) C:\Users\steph\Downloads\GooredFix.exe
2014-04-25 12:32 - 2014-04-25 12:32 - 00002116 _____ () C:\Users\steph\Downloads\attachment
2014-04-24 12:15 - 2014-04-24 12:28 - 100307736 _____ (Microsoft Corporation) C:\Users\steph\Downloads\msert (2).exe
2014-04-24 12:13 - 2014-04-24 12:13 - 00085075 _____ () C:\Users\steph\Downloads\msert (1).exe
2014-04-24 12:13 - 2014-04-24 12:13 - 00085073 _____ () C:\Users\steph\Downloads\msert.exe
2014-04-24 11:39 - 2014-04-24 11:39 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-24 11:38 - 2014-04-24 11:38 - 00002139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-24 11:35 - 2014-04-24 11:37 - 13829304 _____ (Microsoft Corporation) C:\Users\steph\Downloads\mseinstall.exe
2014-04-24 11:05 - 2014-04-24 11:07 - 00001188 _____ () C:\Users\steph\Desktop\Live PC Help.lnk
2014-04-24 10:46 - 2014-04-24 10:46 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\steph\Downloads\SpyHunter-Installer.exe
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 __SHD () C:\Users\steph\AppData\Local\EmieUserList
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 __SHD () C:\Users\steph\AppData\Local\EmieSiteList
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 ____D () C:\Users\steph\AppData\Roaming\rightbackup
2014-04-24 10:42 - 2014-04-24 11:07 - 00000000 ____D () C:\Users\steph\AppData\Roaming\systweak
2014-04-24 10:42 - 2014-04-21 14:51 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-24 10:41 - 2014-04-24 10:41 - 05046352 _____ (Systweak Inc ) C:\Users\steph\Downloads\rcp_dcomnew_sec_728.exe
2014-04-16 17:02 - 2014-03-06 03:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-16 17:02 - 2014-03-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-16 17:02 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 17:02 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-16 17:02 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-16 17:02 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-16 17:02 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-16 17:02 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-16 17:02 - 2014-03-06 01:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-16 17:02 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-16 17:02 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-16 17:02 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-16 17:02 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-16 17:02 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-16 17:02 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-16 17:02 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-16 17:02 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-16 17:02 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-16 17:02 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-16 17:02 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-16 17:02 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-16 17:02 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-16 17:02 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-16 17:02 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-16 17:02 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-16 17:02 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-16 17:02 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-16 17:02 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-16 17:02 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-16 17:02 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-16 17:02 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-16 17:02 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-16 17:02 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-16 17:02 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-16 17:02 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-16 17:01 - 2014-03-06 02:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-16 17:01 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-16 17:01 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 17:01 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-16 17:01 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-16 17:01 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-16 17:01 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-16 17:01 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-16 17:01 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-16 17:01 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-16 17:01 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 17:01 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-16 17:01 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 18:03 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 18:03 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 18:03 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 18:03 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 18:03 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 18:02 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 18:02 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 18:02 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 18:02 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 18:02 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 18:02 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 18:02 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 18:02 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 18:02 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 18:02 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 18:02 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 18:02 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 17:56 - 2014-04-09 17:56 - 00467179 _____ () C:\Users\steph\Downloads\sydneys vaccination.htm
2014-04-09 17:56 - 2014-04-09 17:56 - 00000000 ____D () C:\Users\steph\Downloads\sydneys vaccination_files
2014-04-09 17:53 - 2014-04-09 17:53 - 00465114 _____ () C:\Users\steph\Downloads\sydneys rabies.htm
2014-04-09 17:53 - 2014-04-09 17:53 - 00000000 ____D () C:\Users\steph\Downloads\sydneys rabies_files
2014-04-09 17:51 - 2014-04-09 17:52 - 04877865 _____ () C:\Users\steph\Downloads\Attachments_201449.zip
 
==================== One Month Modified Files and Folders =======
 
2014-04-28 15:17 - 2013-12-31 09:09 - 00000000 ____D () C:\Users\steph\AppData\Roaming\uTorrent
2014-04-28 15:16 - 2014-04-28 15:15 - 00016250 _____ () C:\Users\steph\Downloads\FRST.txt
2014-04-28 15:16 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 15:16 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 15:15 - 2014-04-28 15:14 - 00000000 ____D () C:\FRST
2014-04-28 15:14 - 2014-04-28 15:13 - 02061824 _____ (Farbar) C:\Users\steph\Downloads\FRST64.exe
2014-04-28 15:08 - 2013-03-04 10:45 - 01480905 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 14:57 - 2014-01-17 13:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-28 14:55 - 2014-01-20 18:14 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001UA.job
2014-04-28 14:54 - 2014-01-01 17:54 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-28 14:30 - 2014-01-01 17:54 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 14:30 - 2013-03-04 11:01 - 00000000 ___HD () C:\ASUS.DAT
2014-04-28 14:29 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 14:29 - 2009-07-13 21:51 - 00042099 _____ () C:\Windows\setupact.log
2014-04-28 14:24 - 2014-04-26 15:04 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4010653172-623774165-1176597284-1001.job
2014-04-28 14:24 - 2013-11-20 19:25 - 00000272 _____ () C:\Windows\Tasks\GreatArcadeHits.job
2014-04-28 11:37 - 2014-01-20 18:14 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001Core.job
2014-04-26 15:04 - 2014-04-26 15:04 - 00003588 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4010653172-623774165-1176597284-1001
2014-04-26 15:04 - 2014-04-26 15:04 - 00002559 _____ () C:\Users\steph\Desktop\GoToMeeting Quick Connect.lnk
2014-04-26 15:04 - 2014-04-26 15:03 - 00000000 ____D () C:\Users\steph\AppData\Local\Citrix
2014-04-26 11:39 - 2014-04-26 11:39 - 00071398 _____ (jpshortstuff) C:\Users\steph\Downloads\GooredFix (1).exe
2014-04-26 11:39 - 2014-04-26 11:37 - 00000814 _____ () C:\Users\steph\Desktop\GooredFix.txt
2014-04-26 11:39 - 2014-04-26 11:37 - 00000000 ____D () C:\Users\steph\Desktop\GooredFix Backups
2014-04-26 11:36 - 2014-04-26 11:36 - 00071398 _____ (jpshortstuff) C:\Users\steph\Downloads\GooredFix.exe
2014-04-25 12:32 - 2014-04-25 12:32 - 00002116 _____ () C:\Users\steph\Downloads\attachment
2014-04-24 12:28 - 2014-04-24 12:15 - 100307736 _____ (Microsoft Corporation) C:\Users\steph\Downloads\msert (2).exe
2014-04-24 12:13 - 2014-04-24 12:13 - 00085075 _____ () C:\Users\steph\Downloads\msert (1).exe
2014-04-24 12:13 - 2014-04-24 12:13 - 00085073 _____ () C:\Users\steph\Downloads\msert.exe
2014-04-24 11:39 - 2014-04-24 11:39 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-24 11:38 - 2014-04-24 11:38 - 00002139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-24 11:37 - 2014-04-24 11:35 - 13829304 _____ (Microsoft Corporation) C:\Users\steph\Downloads\mseinstall.exe
2014-04-24 11:31 - 2013-12-31 09:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-24 11:31 - 2013-03-04 10:41 - 00583372 _____ () C:\Windows\PFRO.log
2014-04-24 11:07 - 2014-04-24 11:05 - 00001188 _____ () C:\Users\steph\Desktop\Live PC Help.lnk
2014-04-24 11:07 - 2014-04-24 10:42 - 00000000 ____D () C:\Users\steph\AppData\Roaming\systweak
2014-04-24 11:04 - 2013-03-04 11:01 - 00002176 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-04-24 10:46 - 2014-04-24 10:46 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\steph\Downloads\SpyHunter-Installer.exe
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 __SHD () C:\Users\steph\AppData\Local\EmieUserList
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 __SHD () C:\Users\steph\AppData\Local\EmieSiteList
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 ____D () C:\Users\steph\AppData\Roaming\rightbackup
2014-04-24 10:41 - 2014-04-24 10:41 - 05046352 _____ (Systweak Inc ) C:\Users\steph\Downloads\rcp_dcomnew_sec_728.exe
2014-04-24 10:36 - 2014-01-31 09:07 - 00000000 ____D () C:\Users\steph\AppData\Roaming\SoftGrid Client
2014-04-21 14:51 - 2014-04-24 10:42 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-20 00:18 - 2014-01-17 13:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-20 00:17 - 2014-01-17 13:49 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-20 00:17 - 2014-01-17 13:49 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-16 20:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-16 13:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 11:06 - 2013-11-21 23:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 11:03 - 2013-11-21 23:25 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 17:56 - 2014-04-09 17:56 - 00467179 _____ () C:\Users\steph\Downloads\sydneys vaccination.htm
2014-04-09 17:56 - 2014-04-09 17:56 - 00000000 ____D () C:\Users\steph\Downloads\sydneys vaccination_files
2014-04-09 17:53 - 2014-04-09 17:53 - 00465114 _____ () C:\Users\steph\Downloads\sydneys rabies.htm
2014-04-09 17:53 - 2014-04-09 17:53 - 00000000 ____D () C:\Users\steph\Downloads\sydneys rabies_files
2014-04-09 17:52 - 2014-04-09 17:51 - 04877865 _____ () C:\Users\steph\Downloads\Attachments_201449.zip
2014-04-08 13:15 - 2014-01-01 17:58 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-06 10:49 - 2014-01-01 17:54 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-06 10:49 - 2014-01-01 17:54 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-05 08:50 - 2014-01-20 18:14 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001UA
2014-04-05 08:50 - 2014-01-20 18:14 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001Core
 
Files to move or delete:
====================
C:\ProgramData\SetWallpaper.exe
 
 
Some content of TEMP:
====================
C:\Users\steph\AppData\Local\Temp\newsetup.exe
C:\Users\steph\AppData\Local\Temp\nsj9449.exe
C:\Users\steph\AppData\Local\Temp\nso99A7.exe
C:\Users\steph\AppData\Local\Temp\nsoCDB2.exe
C:\Users\steph\AppData\Local\Temp\nsyD419.exe
C:\Users\steph\AppData\Local\Temp\SHSetup.exe
C:\Users\steph\AppData\Local\Temp\SPSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-16 13:17
 
==================== End Of Log ============================

  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

The Additions.txt log should be in the same directory as this one was. However, if not, no worries. We'll get another scan later on in the process.

I'm currently reviewing your log and will post instructions soon. :thumbsup:
  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

We have some work to do, so let's get started.

There's a bit to do, so take your time and read through the instructions of each step. :thumbsup:


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program (uTorrent) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Step 1: Chrome Changes


Changing Chrome's Homepage

We need to change your homepage in Chrome. Please follow the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, type in any page you wish as your new start page.
  • Once you have typed in your new home page, close the window.
Changing Chrome's Search Provider

We need to change your default Search Provider in Chrome. Please follow the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under Search and then click the box that has your current search provider listed. Change it from the malware related search engine to another (Such as Google.)
  • Once you have changed it, click on Manage Search Engines and delete goodsearch.com from the list.
  • Once you have removed it, close the window.
Remove Chrome Extensions

There is an extension in Chrome that need to be removed, please follow the instructions below to remove it.

Start Chrome and type this into the address bar: chrome:extensions

This will display a page of all the installed extensions. Please remove the extension in the list below by clicking the trash can icon beside it.

GreatArcadeHits


Step 2: Fix with Farbar's Recovery Scan Tool

Note: Before running this fix, please move FRST64.exe from C:\Users\steph\Downloads to your desktop.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
() C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe
C:\Program Files (x86)\Social Privacy DNS
HKLM-x32\...\Run: [dnsshield] => C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe [214016 2013-11-28] ()
AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
C:\Program Files (x86)\SearchProtect
AppInit_DLLs-x32: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...5A34AB1DC&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
BHO-x32: Social Privacy - {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files (x86)\Social Privacy\sp.dll ()
BHO-x32: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\steph\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
FF HKCU\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\steph\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\
FF Extension: GreatArcadeHits Add-on - C:\Users\steph\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ []
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Social Privacy\FF\
FF Extension: Social Privacy - C:\Program Files (x86)\Social Privacy\FF\ []
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]
2014-04-28 14:24 - 2013-11-20 19:25 - 00000272 _____ () C:\Windows\Tasks\GreatArcadeHits.job
C:\ProgramData\SetWallpaper.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: Fresh FRST Log

Start Farbar's Recovery Scan Tool and then place a check mark in the Additions box and then press the Scan button.

FRST will scan your system and produce 2 logs: FRST Log and Additions.txt Log Please post both in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

AdwCleaner Log

Junkware Removal Tool Log

Fresh FRST Log

Fresh Additions.txt Log

Question: How is the computer running now?

  • 0

#8
steph13

steph13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014
Ran by steph at 2014-04-28 15:17:28
Running from C:\Users\steph\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.16 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.3.585 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 6.2.0.1350 (HKCU\...\GoToMeeting) (Version: 6.2.0.1350 - CitrixOnline)
GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
Social Privacy (HKLM-x32\...\[email protected]) (Version:  - )
Social Privacy DNS (HKLM-x32\...\dnsshield) (Version:  - )
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
 
==================== Restore Points  =========================
 
24-04-2014 18:17:23 Windows Update
27-04-2014 18:23:00 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0E32453E-00FD-4829-BFD6-A8F883E25DDA} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {54907FDB-6F07-4FAE-A60C-1ED04AB5A911} - System32\Tasks\GreatArcadeHits => C:\Users\steph\AppData\Local\GreatArcadeHits\GAHUpdate.exe [2014-01-30] () <==== ATTENTION
Task: {802CF01F-1A70-43C5-B82A-DBEB9FAE728C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.)
Task: {80E17AFA-0336-4495-9109-219B1017A4E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-20] (Adobe Systems Incorporated)
Task: {93176498-1603-4697-86CA-AF000A82599F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {AB642FBE-89F7-4016-B617-9164EB75E789} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.)
Task: {B3E3222F-73D7-4C58-BE5E-69F28C611A07} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)
Task: {BA34E45F-6110-4011-80A5-4BC6DC710FB7} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {C2104414-7BA7-4373-BD5C-D79DFC824F9D} - System32\Tasks\G2MUpdateTask-S-1-5-21-4010653172-623774165-1176597284-1001 => C:\Users\steph\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-04-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EAD64A78-6C7C-4893-80D7-A2A2E5282906} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001UA => C:\Users\steph\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {FEEE2E63-9648-4CF6-A71D-3DC7283A741A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001Core => C:\Users\steph\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4010653172-623774165-1176597284-1001.job => C:\Users\steph\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001Core.job => C:\Users\steph\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001UA.job => C:\Users\steph\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GreatArcadeHits.job => C:\Users\steph\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-10-15 15:39 - 2011-05-05 05:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2012-10-15 15:39 - 2011-09-15 20:35 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-28 22:14 - 2013-11-28 22:14 - 00214016 _____ () C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe
2014-04-08 13:15 - 2014-04-01 18:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2007-07-12 11:11 - 2007-07-12 11:11 - 01163264 _____ () C:\Program Files (x86)\Asus\Wireless Console 3\acAuth.dll
2014-04-08 13:15 - 2014-04-01 18:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-08 13:15 - 2014-04-01 18:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-08 13:15 - 2014-04-01 18:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-08 13:15 - 2014-04-01 18:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-08 13:15 - 2014-04-01 18:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2009-11-02 15:20 - 2009-11-02 15:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 15:23 - 2009-11-02 15:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-04-08 13:15 - 2014-04-01 18:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/28/2014 11:29:12 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (04/19/2014 02:11:14 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (04/09/2014 05:50:05 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 ErrorCode: 14007(0x36b7).
 
Error: (04/07/2014 00:19:17 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (03/31/2014 02:47:01 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (03/24/2014 06:48:06 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (03/22/2014 00:04:08 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (03/22/2014 11:33:59 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (03/19/2014 05:35:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: cltmngui.exe, version: 2.11.11.7, time stamp: 0x531483bc
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x644
Faulting application start time: 0xcltmngui.exe0
Faulting application path: cltmngui.exe1
Faulting module path: cltmngui.exe2
Report Id: cltmngui.exe3
 
Error: (03/11/2014 01:12:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: cltmngui.exe, version: 2.11.11.7, time stamp: 0x531483bc
Faulting module name: RPCRT4.dll, version: 6.1.7601.18205, time stamp: 0x51db9710
Exception code: 0xc0000005
Fault offset: 0x0001901e
Faulting process id: 0x1b54
Faulting application start time: 0xcltmngui.exe0
Faulting application path: cltmngui.exe1
Faulting module path: cltmngui.exe2
Report Id: cltmngui.exe3
 
 
System errors:
=============
Error: (04/28/2014 02:29:50 PM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error: 
%%2
 
Error: (04/28/2014 02:29:32 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:28:16 PM on ‎4/‎28/‎2014 was unexpected.
 
Error: (04/26/2014 11:53:41 AM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error: 
%%2
 
Error: (04/24/2014 11:31:49 AM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error: 
%%2
 
Error: (04/24/2014 11:28:17 AM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (04/24/2014 11:03:31 AM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error: 
%%2
 
Error: (04/24/2014 11:00:36 AM) (Source: DCOM) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (04/24/2014 10:47:08 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/24/2014 10:47:07 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/24/2014 10:47:07 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (04/28/2014 11:29:12 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (04/19/2014 02:11:14 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (04/09/2014 05:50:05 PM) (Source: CVHSVC)(User: )
Description: Error: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 ErrorCode: 14007(0x36b7).
 
Error: (04/07/2014 00:19:17 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (03/31/2014 02:47:01 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (03/24/2014 06:48:06 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (03/22/2014 00:04:08 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (03/22/2014 11:33:59 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (03/19/2014 05:35:29 PM) (Source: Application Error)(User: )
Description: cltmngui.exe2.11.11.7531483bcole32.dll6.1.7601.175144ce7b96fc00000050003934264401cf43d42153070aC:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exeC:\Windows\syswow64\ole32.dll85ca5f9f-afc7-11e3-b75a-10bf4821873d
 
Error: (03/11/2014 01:12:52 PM) (Source: Application Error)(User: )
Description: cltmngui.exe2.11.11.7531483bcRPCRT4.dll6.1.7601.1820551db9710c00000050001901e1b5401cf39670f28c3e4C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exeC:\Windows\syswow64\RPCRT4.dll862fed98-a959-11e3-83d0-10bf4821873d
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 44%
Total physical RAM: 4000.13 MB
Available physical RAM: 2225.04 MB
Total Pagefile: 7998.43 MB
Available Pagefile: 5977.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:295.67 GB) (Free:203.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:145.09 GB) (Free:144.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: EF790277)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=296 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=145 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

  • 0

#9
steph13

steph13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

finally found the addition wasnt sure if you still wanted to see it


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
That's fine, thank you. :thumbsup:) Go ahead with the steps and post the logs at your convenience.
  • 0

#11
steph13

steph13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Start
() C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe
C:\Program Files (x86)\Social Privacy DNS
HKLM-x32\...\Run: [dnsshield] => C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe [214016 2013-11-28] ()
AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
C:\Program Files (x86)\SearchProtect
AppInit_DLLs-x32: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...5A34AB1DC&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
BHO-x32: Social Privacy - {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files (x86)\Social Privacy\sp.dll ()
BHO-x32: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\steph\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
FF HKCU\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\steph\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\
FF Extension: GreatArcadeHits Add-on - C:\Users\steph\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ []
FF HKCU\...\Firefox\Extensions: [sp[email protected]] - C:\Program Files (x86)\Social Privacy\FF\
FF Extension: Social Privacy - C:\Program Files (x86)\Social Privacy\FF\ []
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]
2014-04-28 14:24 - 2013-11-20 19:25 - 00000272 _____ () C:\Windows\Tasks\GreatArcadeHits.job
C:\ProgramData\SetWallpaper.exe
End
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by steph on Thu 05/01/2014 at 14:27:19.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\social privacy"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/01/2014 at 14:43:30.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014 02
Ran by steph (administrator) on STEPH-PC on 01-05-2014 14:47:18
Running from C:\Users\steph\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\Asus\InstantOn for NB\InsOnSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\Asus\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\WDC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\Asus\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [dnsshield] => C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe [214016 2013-11-28] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-01] (Microsoft Corporation)
HKU\S-1-5-21-4010653172-623774165-1176597284-1001\...\Run: [Google Update] => C:\Users\steph\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-20] (Google Inc.)
HKU\S-1-5-21-4010653172-623774165-1176597284-1001\...\Run: [GoogleChromeAutoLaunch_F93EFB3DD44213C0D4E7C2DEA6F95C5C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.)
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File Not Found
AppInit_DLLs-x32: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => "C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Social Privacy - {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files (x86)\Social Privacy\sp.dll No File
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\steph\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3BD90CE2-2058-41CD-8FD8-3637A49D5CA7}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{74F9D3B9-726F-4F04-B58C-7ABA91CBE8D0}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{79056CFD-8C06-4990-8D76-397229840373}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{84B157F0-3AD5-4883-8A82-AFE96AFEF7FD}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\steph\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\steph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\steph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\steph\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\steph\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\steph\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\steph\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKCU\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\steph\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\
FF Extension: GreatArcadeHits Add-on - C:\Users\steph\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ []
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Social Privacy\FF\
 
Chrome: 
=======
CHR HomePage: hxxp://www.yahoo.com/
CHR StartupUrls: "hxxp://google.com/"
CHR Extension: (Google Docs) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-20]
CHR Extension: (Google Drive) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-20]
CHR Extension: (YouTube) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-20]
CHR Extension: (Google Search) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-20]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2014-01-01]
CHR Extension: (InvisibleHand) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2014-01-01]
CHR Extension: (Google Wallet) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (Gmail) - C:\Users\steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files (x86)\pandasecuritytb\chrome-newtab-search.crx [2013-11-20]
 
==================== Services (Whitelisted) =================
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-01 14:47 - 2014-05-01 14:47 - 00000000 ____D () C:\Users\steph\Downloads\FRST-OlderVersion
2014-05-01 14:43 - 2014-05-01 14:43 - 00000707 _____ () C:\Users\steph\Desktop\JRT.txt
2014-05-01 14:27 - 2014-05-01 14:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-01 14:26 - 2014-05-01 14:26 - 01016261 _____ (Thisisu) C:\Users\steph\Downloads\JRT.exe
2014-05-01 14:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-01 14:09 - 2014-05-01 14:13 - 00000000 ____D () C:\AdwCleaner
2014-05-01 14:08 - 2014-05-01 14:09 - 01310621 _____ () C:\Users\steph\Downloads\adwcleaner.exe
2014-05-01 10:39 - 2014-05-01 10:39 - 00001886 _____ () C:\Users\steph\Desktop\fixlist.txt
2014-05-01 10:11 - 2014-05-01 10:11 - 00000000 ____D () C:\Users\steph\AppData\Roaming\Mozilla
2014-04-28 16:11 - 2014-04-28 16:11 - 583655120 _____ () C:\Windows\MEMORY.DMP
2014-04-28 16:11 - 2014-04-28 16:11 - 00262144 _____ () C:\Windows\Minidump\042814-17238-01.dmp
2014-04-28 16:11 - 2014-04-28 16:11 - 00000000 ____D () C:\Windows\Minidump
2014-04-28 15:38 - 2014-04-28 15:39 - 04745728 _____ (AVAST Software) C:\Users\steph\Downloads\aswmbr.exe
2014-04-28 15:17 - 2014-04-28 15:18 - 00025945 _____ () C:\Users\steph\Downloads\Addition.txt
2014-04-28 15:15 - 2014-05-01 14:47 - 00014423 _____ () C:\Users\steph\Downloads\FRST.txt
2014-04-28 15:14 - 2014-05-01 14:47 - 00000000 ____D () C:\FRST
2014-04-28 15:13 - 2014-05-01 14:47 - 02062336 _____ (Farbar) C:\Users\steph\Downloads\FRST64.exe
2014-04-26 15:04 - 2014-05-01 14:21 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4010653172-623774165-1176597284-1001.job
2014-04-26 15:04 - 2014-04-26 15:04 - 00003588 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4010653172-623774165-1176597284-1001
2014-04-26 15:04 - 2014-04-26 15:04 - 00002559 _____ () C:\Users\steph\Desktop\GoToMeeting Quick Connect.lnk
2014-04-26 15:03 - 2014-04-26 15:04 - 00000000 ____D () C:\Users\steph\AppData\Local\Citrix
2014-04-26 11:39 - 2014-04-26 11:39 - 00071398 _____ (jpshortstuff) C:\Users\steph\Downloads\GooredFix (1).exe
2014-04-26 11:37 - 2014-04-26 11:39 - 00000000 ____D () C:\Users\steph\Desktop\GooredFix Backups
2014-04-26 11:36 - 2014-04-26 11:36 - 00071398 _____ (jpshortstuff) C:\Users\steph\Downloads\GooredFix.exe
2014-04-25 12:32 - 2014-04-25 12:32 - 00002116 _____ () C:\Users\steph\Downloads\attachment
2014-04-24 12:15 - 2014-04-24 12:28 - 100307736 _____ (Microsoft Corporation) C:\Users\steph\Downloads\msert (2).exe
2014-04-24 12:13 - 2014-04-24 12:13 - 00085075 _____ () C:\Users\steph\Downloads\msert (1).exe
2014-04-24 12:13 - 2014-04-24 12:13 - 00085073 _____ () C:\Users\steph\Downloads\msert.exe
2014-04-24 11:39 - 2014-04-24 11:39 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-24 11:38 - 2014-04-24 11:38 - 00002139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-24 11:35 - 2014-04-24 11:37 - 13829304 _____ (Microsoft Corporation) C:\Users\steph\Downloads\mseinstall.exe
2014-04-24 11:05 - 2014-04-24 11:07 - 00001188 _____ () C:\Users\steph\Desktop\Live PC Help.lnk
2014-04-24 10:46 - 2014-04-24 10:46 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\steph\Downloads\SpyHunter-Installer.exe
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 __SHD () C:\Users\steph\AppData\Local\EmieUserList
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 __SHD () C:\Users\steph\AppData\Local\EmieSiteList
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 ____D () C:\Users\steph\AppData\Roaming\rightbackup
2014-04-24 10:41 - 2014-04-24 10:41 - 05046352 _____ (Systweak Inc ) C:\Users\steph\Downloads\rcp_dcomnew_sec_728.exe
2014-04-16 17:02 - 2014-03-06 03:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-16 17:02 - 2014-03-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-16 17:02 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 17:02 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-16 17:02 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-16 17:02 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-16 17:02 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-16 17:02 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-16 17:02 - 2014-03-06 01:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-16 17:02 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-16 17:02 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-16 17:02 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-16 17:02 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-16 17:02 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-16 17:02 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-16 17:02 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-16 17:02 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-16 17:02 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-16 17:02 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-16 17:02 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-16 17:02 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-16 17:02 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-16 17:02 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-16 17:02 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-16 17:02 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-16 17:02 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-16 17:02 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-16 17:02 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-16 17:02 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-16 17:02 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-16 17:02 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-16 17:02 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-16 17:02 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-16 17:02 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-16 17:02 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-16 17:01 - 2014-03-06 02:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-16 17:01 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-16 17:01 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 17:01 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-16 17:01 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-16 17:01 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-16 17:01 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-16 17:01 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-16 17:01 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-16 17:01 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-16 17:01 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 17:01 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-16 17:01 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 18:03 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 18:03 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 18:03 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 18:03 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 18:03 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 18:02 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 18:02 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 18:02 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 18:02 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 18:02 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 18:02 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 18:02 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 18:02 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 18:02 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 18:02 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 18:02 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 18:02 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 17:56 - 2014-04-09 17:56 - 00467179 _____ () C:\Users\steph\Downloads\sydneys vaccination.htm
2014-04-09 17:56 - 2014-04-09 17:56 - 00000000 ____D () C:\Users\steph\Downloads\sydneys vaccination_files
2014-04-09 17:53 - 2014-04-09 17:53 - 00465114 _____ () C:\Users\steph\Downloads\sydneys rabies.htm
2014-04-09 17:53 - 2014-04-09 17:53 - 00000000 ____D () C:\Users\steph\Downloads\sydneys rabies_files
2014-04-09 17:51 - 2014-04-09 17:52 - 04877865 _____ () C:\Users\steph\Downloads\Attachments_201449.zip
 
==================== One Month Modified Files and Folders =======
 
2014-05-01 14:47 - 2014-05-01 14:47 - 00000000 ____D () C:\Users\steph\Downloads\FRST-OlderVersion
2014-05-01 14:47 - 2014-04-28 15:15 - 00014423 _____ () C:\Users\steph\Downloads\FRST.txt
2014-05-01 14:47 - 2014-04-28 15:14 - 00000000 ____D () C:\FRST
2014-05-01 14:47 - 2014-04-28 15:13 - 02062336 _____ (Farbar) C:\Users\steph\Downloads\FRST64.exe
2014-05-01 14:43 - 2014-05-01 14:43 - 00000707 _____ () C:\Users\steph\Desktop\JRT.txt
2014-05-01 14:31 - 2013-03-04 10:45 - 01576118 _____ () C:\Windows\WindowsUpdate.log
2014-05-01 14:27 - 2014-05-01 14:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-01 14:26 - 2014-05-01 14:26 - 01016261 _____ (Thisisu) C:\Users\steph\Downloads\JRT.exe
2014-05-01 14:22 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-01 14:22 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-01 14:21 - 2014-04-26 15:04 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4010653172-623774165-1176597284-1001.job
2014-05-01 14:16 - 2014-01-01 17:54 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-01 14:16 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-01 14:15 - 2013-03-04 11:01 - 00000000 ___HD () C:\ASUS.DAT
2014-05-01 14:15 - 2009-07-13 22:08 - 00014910 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-01 14:14 - 2013-03-04 10:41 - 00583682 _____ () C:\Windows\PFRO.log
2014-05-01 14:14 - 2009-07-13 21:51 - 00042267 _____ () C:\Windows\setupact.log
2014-05-01 14:13 - 2014-05-01 14:09 - 00000000 ____D () C:\AdwCleaner
2014-05-01 14:09 - 2014-05-01 14:08 - 01310621 _____ () C:\Users\steph\Downloads\adwcleaner.exe
2014-05-01 14:01 - 2014-01-20 18:14 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001UA.job
2014-05-01 14:01 - 2014-01-17 13:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-01 14:01 - 2014-01-01 17:54 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-01 12:33 - 2013-11-20 19:25 - 00000272 _____ () C:\Windows\Tasks\GreatArcadeHits.job
2014-05-01 10:39 - 2014-05-01 10:39 - 00001886 _____ () C:\Users\steph\Desktop\fixlist.txt
2014-05-01 10:24 - 2013-12-31 09:09 - 00000000 ____D () C:\Users\steph\AppData\Roaming\uTorrent
2014-05-01 10:15 - 2014-01-20 18:14 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001Core.job
2014-05-01 10:11 - 2014-05-01 10:11 - 00000000 ____D () C:\Users\steph\AppData\Roaming\Mozilla
2014-04-29 11:22 - 2014-01-01 17:58 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-28 16:11 - 2014-04-28 16:11 - 583655120 _____ () C:\Windows\MEMORY.DMP
2014-04-28 16:11 - 2014-04-28 16:11 - 00262144 _____ () C:\Windows\Minidump\042814-17238-01.dmp
2014-04-28 16:11 - 2014-04-28 16:11 - 00000000 ____D () C:\Windows\Minidump
2014-04-28 15:39 - 2014-04-28 15:38 - 04745728 _____ (AVAST Software) C:\Users\steph\Downloads\aswmbr.exe
2014-04-28 15:18 - 2014-04-28 15:17 - 00025945 _____ () C:\Users\steph\Downloads\Addition.txt
2014-04-26 15:04 - 2014-04-26 15:04 - 00003588 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4010653172-623774165-1176597284-1001
2014-04-26 15:04 - 2014-04-26 15:04 - 00002559 _____ () C:\Users\steph\Desktop\GoToMeeting Quick Connect.lnk
2014-04-26 15:04 - 2014-04-26 15:03 - 00000000 ____D () C:\Users\steph\AppData\Local\Citrix
2014-04-26 11:39 - 2014-04-26 11:39 - 00071398 _____ (jpshortstuff) C:\Users\steph\Downloads\GooredFix (1).exe
2014-04-26 11:39 - 2014-04-26 11:37 - 00000000 ____D () C:\Users\steph\Desktop\GooredFix Backups
2014-04-26 11:36 - 2014-04-26 11:36 - 00071398 _____ (jpshortstuff) C:\Users\steph\Downloads\GooredFix.exe
2014-04-25 12:32 - 2014-04-25 12:32 - 00002116 _____ () C:\Users\steph\Downloads\attachment
2014-04-24 12:28 - 2014-04-24 12:15 - 100307736 _____ (Microsoft Corporation) C:\Users\steph\Downloads\msert (2).exe
2014-04-24 12:13 - 2014-04-24 12:13 - 00085075 _____ () C:\Users\steph\Downloads\msert (1).exe
2014-04-24 12:13 - 2014-04-24 12:13 - 00085073 _____ () C:\Users\steph\Downloads\msert.exe
2014-04-24 11:39 - 2014-04-24 11:39 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-24 11:38 - 2014-04-24 11:38 - 00002139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-24 11:38 - 2014-04-24 11:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-24 11:37 - 2014-04-24 11:35 - 13829304 _____ (Microsoft Corporation) C:\Users\steph\Downloads\mseinstall.exe
2014-04-24 11:31 - 2013-12-31 09:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-24 11:07 - 2014-04-24 11:05 - 00001188 _____ () C:\Users\steph\Desktop\Live PC Help.lnk
2014-04-24 11:04 - 2013-03-04 11:01 - 00002176 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-04-24 10:46 - 2014-04-24 10:46 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\steph\Downloads\SpyHunter-Installer.exe
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 __SHD () C:\Users\steph\AppData\Local\EmieUserList
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 __SHD () C:\Users\steph\AppData\Local\EmieSiteList
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 ____D () C:\Users\steph\AppData\Roaming\rightbackup
2014-04-24 10:41 - 2014-04-24 10:41 - 05046352 _____ (Systweak Inc ) C:\Users\steph\Downloads\rcp_dcomnew_sec_728.exe
2014-04-24 10:36 - 2014-01-31 09:07 - 00000000 ____D () C:\Users\steph\AppData\Roaming\SoftGrid Client
2014-04-20 00:18 - 2014-01-17 13:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-20 00:17 - 2014-01-17 13:49 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-20 00:17 - 2014-01-17 13:49 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-16 20:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-16 13:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 11:06 - 2013-11-21 23:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 11:03 - 2013-11-21 23:25 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 17:56 - 2014-04-09 17:56 - 00467179 _____ () C:\Users\steph\Downloads\sydneys vaccination.htm
2014-04-09 17:56 - 2014-04-09 17:56 - 00000000 ____D () C:\Users\steph\Downloads\sydneys vaccination_files
2014-04-09 17:53 - 2014-04-09 17:53 - 00465114 _____ () C:\Users\steph\Downloads\sydneys rabies.htm
2014-04-09 17:53 - 2014-04-09 17:53 - 00000000 ____D () C:\Users\steph\Downloads\sydneys rabies_files
2014-04-09 17:52 - 2014-04-09 17:51 - 04877865 _____ () C:\Users\steph\Downloads\Attachments_201449.zip
2014-04-06 10:49 - 2014-01-01 17:54 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-06 10:49 - 2014-01-01 17:54 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-05 08:50 - 2014-01-20 18:14 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001UA
2014-04-05 08:50 - 2014-01-20 18:14 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001Core
 
Files to move or delete:
====================
C:\ProgramData\SetWallpaper.exe
 
 
Some content of TEMP:
====================
C:\Users\steph\AppData\Local\Temp\newsetup.exe
C:\Users\steph\AppData\Local\Temp\nsj9449.exe
C:\Users\steph\AppData\Local\Temp\nso99A7.exe
C:\Users\steph\AppData\Local\Temp\nsoCDB2.exe
C:\Users\steph\AppData\Local\Temp\nsyD419.exe
C:\Users\steph\AppData\Local\Temp\Quarantine.exe
C:\Users\steph\AppData\Local\Temp\SHSetup.exe
C:\Users\steph\AppData\Local\Temp\SPSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-16 13:17
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05-2014 02
Ran by steph at 2014-05-01 14:48:15
Running from C:\Users\steph\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.16 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.3.585 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 6.2.0.1350 (HKCU\...\GoToMeeting) (Version: 6.2.0.1350 - CitrixOnline)
GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
Social Privacy (HKLM-x32\...\[email protected]) (Version:  - )
Social Privacy DNS (HKLM-x32\...\dnsshield) (Version:  - )
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
 
==================== Restore Points  =========================
 
24-04-2014 18:17:23 Windows Update
27-04-2014 18:23:00 Windows Update
01-05-2014 17:16:36 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0E32453E-00FD-4829-BFD6-A8F883E25DDA} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {54907FDB-6F07-4FAE-A60C-1ED04AB5A911} - System32\Tasks\GreatArcadeHits => C:\Users\steph\AppData\Local\GreatArcadeHits\GAHUpdate.exe [2014-01-30] () <==== ATTENTION
Task: {802CF01F-1A70-43C5-B82A-DBEB9FAE728C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.)
Task: {80E17AFA-0336-4495-9109-219B1017A4E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-20] (Adobe Systems Incorporated)
Task: {93176498-1603-4697-86CA-AF000A82599F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {AB642FBE-89F7-4016-B617-9164EB75E789} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.)
Task: {B3E3222F-73D7-4C58-BE5E-69F28C611A07} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)
Task: {BA34E45F-6110-4011-80A5-4BC6DC710FB7} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {C2104414-7BA7-4373-BD5C-D79DFC824F9D} - System32\Tasks\G2MUpdateTask-S-1-5-21-4010653172-623774165-1176597284-1001 => C:\Users\steph\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-04-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EAD64A78-6C7C-4893-80D7-A2A2E5282906} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001UA => C:\Users\steph\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {FEEE2E63-9648-4CF6-A71D-3DC7283A741A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001Core => C:\Users\steph\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4010653172-623774165-1176597284-1001.job => C:\Users\steph\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001Core.job => C:\Users\steph\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4010653172-623774165-1176597284-1001UA.job => C:\Users\steph\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GreatArcadeHits.job => C:\Users\steph\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2012-10-15 15:39 - 2011-05-05 05:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2012-10-15 15:39 - 2011-09-15 20:35 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-28 22:14 - 2013-11-28 22:14 - 00214016 _____ () C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe
2007-07-12 11:11 - 2007-07-12 11:11 - 01163264 _____ () C:\Program Files (x86)\Asus\Wireless Console 3\acAuth.dll
2009-11-02 15:20 - 2009-11-02 15:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 15:23 - 2009-11-02 15:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-04-29 11:22 - 2014-04-23 17:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-29 11:22 - 2014-04-23 17:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-29 11:22 - 2014-04-23 17:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-29 11:22 - 2014-04-23 17:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-29 11:22 - 2014-04-23 17:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-29 11:22 - 2014-04-23 17:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-29 11:22 - 2014-04-23 17:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 40%
Total physical RAM: 4000.13 MB
Available physical RAM: 2387.2 MB
Total Pagefile: 7998.43 MB
Available Pagefile: 6060.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:295.67 GB) (Free:202.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:145.09 GB) (Free:144.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: EF790277)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=296 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=145 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
 
 
 
I can't find the adwcleaner log

  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

Please re-read and re-run Step 2: Fix with Farbar's Recovery Scan tool. What you've done is posted the contents of the fix.

The AdwCleaner log is located here: This report is also saved at C:\AdwCleaner[R0].txt :thumbsup:

Things I need to see in your next post

Fixlog.txt

AdwCleaner Log

  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP