Can anyone help me with this REPLICATING VIRUS?

August 2, 2013 at 02:15:19
Specs: Windows 8
I also have the same problem. I am using windows 8. Here are the logs that came up after I ran the DDS. Please help. Thanks

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 12/5/2012 2:40:32 AM
System Uptime: 8/1/2013 10:14:59 PM (19 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | K55VD
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz | SOCKET 0 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 0.001 GiB free.
D: is FIXED (NTFS) - 394 GiB total, 116.566 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 932 GiB total, 764.43 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: USB\VID_13D3&PID_3362\ALASKA_DAY_2006
Manufacturer:
Name:
PNP Device ID: USB\VID_13D3&PID_3362\ALASKA_DAY_2006
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
µTorrent
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.7) MUI
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Assassin's Creed ® III
ASUS AI Recovery
ASUS FaceLogon
ASUS Instant Connect
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS Virtual Touch
ASUS WebStorage
ASUSDVD
AsusVibe2.0
ATK Package
AutoCAD 2013 - English
AutoCAD 2013 Language Pack - English
Autodesk Content Service
Autodesk Content Service Language Pack
Autodesk Design Review 2013
Autodesk Inventor Fusion 2013
Autodesk Inventor Fusion plug-in for AutoCAD 2013
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013
Autodesk Material Library 2013
Autodesk Material Library Base Resolution Image Library 2013
Autodesk Sync
Battle Realms
Bing Bar
BlueStacks Notification Center
Bonjour
Bubbletown
Call of Duty Black Ops II
Combined Community Codec Pack 2012-12-30
Company of Heroes 2
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Crysis® 2
Crysis® 3
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
D3DX10
DAEMON Tools Lite
Dead Island Riptide 1.1.0
Dead Space™ 3
Deadtime Stories
DefaultTab
Dishonored
Dream Day First Home
Dream Vacation Solitaire
EVGA Precision X 4.0.0
Facebook Video Calling 1.2.0.287
Far Cry 3
Farm Frenzy 3 - Madagascar
FARO LS 1.1.406.58
FIFA 13 Crack
Front Mission Evolved
Galapago
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Game Park Console
Garena - Heroes of Newerth
Garena Plus
Go Go Gourmet Chef of the Year
Google Chrome
Google Update Helper
Grand Theft Auto IV
Hitman Absolution
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
Mahjong Memoirs
Mass Effect 3
Mesh Runtime
Metro: Last Light (c) Deep Silver version 1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
myBitCast 1.0.0.3
NBA 2K13
NBA 2K13 Crack
Need for Speed™ Carbon
NVIDIA Control Panel 326.19
NVIDIA GeForce Experience 1.6
NVIDIA Graphics Driver 326.19
NVIDIA Install Application
NVIDIA Optimus 7.2.17
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Update 7.2.17
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.1
OpenAL
Plants vs Zombies
PunkBuster Services
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros Client Installation Program
Qualcomm Atheros WiFi Driver Installation
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
SceneSwitch
Secure Download Manager
SHIELD Streaming
Silent Hill Homecoming
Skype Click to Call
Skype™ 6.5
Sniper: Ghost Warrior 2
Spec Ops The Line
SpeedFan (remove only)
Star Wars: The Force Unleashed 2
Steam
System Requirements Lab CYRI
The Sims™ 3
Titanium Internet Security
Tom Clancy's H.A.W.X. 2
Tomb Raider
Trend Micro Titanium
Turbo Fiesta
Uplay
uTorrentControl_v2 Toolbar
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
Viber
VirtualDJ Home FREE
VLC media player 2.0.5
WebCake 3.00
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR 4.20 (32-bit)
WinRAR 4.20 (64-bit)
Wireless Console 3
World of Goo
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
8/2/2013 3:02:27 AM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
8/1/2013 8:48:04 PM, Error: Service Control Manager [7022] - The Intel(R) Management and Security Application User Notification Service service hung on starting.
8/1/2013 10:18:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Trend Micro Solution Platform service to connect.
8/1/2013 10:18:18 PM, Error: Service Control Manager [7000] - The Trend Micro Solution Platform service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/1/2013 10:17:26 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with the following service-specific error: There are no more endpoints available from the endpoint mapper.
8/1/2013 10:17:20 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
8/1/2013 10:16:25 PM, Error: Service Control Manager [7000] - The Globe Tattoo Broadband. OUC service failed to start due to the following error: The system cannot find the file specified.
8/1/2013 10:14:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache3.0.0.0 service.
7/31/2013 10:12:32 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
7/30/2013 8:26:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
7/30/2013 8:26:40 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

AND THIS IS THE OTHER===============


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453 BrowserJavaVersion: 10.25.2
Run by john edmund at 17:07:11 on 2013-08-02
Microsoft Windows 8 Pro 6.2.9200.0.1252.63.1033.18.3982.1259 [GMT 8:00]
.
AV: Titanium Internet Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Titanium Internet Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\SysWOW64\rundll32.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\WINDOWS\system32\dashost.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\john edmund\AppData\Local\Akamai\netsession_win.exe
D:\uTorrent.exe
C:\Users\john edmund\AppData\Roaming\WebCake\WebCakeDesktop.exe
D:\STEAM\Steam.exe
C:\Users\john edmund\AppData\Local\Akamai\netsession_win.exe
C:\WINDOWS\SysWOW64\WScript.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\AdminService.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\BlueStacks\HD-Frontend.exe
C:\Program Files (x86)\BlueStacks\HD-Service.exe
C:\Program Files (x86)\BlueStacks\HD-Network.exe
C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\CCleaner64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=E0945E85DE320805
uDefault_Page_URL = hxxp://asus.msn.com
uProxyOverride = <local>;*.local
uURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - LocalServer32 - <no file>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - LocalServer32 - <no file>
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Akamai NetSession Interface] "C:\Users\john edmund\AppData\Local\Akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
uRun: [uTorrent] "D:\uTorrent.exe" /MINIMIZED
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Viber] "C:\Users\john edmund\AppData\Local\Viber\Viber.exe" StartMinimized
uRun: [WebCake Desktop] "C:\Users\john edmund\AppData\Roaming\WebCake\WebCakeDesktop.exe"
uRun: [Steam] "D:\STEAM\Steam.exe" -silent
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe] C:\ProgramData\Adobe\97C3E8D.vbe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
StartupFolder: C:\Users\john edmund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: HideSCAHealth = dword:1
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 121.1.3.81 121.1.3.16 121.1.3.66
TCP: Interfaces\{201133BC-8A28-40D4-971F-FCF0C071A237} : DHCPNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
TCP: Interfaces\{4DD3553D-20B8-4533-9519-84E946BA014C}\05C44445D4974435C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4DD3553D-20B8-4533-9519-84E946BA014C}\24F4747435 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4DD3553D-20B8-4533-9519-84E946BA014C}\44D4050545F425255435 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4DD3553D-20B8-4533-9519-84E946BA014C}\6796275737030373 : DHCPNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
TCP: Interfaces\{4DD3553D-20B8-4533-9519-84E946BA014C}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4DD3553D-20B8-4533-9519-84E946BA014C}\D4140555140264275656027596D26696 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{4DD3553D-20B8-4533-9519-84E946BA014C}\F40756E6752747 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\WINDOWS\SysWOW64\nvinit.dll, C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://asus.msn.com
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-mPolicies-Explorer: HideSCAHealth = dword:1
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\
FF - prefs.js: browser.search.selectedEngine - Search Here
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\john edmund\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll
FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll
FF - plugin: D:\Mozilla Plugins\npitunes.dll
FF - plugin: D:\Tom Clancys HAWX 2\orbitlauncher\npuplaypc.dll
FF - plugin: D:\Tom Clancys HAWX 2\orbitlauncher\npuplaypchub.dll
FF - plugin: D:\VLC\npvlc.dll
FF - ExtSQL: 2013-06-23 23:47; torntv2@torntv.com; C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\extensions\torntv2@torntv.com.xpi
FF - ExtSQL: 2013-06-23 23:48; plugin@getwebcake.com; C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\extensions\plugin@getwebcake.com
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.webcake.installId - 095bfc2a-34c6-47ff-863d-35d78f8b2b24
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - e094a2d20000000000005e85de320805
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15879
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.523:48:39
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119776
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\Drivers\nvpciflt.sys [2013-7-19 30496]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-8 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\System32\Drivers\dtsoftbus01.sys [2012-12-4 283200]
R1 tmevtmgr;tmevtmgr;C:\WINDOWS\System32\Drivers\tmevtmgr.sys [2012-3-10 77184]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\Drivers\aswFsBlk.sys [2012-11-27 25232]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\Drivers\aswMonFlt.sys [2012-11-27 71064]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]
R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-7-4 393032]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-7-4 70984]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-7-4 384840]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-3-17 107520]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-1-22 2451456]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-7-31 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-7-31 161560]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-1 14984480]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-31 363800]
R2 WebCake Desktop Updater;WebCake Desktop Updater;C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [2013-6-23 23552]
R3 AiCharger;ASUS Charger Driver;C:\WINDOWS\System32\Drivers\AiCharger.sys [2012-7-31 17152]
R3 ATP;ASUS PS/2 Port Input Device;C:\WINDOWS\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 huawei_enumerator;huawei_enumerator;C:\WINDOWS\System32\Drivers\ew_jubusenum.sys [2013-4-7 87040]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\Drivers\nvvad64v.sys [2013-8-1 39712]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\WINDOWS\System32\Drivers\RtsBaStor.sys [2013-1-22 295056]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 Sftfs;Sftfs;C:\WINDOWS\System32\Drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\WINDOWS\System32\Drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\WINDOWS\System32\Drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\WINDOWS\System32\Drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R4 AtherosSvc;AtherosSvc;C:\WINDOWS\System32\AdminService.exe [2012-8-29 208384]
S1 aswSnx;aswSnx;C:\WINDOWS\System32\Drivers\aswSnx.sys [2012-11-27 958400]
S1 aswSP;aswSP;C:\WINDOWS\System32\Drivers\aswSP.sys [2012-11-27 355856]
S1 HssDRV6;Hotspot Shield Routing Driver 6;C:\WINDOWS\System32\Drivers\hssdrv6.sys [2012-11-15 42248]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-3-10 275912]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-2-11 572928]
S2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;D:\Globe Tattoo Broadband\UpdateDog\ouc.exe --> D:\Globe Tattoo Broadband\UpdateDog\ouc.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 BtFilter;BtFilter;C:\WINDOWS\System32\Drivers\btfilter.sys [2012-8-29 565760]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\WINDOWS\System32\Drivers\btmaux.sys [2012-8-27 121728]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-1-22 21712]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\WINDOWS\System32\Drivers\ewusbwwan.sys [2013-4-7 421888]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-1-28 1432400]
S3 fssfltr;fssfltr;C:\WINDOWS\System32\Drivers\fssfltr.sys [2012-3-10 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2012-10-26 342528]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\WINDOWS\System32\Drivers\iusb3hub.sys [2012-5-25 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\WINDOWS\System32\Drivers\iusb3xhc.sys [2012-5-25 787736]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S3 WUDFWpdComp;WUDFWpdComp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\WINDOWS\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-08-01 14:14:34 0 ----a-w- C:\WINDOWS\SysWow64\sho8D0B.tmp
2013-08-01 13:09:11 -------- d-----w- C:\NvidiaLogging
2013-08-01 13:07:57 39712 ----a-w- C:\WINDOWS\System32\drivers\nvvad64v.sys
2013-08-01 13:07:57 29984 ----a-w- C:\WINDOWS\System32\nvaudcap64v.dll
2013-08-01 13:07:57 28448 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
2013-08-01 01:10:14 262832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin
2013-07-27 14:16:23 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-07-23 09:53:14 -------- d-----w- C:\Users\john edmund\AppData\Local\EA Games
2013-07-23 07:10:43 -------- d-----w- C:\ProgramData\Origin
2013-07-22 23:22:29 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2013-07-18 23:03:11 -------- d-----w- C:\WINDOWS\SysWow64\NV
2013-07-18 23:03:11 -------- d-----w- C:\WINDOWS\System32\NV
2013-07-16 16:44:40 -------- d-----w- C:\Program Files (x86)\BlueStacks
2013-07-16 16:44:22 -------- d-----w- C:\ProgramData\BlueStacksSetup
2013-07-16 16:44:21 -------- d-----w- C:\ProgramData\BlueStacks
2013-07-12 06:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 06:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-09 15:08:21 53248 ----a-r- C:\Users\john edmund\AppData\Roaming\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F522ED7EA612_4117_B86D_78467DE01E30.exe
.
==================== Find3M ====================
.
2013-07-18 10:46:26 281688 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.xtr
2013-07-18 10:46:26 281688 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.exe
2013-07-13 19:49:00 6598432 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2013-07-13 19:49:00 3447072 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2013-07-13 19:48:57 911136 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2013-07-13 19:48:57 67072 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
2013-07-13 19:48:57 63776 ----a-w- C:\WINDOWS\System32\nvshext.dll
2013-07-13 19:48:57 2559776 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2013-07-13 19:48:57 219424 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2013-07-13 19:48:57 1042208 ----a-w- C:\WINDOWS\System32\nv3dappshext.dll
2013-07-13 19:48:55 3274475 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2013-07-09 03:47:12 281688 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.ex0
2013-07-03 02:23:33 96168 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2013-07-03 02:23:32 867240 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll
2013-07-03 02:23:32 789416 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2013-06-21 17:11:43 76888 ----a-w- C:\WINDOWS\SysWow64\PnkBstrA.exe
2013-05-12 21:42:27 1832224 ----a-w- C:\WINDOWS\System32\nvdispco6432018.dll
2013-05-12 21:42:27 1511712 ----a-w- C:\WINDOWS\System32\nvdispgenco6432018.dll
2013-05-09 02:47:13 0 ----a-w- C:\WINDOWS\SysWow64\sho65C9.tmp
.
============= FINISH: 17:07:40.92 ===============


PS: I hope you can help me with this. i will greatly appreciate it. Thank you


See More: Can anyone help me with this REPLICATING VIRUS?

Report •


#1
August 2, 2013 at 04:26:53
First thing, I'm a little surprised you posted a log before having one requested, especially because it recommends not posting it unless requested. Secondarily I agree with part of the above I see at least three semi malicious toolbars. If I am reading things right you may have too many anti virus programs running which may have been where the virus snuck in.

Malwarebytes might be easier to remove the toolbars
http://www.malwarebytes.org/product...

What was the detection for the virus that caused you to know something was wrong?

edit: I see there are multiple posts looking there now

:: mike


Report •

#2
August 2, 2013 at 06:10:51
As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.
Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These we then, have to repair.

If any program won't run ( due to the infection ) let me know.

Copy and Paste the contents of the log/logs after running each program mentioned above in the previous posts.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

2: Reboot

3: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

4: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. http://www.bleepingcomputer.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

5: Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#3
August 2, 2013 at 06:18:17
Oh I posted the log just in case someone needs me to post it. By the way I only have Trend Micro before I got this virus and then I noticed that something was wrong because my hard drive is getting low on space for no reason so I installed CCcleaner and while running Drive Wipe I saw the folder on my drive that contains the "Z..ZZZ..ZZZZ.ZZZ" thing which they say is the replicating virus. I am scanning with malwarebytes now

Report •

Related Solutions

#4
August 2, 2013 at 06:24:16
This is the log from Malwarebytes

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.04

Windows 8 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16466
john edmund :: JOHNEDMUND-PC [administrator]

Protection: Disabled

8/2/2013 8:00:09 PM
MALWAREBYTES LOG.txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 475765
Time elapsed: 1 hour(s), 9 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 23
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> No action taken.
HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} (PUP.WebCake) -> No action taken.
HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} (PUP.WebCake) -> No action taken.
HKCR\WebCakeIEClient.Layers.1 (PUP.WebCake) -> No action taken.
HKCR\WebCakeIEClient.Layers (PUP.WebCake) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater (PUP.WebCake) -> No action taken.
HKCR\WebCakeIEClient.Api (PUP.WebCake) -> No action taken.
HKCR\WebCakeIEClient.Api.1 (PUP.WebCake) -> No action taken.
HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabSearch (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (PUP.WebCake) -> Data: "C:\Users\john edmund\AppData\Roaming\WebCake\WebCakeDesktop.exe" -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 12
C:\Users\john edmund\AppData\Roaming\WebCake (PUP.WebCake) -> No action taken.
C:\Users\john edmund\AppData\Roaming\WebCake\dat (PUP.WebCake) -> No action taken.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\update (PUP.WebCake) -> No action taken.
C:\Program Files (x86)\WebCake (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> No action taken.
C:\Users\john edmund\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\john edmund\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\john edmund\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> No action taken.

Files Detected: 42
C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\john edmund\AppData\Local\Temp\IXP000.TMP\downloader1.exe (Adware.MediaTube) -> No action taken.
C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\john edmund\Downloads\Assassin's_Creed-_Brotherhood_(2011)_PC.exe (PUP.BundleInstaller.DW) -> No action taken.
C:\Users\john edmund\Downloads\counterstrikesourcecsbeirut2zip_downloader_by_OneOnlineGames.exe (PUP.Optional.Somoto) -> No action taken.
C:\Users\john edmund\Downloads\SoftonicDownloader_for_skype.exe (PUP.Optional.Softonic) -> No action taken.
C:\Users\john edmund\Downloads\SoftonicDownloader_for_speedfan.exe (PUP.Optional.Softonic) -> No action taken.
C:\Users\john edmund\Downloads\Unconfirmed 523176.crdownload (Malware.Gen.SKR) -> No action taken.
C:\Users\john edmund\AppData\Roaming\WebCake\PlugIns.cache (PUP.WebCake) -> No action taken.
C:\Users\john edmund\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> No action taken.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\Desktop.OS.dll (PUP.WebCake) -> No action taken.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\Dora.dat (PUP.WebCake) -> No action taken.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\Maintain.dat (PUP.WebCake) -> No action taken.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\Paladin.dat (PUP.WebCake) -> No action taken.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\Phoenix.dat (PUP.WebCake) -> No action taken.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\sqlite3.dll (PUP.WebCake) -> No action taken.
C:\Program Files (x86)\WebCake\WebCakeLayers.crx (PUP.WebCake) -> No action taken.
C:\Program Files (x86)\WebCake\OptChrome.exe (PUP.WebCake) -> No action taken.
C:\Program Files (x86)\WebCake\sqlite3.exe (PUP.WebCake) -> No action taken.
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> No action taken.
C:\Users\john edmund\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\john edmund\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\john edmund\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\john edmund\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\john edmund\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\john edmund\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> No action taken.

(end)


Report •

#5
August 2, 2013 at 06:27:07
Are you staying with us for a while? if so I will hang around, to look at your logs.

Let me look at the logs, before you run ESET please.

message edited by Johnw


Report •

#6
August 2, 2013 at 06:29:19
Your MBAM log indicates "No action taken." That's usually a result of NOT clicking the Remove Selected button after the scan.

Click Remove Selected button after the scan, please.


Report •

#7
August 2, 2013 at 06:39:48
yeah I copied the log before I clicked remove the selected items so I think you will not see it there

Report •

#8
August 2, 2013 at 06:43:05
After I removed the malicious softwares and rebooted my system, I checked my hard drive and it still didn't free any space. I only got 12.6MB of space left in my drive C which is my main drive

Report •

#9
August 2, 2013 at 06:46:00
Reply to #6 please.

Where are you?
I'm here, been up since 5am.
http://www.timeanddate.com/worldclo...


Report •

#10
August 2, 2013 at 06:46:13
This is the log after I removed the malicious files

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.04

Windows 8 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16466
john edmund :: JOHNEDMUND-PC [administrator]

Protection: Disabled

8/2/2013 8:00:09 PM
mbam-log-2013-08-02 (20-00-09).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 475765
Time elapsed: 1 hour(s), 9 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 23
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\WebCakeIEClient.Layers.1 (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\WebCakeIEClient.Layers (PUP.WebCake) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\WebCakeIEClient.Api (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\WebCakeIEClient.Api.1 (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabSearch (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (PUP.WebCake) -> Data: "C:\Users\john edmund\AppData\Roaming\WebCake\WebCakeDesktop.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 12
C:\Users\john edmund\AppData\Roaming\WebCake (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\WebCake\dat (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\update (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebCake (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.

Files Detected: 42
C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Local\Temp\IXP000.TMP\downloader1.exe (Adware.MediaTube) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\john edmund\Downloads\Assassin's_Creed-_Brotherhood_(2011)_PC.exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\Users\john edmund\Downloads\counterstrikesourcecsbeirut2zip_downloader_by_OneOnlineGames.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\john edmund\Downloads\SoftonicDownloader_for_skype.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\john edmund\Downloads\SoftonicDownloader_for_speedfan.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\john edmund\Downloads\Unconfirmed 523176.crdownload (Malware.Gen.SKR) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\WebCake\PlugIns.cache (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\Desktop.OS.dll (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\Dora.dat (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\Maintain.dat (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\Paladin.dat (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\Phoenix.dat (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\WebCake\dat\sqlite3.dll (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebCake\WebCakeLayers.crx (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebCake\OptChrome.exe (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebCake\sqlite3.exe (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\john edmund\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.

(end)


Report •

#11
August 2, 2013 at 06:48:05
" I only got 12.6MB of space left in my drive C which is my main drive"
My post #3
"As we dismantle the infection bit by bit"


Report •

#12
August 2, 2013 at 06:48:33
Yes I will stay. I really need this solved. Thank you for helping. Really appreciate it

Report •

#13
August 2, 2013 at 06:49:39
"This is the log after I removed the malicious files"
Yep, now they are gone, waiting now on 2 more logs.

EDIT: 3 more logs.

message edited by Johnw


Report •

#14
August 2, 2013 at 06:52:14
Okay what do you mean 2 more logs?

Report •

#15
August 2, 2013 at 06:53:26
Refer my post #3

Report •

#16
August 2, 2013 at 06:54:36
Okay just a moment

Report •

#17
August 2, 2013 at 07:06:43
This is the log of the Unhide. I'm rebooting my system now

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 08/02/2013 09:55:55 PM
Windows Version: Windows 8

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 294852 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 146275 files processed.

Processing the G:\ drive
Finished processing the G:\ drive. 593 files processed.

Processing the Q:\ drive
Finished processing the Q:\ drive. 0 files processed.

The C:\Users\JOHNED~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoActiveDesktopChanges policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Program finished at: 08/02/2013 10:05:08 PM
Execution time: 0 hours(s), 9 minute(s), and 12 seconds(s)


Report •

#18
August 2, 2013 at 07:20:01
This is the log of the ADWCLEANER

# AdwCleaner v2.306 - Logfile created 08/02/2013 at 22:12:27
# Updated 19/07/2013 by Xplode
# Operating system : Windows 8 Pro (64 bits)
# User : john edmund - JOHNEDMUND-PC
# Boot Mode : Normal
# Running from : C:\Users\john edmund\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\ProgramData\eSafe
Deleted on reboot : C:\Users\john edmund\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\extensions\addon@defaulttab.com.xpi
File Deleted : C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\searchplugins\delta.xml
File Deleted : C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\searchplugins\search-here.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Program Files (x86)\uTorrentControl_v2
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\john edmund\AppData\Local\Conduit
Folder Deleted : C:\Users\john edmund\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Users\john edmund\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\john edmund\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\john edmund\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\john edmund\AppData\LocalLow\Hotspot_Shield
Folder Deleted : C:\Users\john edmund\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\john edmund\AppData\LocalLow\uTorrentControl_v2
Folder Deleted : C:\Users\john edmund\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\john edmund\AppData\Roaming\eDownload
Folder Deleted : C:\Users\john edmund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\extensions\plugin@getwebcake.com
Folder Deleted : C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\jetpack
Folder Deleted : C:\Users\john edmund\AppData\Roaming\OpenCandy
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\WINDOWS\SysWOW64\Hotspot Shield

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\Hotspot_Shield
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\Hotspot_Shield
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DE545F9-AB30-4FDD-B1E1-4E42B3576C34}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E5793D4-2004-4EA8-8A0C-2118CC1E328B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C539022C-EBDD-4A3C-8D52-2ED2C66A64B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF7469EE-6DC7-44DD-A716-EF7A44D3AC8F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16453

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=E0945E85DE320805 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\prefs.js

C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\user.js ... Deleted !

Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "e094a2d20000000000005e85de320805");
Deleted : user_pref("extensions.delta.instlDay", "15879");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.523:48:39");
Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Deleted : user_pref("extensions.delta_i.babExt", "");
Deleted : user_pref("extensions.delta_i.babTrack", "affID=119776");
Deleted : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v28.0.1500.72

File : C:\Users\john edmund\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2410] : homepage = "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=E0945E85DE320805",

*************************

AdwCleaner[S1].txt - [14242 octets] - [02/08/2013 22:12:27]

########## EOF - C:\AdwCleaner[S1].txt - [14303 octets] ##########


Report •

#19
August 2, 2013 at 07:24:12
I will run junkware removal noww

Report •

#20
August 2, 2013 at 07:31:18
This is the log from the Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.0 (08.02.2013:1)
OS: Windows 8 Pro x64
Ran by john edmund on Fri 08/02/2013 at 22:24:28.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Successfully deleted: [Registry] HKEY_LOCAL_MACHINE\Software\isafe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BE532F3-D983-4362-9807-E3263C83243A}

~~~ Files

Successfully deleted: [File] C:\WINDOWS\syswow64\sho1C46.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\sho3702.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\sho38EC.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\sho4DDF.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\sho5090.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\sho56A7.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\sho60F8.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\sho65C9.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\sho8A79.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\sho8D0B.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\sho9014.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\shoC5F5.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\shoCB09.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\shoCC43.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\shoDEF5.tmp
Successfully deleted: [File] C:\WINDOWS\syswow64\shoF342.tmp

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\Users\john edmund\AppData\Roaming\isafe"
Successfully deleted: [Folder] "C:\Users\john edmund\AppData\Roaming\uniblue\speedupmypc"
Successfully deleted: [Folder] "C:\Program Files (x86)\isafe"
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{027D7983-F0A3-4FCE-A00A-A26E131D773F}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{06BF9B20-BB4B-45A2-8569-11688F588E39}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{2C553B70-7F65-460C-9832-C5F6329E66D8}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{2FB5D64B-B531-4C7F-81F6-50D3CB4EE47A}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{3D0CFC29-DAF7-4825-A791-BCE5469D27B6}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{3E7FC925-05C3-437A-8B55-094FDA82B749}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{476BF18B-BDC5-4D32-BA49-63CBF799C383}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{7D2BFEC2-782C-4E88-BB20-992B01138961}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{8609611C-158D-4712-BD12-3C8BF74C408C}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{92870716-7A5F-468F-940E-EAB5EB24EF92}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{9EFB5090-AD75-4E0A-A2B9-2D1C836BB5F6}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{A823141D-3489-4DFC-B43A-03CD0DAB66EF}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{B260D37E-67D1-4194-8AE8-56EC04B44AF4}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{B4DCF7A8-E549-4335-8650-B2299DE87194}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{CDF1BB47-B845-4A2F-B70F-AB8FD9A0647E}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{D3091315-17B4-4AC7-A609-5528FA8C2B7E}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{DC687C09-59E7-4DFA-8310-2F07EED4FA43}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{DD9AA97F-80CA-4C4E-B8E1-4594DBA2C592}
Successfully deleted: [Empty Folder] C:\Users\john edmund\appdata\local\{F63B76C1-8EA8-41C4-B4F1-67E47D4E82A8}
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"

~~~ FireFox

Successfully deleted: [File] C:\Users\john edmund\AppData\Roaming\mozilla\firefox\profiles\eu8al5sl.default\invalidprefs.js

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/02/2013 at 22:29:43.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#21
August 2, 2013 at 07:34:12
I have W8, but it is on a spare HD, eventually I will start using it more. I think these instructions apply.
Lets start to get some of your HD space back for you.
Do you have programs that need Java? This is one of the most infiltrated programs around. Go into Control Panel & remove. Even if you find a program that squarks & you really want that program, you can reinstall Java. Most programs are available free of Java. If you do have a program squark, let me know at a later date.

Run TFC
http://www.geekstogo.com/forum/file...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...

After finishing the above, let me know your HD space please.

Then run this.

Please download Farbar Recovery Scan Tool and save it to your desktop.
http://www.bleepingcomputer.com/dow...
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste the contents into your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste the contents into your reply.

message edited by Johnw


Report •

#22
August 2, 2013 at 07:34:35
Should I run ESET Online Scanner now?

Report •

#23
August 2, 2013 at 07:36:58
"Should I run ESET Online Scanner now?"
Not yet.

Report •

#24
August 2, 2013 at 07:46:20
Here is where you uninstall Java.

Add or Remove Programs in Windows 8
http://www.dummies.com/how-to/conte...


Report •

#25
August 2, 2013 at 07:53:10
Okay I uninstalled Java and ran the TFC now and I'm rebooting to run the Wise Disk Cleaner next

Report •

#26
August 2, 2013 at 08:08:04
Okaw now I have 3.58GB space on my drive C. I gonna run the Farbar Recovery Scan Tool now

Report •

#27
August 2, 2013 at 08:16:43
This is the first half of the log from Farbar Recovery Scan (FRST) since I cannot post the whole thing because it's too long and the site won't allow me

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by john edmund (administrator) on 02-08-2013 23:10:32
Running from C:\Users\john edmund\Desktop
Windows 8 Pro (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\windows\system32\inetsrv\w3wp.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Atheros Commnucations) C:\WINDOWS\system32\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) D:\Malwarebytes' Anti-Malware\mbamgui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\john edmund\AppData\Local\Akamai\netsession_win.exe
(BitTorrent Inc.) D:\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) D:\STEAM\Steam.exe
(Akamai Technologies, Inc.) C:\Users\john edmund\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\WScript.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2012-02-27] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1304296 2012-12-18] (Trend Micro Inc.)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\john edmund\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [GarenaPlus] - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9655088 2013-03-13] ()
HKCU\...\Run: [uTorrent] - D:\uTorrent.exe [802136 2013-05-02] (BitTorrent Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [Viber] - C:\Users\john edmund\AppData\Local\Viber\Viber.exe [906240 2013-05-09] ()
HKCU\...\Run: [Steam] - D:\STEAM\Steam.exe [1807272 2013-07-27] (Valve Corporation)
MountPoints2: {40f7e6af-9f3e-11e2-bee9-3085a91dade1} - "G:\AutoRun.exe"
MountPoints2: {40f7e70e-9f3e-11e2-bee9-001e101fbc29} - "G:\AutoRun.exe"
MountPoints2: {f04e289d-7267-11e2-beb9-3085a91dade1} - "G:\AutoRun.exe"
MountPoints2: {f04e2a6d-7267-11e2-beb9-3085a91dade1} - "G:\AutoRun.exe"
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe] - C:\ProgramData\Adobe\97C3E8D.vbe [7642 2012-12-13] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [iTunesHelper] - D:\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-07-04] (BlueStack Systems, Inc.)
AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll, C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll C:\Windows\system32\nvinitx.dll,C:\WINDOWS\system32\nvinitx.dll, C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll, C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] ()
Startup: C:\Users\john edmund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {13718A0B-8F48-44D0-9BD2-9E5FA5B2F727} URL = http://ph.search.yahoo.com/search?p...
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 121.1.3.81 121.1.3.16 121.1.3.66

FireFox:
========
FF ProfilePath: C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default
FF SelectedSearchEngine: Search Here
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\john edmund\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: ubisoft.com/uplaypc - D:\Tom Clancys HAWX 2\orbitlauncher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\searchplugins\bingp.xml
FF Extension: torntv2 - C:\Users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\Extensions\torntv2@torntv.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com.ph/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\john edmund\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Garena Talk Plugin) - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\john edmund\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (iTunes Application Detector) - D:\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (VLC Web Plugin) - D:\VLC\npvlc.dll (VideoLAN)
CHR Extension: (Google Docs) - C:\Users\JOHNED~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\JOHNED~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\JOHNED~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\JOHNED~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AlienWare: Blue By JpakMedia) - C:\Users\JOHNED~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddphmblnmebemcnojifhaeaflpjjkhh\1.0_0
CHR Extension: (Skype Click to Call) - C:\Users\JOHNED~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0
CHR Extension: (Gmail) - C:\Users\JOHNED~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R4 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-07-04] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-07-04] (BlueStack Systems, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-17] (Intel Corporation)
R2 MBAMScheduler; D:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; D:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-06-22] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]
S2 Globe Tattoo Broadband. RunOuc; D:\Globe Tattoo Broadband\UpdateDog\ouc.exe [x]
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWow64\DRIVERS\AiCharger.sys [17152 2012-03-01] (ASUSTek Computer Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71064 2012-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-04] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-04] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-04] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-04] (AVAST Software)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-07-04] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-07-04] (BlueStack Systems)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-05] (DT Soft Ltd)
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [42248 2012-11-15] (AnchorFree Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39712 2013-05-15] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [107048 2012-09-24] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173504 2012-09-24] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2012-09-24] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-09-30] (Trend Micro Inc.)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [x]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [x]
U3 idsvc;
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-02 23:00 - 2013-08-02 23:02 - 00000000 ____D C:\Users\john edmund\AppData\Roaming\Wise Disk Cleaner
2013-08-02 22:58 - 2013-08-02 22:59 - 00001210 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2013-08-02 22:58 - 2013-08-02 22:58 - 00000000 ____D C:\Program Files (x86)\Wise
2013-08-02 22:57 - 2013-08-02 23:05 - 00003316 _____ C:\WINDOWS\System32\Tasks\gg_uac_daemon_john edmund
2013-08-02 22:46 - 2013-08-02 22:47 - 01781485 _____ (Farbar) C:\Users\john edmund\Desktop\FRST64.exe
2013-08-02 22:44 - 2013-08-02 22:45 - 02456224 _____ (WiseCleaner.com ) C:\Users\john edmund\Desktop\WDCFree.exe
2013-08-02 22:40 - 2013-08-02 22:40 - 00448512 _____ (OldTimer Tools) C:\Users\john edmund\Desktop\TFC.exe
2013-08-02 22:29 - 2013-08-02 22:29 - 00005259 _____ C:\Users\john edmund\Desktop\JRT.txt
2013-08-02 22:24 - 2013-08-02 22:24 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-02 22:12 - 2013-08-02 22:13 - 00014349 _____ C:\AdwCleaner[S1].txt
2013-08-02 22:12 - 2013-08-02 22:13 - 00000260 _____ C:\WINDOWS\DeleteOnReboot.bat
2013-08-02 22:03 - 2013-08-02 22:03 - 00560799 _____ (Oleg N. Scherbakov) C:\Users\john edmund\Desktop\JRT.exe
2013-08-02 21:58 - 2013-08-02 21:59 - 00666633 _____ C:\Users\john edmund\Desktop\adwcleaner.exe
2013-08-02 21:55 - 2013-08-02 22:05 - 00002892 _____ C:\Users\john edmund\Desktop\unhide.txt
2013-08-02 21:55 - 2013-08-02 21:55 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\john edmund\Downloads\unhide.exe
2013-08-02 19:31 - 2013-08-02 19:31 - 00000622 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-02 19:31 - 2013-08-02 19:31 - 00000000 ____D C:\Users\john edmund\AppData\Roaming\Malwarebytes
2013-08-02 19:31 - 2013-08-02 19:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-02 19:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-08-02 19:23 - 2013-08-02 19:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\john edmund\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-02 19:23 - 2013-08-02 19:23 - 00001786 _____ C:\Users\Public\Desktop\iSafe.lnk
2013-08-02 19:23 - 2013-08-02 19:23 - 00000000 ____D C:\WINDOWS\system32\log
2013-08-02 19:07 - 2013-08-02 19:08 - 00345184 _____ C:\Users\john edmund\Downloads\iSafe.exe
2013-08-02 18:52 - 2013-08-02 18:52 - 00000017 _____ C:\WINDOWS\SysWOW64\shortcut_ex.dat
2013-08-02 17:07 - 2013-08-02 17:07 - 00029398 _____ C:\Users\john edmund\Desktop\dds.txt
2013-08-02 17:07 - 2013-08-02 17:07 - 00009521 _____ C:\Users\john edmund\Desktop\attach.txt
2013-08-02 17:04 - 2013-08-02 17:04 - 00688992 ____R (Swearware) C:\Users\john edmund\Desktop\dds.com
2013-08-02 17:04 - 2013-08-02 17:04 - 00688992 _____ (Swearware) C:\Users\john edmund\Downloads\dds.com
2013-08-02 00:08 - 2013-08-02 00:08 - 00067953 _____ C:\Users\john edmund\Downloads\[kickass.to]batman.arkham.city.game.of.the.year.edition.rus.eng.repack.bon.torrent
2013-08-01 21:09 - 2013-08-01 21:09 - 00000000 ____D C:\NvidiaLogging
2013-08-01 21:07 - 2013-05-15 03:28 - 00039712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2013-08-01 21:07 - 2013-05-15 03:27 - 00029984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2013-08-01 21:07 - 2013-05-15 03:27 - 00028448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2013-08-01 11:06 - 2013-08-01 11:06 - 00012284 _____ C:\Users\john edmund\Downloads\[kickass.to]monsters.university.2013.hdts.xvid.feel.free.torrent
2013-07-31 06:39 - 2013-07-31 06:39 - 00000433 _____ C:\Users\Public\Desktop\Company of Heroes 2.lnk
2013-07-28 21:38 - 2013-07-28 21:38 - 00028923 _____ C:\Users\john edmund\Downloads\[kickass.to]despicable.me.2.2013.1080p.ts.xvid.26k.torrent
2013-07-28 19:59 - 2013-07-28 19:59 - 00011649 _____ C:\Users\john edmund\Downloads\[kickass.to]world.war.z.2013.720p.internal.ts.divx.eng.addr.duqa.torrent
2013-07-28 19:58 - 2013-07-28 19:58 - 00102845 _____ C:\Users\john edmund\Downloads\[kickass.to]after.earth.2013.hdts.line.uncropped.xvid.ac3.hq.hive.cm8.torrent
2013-07-27 22:16 - 2013-07-27 22:16 - 00000542 _____ C:\Users\Public\Desktop\Steam.lnk
2013-07-27 22:11 - 2013-07-27 22:12 - 01669632 _____ C:\Users\john edmund\Downloads\SteamInstall.msi
2013-07-27 22:06 - 2013-07-27 22:06 - 00056899 _____ C:\Users\john edmund\Downloads\[kickass.to]company.of.heroes.2.reloaded.torrent
2013-07-27 22:05 - 2013-07-27 22:05 - 00000928 _____ C:\Users\Public\Desktop\Spec Ops The Line.lnk
2013-07-26 23:58 - 2013-07-26 23:58 - 00069486 _____ C:\Users\john edmund\Downloads\Spec_Ops_The_Line-SKIDROW.torrent
2013-07-24 18:45 - 2013-07-24 18:45 - 00000951 _____ C:\Users\john edmund\Desktop\Dead Space 3.lnk
2013-07-23 20:30 - 2013-07-23 20:36 - 00000000 ____D C:\Users\john edmund\Desktop\JDM
2013-07-23 19:45 - 2013-07-23 19:45 - 00020204 _____ C:\Users\john edmund\Downloads\[kickass.to]g.i.joe.retaliation.2013.1080p.brrip.x264.yify.torrent
2013-07-23 17:53 - 2013-07-23 17:53 - 00000000 ____D C:\Users\JOHNED~1\AppData\Local\EA Games
2013-07-23 15:23 - 2013-07-23 15:23 - 00003054 _____ C:\WINDOWS\System32\Tasks\{BD0A63EB-5C70-46F3-9F75-3E8E41ABCB16}
2013-07-23 15:23 - 2013-07-23 15:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\Leader Technologies
2013-07-23 15:10 - 2013-07-23 15:10 - 00000000 ____D C:\ProgramData\Origin
2013-07-20 21:43 - 2013-07-20 21:43 - 00112498 _____ C:\Users\john edmund\Downloads\[kickass.to]dead.space.3.internal.reloaded.torrent
2013-07-19 07:03 - 2013-07-31 22:13 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2013-07-19 07:03 - 2013-07-31 22:13 - 00000000 ____D C:\WINDOWS\system32\NV
2013-07-19 07:03 - 2013-07-19 07:03 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-19 06:58 - 2013-07-14 09:17 - 29335328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 22100256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 15890648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 15631064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 13621504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 12880928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 11244320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2013-07-19 06:58 - 2013-07-14 09:17 - 09248072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 07694808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 07648000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 06329552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 02968352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 02789152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 01882912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6432619.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6432619.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 00632096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 00603424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 00517408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 00515360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 00317472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 00266984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2013-07-19 06:58 - 2013-07-14 09:17 - 00030496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2013-07-17 00:44 - 2013-07-17 00:56 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-07-17 00:44 - 2013-07-17 00:44 - 00001867 _____ C:\Users\Public\Desktop\Apps.lnk
2013-07-17 00:44 - 2013-07-17 00:44 - 00001809 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2013-07-17 00:44 - 2013-07-17 00:44 - 00000000 ____D C:\ProgramData\BlueStacks
2013-07-17 00:44 - 2013-07-17 00:44 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2013-07-17 00:39 - 2013-07-17 00:42 - 09152016 _____ (BlueStack Systems Inc.) C:\Users\john edmund\Downloads\BlueStacks-SplitInstaller_native.exe
2013-07-17 00:38 - 2013-07-17 00:41 - 19512831 _____ C:\Users\john edmund\Downloads\742_com.tencent.mm.apk
2013-07-14 00:14 - 2013-07-14 00:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-13 09:18 - 2013-07-13 09:18 - 00000706 _____ C:\Users\Public\Desktop\Silent Hill Homecoming.lnk
2013-07-13 09:18 - 2013-07-13 09:18 - 00000000 ____D C:\Users\Public\Documents\Silent Hill Homecoming
2013-07-12 21:45 - 2013-07-12 21:45 - 00022615 _____ C:\Users\john edmund\Downloads\silent-hill-homecoming.torrent
2013-07-10 11:17 - 2013-07-10 11:17 - 01810523 _____ C:\Users\john edmund\Downloads\Attachments_2013710.zip
2013-07-10 11:16 - 2013-07-10 23:16 - 00000000 ____D C:\Users\john edmund\Desktop\SAN RAFAEL
2013-07-09 22:16 - 2013-07-09 22:16 - 00978008 _____ (Conduit) C:\Users\john edmund\Downloads\Pconverter.exe
2013-07-09 14:05 - 2013-07-09 14:05 - 00015060 _____ C:\Users\john edmund\Downloads\[kickass.to]madagascar.3.europe.s.most.wanted.2012.1080p.brrip.x264.yify.torrent
167


Report •

#28
August 2, 2013 at 08:17:26
Now this is the second half of the log (FRST)

==================== One Month Modified Files and Folders =======

2013-08-02 23:09 - 2012-12-09 17:33 - 00000000 ____D C:\Users\john edmund\AppData\Roaming\uTorrent
2013-08-02 23:08 - 2012-12-05 02:47 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2626116416-3959848454-4129707019-1001
2013-08-02 23:05 - 2013-08-02 22:57 - 00003316 _____ C:\WINDOWS\System32\Tasks\gg_uac_daemon_john edmund
2013-08-02 23:05 - 2012-11-17 00:33 - 00000000 ____D C:\Users\john edmund\AppData\Roaming\ViberPC
2013-08-02 23:04 - 2012-11-17 00:30 - 00000000 ____D C:\Users\JOHNED~1\AppData\Local\Viber
2013-08-02 23:04 - 2012-07-31 17:23 - 00000828 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-08-02 23:04 - 2012-03-10 03:29 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-02 23:03 - 2012-12-05 00:32 - 01145728 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-02 23:02 - 2013-08-02 23:00 - 00000000 ____D C:\Users\john edmund\AppData\Roaming\Wise Disk Cleaner
2013-08-02 23:00 - 2012-07-26 16:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-08-02 22:59 - 2013-08-02 22:58 - 00001210 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2013-08-02 22:59 - 2013-04-25 15:11 - 00028076 _____ C:\WINDOWS\setupact.log
2013-08-02 22:59 - 2013-04-25 15:11 - 00021360 _____ C:\WINDOWS\setuperr.log
2013-08-02 22:58 - 2013-08-02 22:58 - 00000000 ____D C:\Program Files (x86)\Wise
2013-08-02 22:56 - 2012-12-05 03:09 - 00794624 ___SH C:\Users\john edmund\Desktop\Thumbs.db
2013-08-02 22:56 - 2012-11-24 07:39 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-02 22:54 - 2012-07-26 15:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-02 22:47 - 2013-08-02 22:46 - 01781485 _____ (Farbar) C:\Users\john edmund\Desktop\FRST64.exe
2013-08-02 22:45 - 2013-08-02 22:44 - 02456224 _____ (WiseCleaner.com ) C:\Users\john edmund\Desktop\WDCFree.exe
2013-08-02 22:44 - 2012-11-28 00:40 - 00003970 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CF1D83F9-BC8F-461A-B026-4052A2D5E735}
2013-08-02 22:40 - 2013-08-02 22:40 - 00448512 _____ (OldTimer Tools) C:\Users\john edmund\Desktop\TFC.exe
2013-08-02 22:29 - 2013-08-02 22:29 - 00005259 _____ C:\Users\john edmund\Desktop\JRT.txt
2013-08-02 22:26 - 2012-11-27 16:40 - 00000000 ____D C:\Users\john edmund\AppData\Roaming\Uniblue
2013-08-02 22:24 - 2013-08-02 22:24 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-02 22:18 - 2012-03-10 03:29 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-02 22:13 - 2013-08-02 22:12 - 00014349 _____ C:\AdwCleaner[S1].txt
2013-08-02 22:13 - 2013-08-02 22:12 - 00000260 _____ C:\WINDOWS\DeleteOnReboot.bat
2013-08-02 22:05 - 2013-08-02 21:55 - 00002892 _____ C:\Users\john edmund\Desktop\unhide.txt
2013-08-02 22:03 - 2013-08-02 22:03 - 00560799 _____ (Oleg N. Scherbakov) C:\Users\john edmund\Desktop\JRT.exe
2013-08-02 21:59 - 2013-08-02 21:58 - 00666633 _____ C:\Users\john edmund\Desktop\adwcleaner.exe
2013-08-02 21:55 - 2013-08-02 21:55 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\john edmund\Downloads\unhide.exe
2013-08-02 21:41 - 2012-11-28 21:36 - 00000952 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2626116416-3959848454-4129707019-1001UA.job
2013-08-02 21:41 - 2012-11-28 21:36 - 00000930 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2626116416-3959848454-4129707019-1001Core.job
2013-08-02 21:27 - 2013-04-25 15:08 - 00026956 _____ C:\WINDOWS\PFRO.log
2013-08-02 19:55 - 2012-11-23 22:17 - 00000000 ____D C:\Users\JOHNED~1\AppData\Local\CrashDumps
2013-08-02 19:31 - 2013-08-02 19:31 - 00000622 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-02 19:31 - 2013-08-02 19:31 - 00000000 ____D C:\Users\john edmund\AppData\Roaming\Malwarebytes
2013-08-02 19:31 - 2013-08-02 19:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-02 19:28 - 2013-08-02 19:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\john edmund\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-02 19:23 - 2013-08-02 19:23 - 00001786 _____ C:\Users\Public\Desktop\iSafe.lnk
2013-08-02 19:23 - 2013-08-02 19:23 - 00000000 ____D C:\WINDOWS\system32\log
2013-08-02 19:08 - 2013-08-02 19:07 - 00345184 _____ C:\Users\john edmund\Downloads\iSafe.exe
2013-08-02 18:55 - 2012-11-30 03:20 - 00000000 ____D C:\Users\john edmund\AppData\Roaming\Skype
2013-08-02 18:52 - 2013-08-02 18:52 - 00000017 _____ C:\WINDOWS\SysWOW64\shortcut_ex.dat
2013-08-02 18:51 - 2013-01-02 00:16 - 00000000 ____D C:\Users\john edmund\AppData\Roaming\vlc
2013-08-02 17:31 - 2013-06-22 01:15 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2013-08-02 17:31 - 2012-11-26 18:03 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2013-08-02 17:07 - 2013-08-02 17:07 - 00029398 _____ C:\Users\john edmund\Desktop\dds.txt
2013-08-02 17:07 - 2013-08-02 17:07 - 00009521 _____ C:\Users\john edmund\Desktop\attach.txt
2013-08-02 17:04 - 2013-08-02 17:04 - 00688992 ____R (Swearware) C:\Users\john edmund\Desktop\dds.com
2013-08-02 17:04 - 2013-08-02 17:04 - 00688992 _____ (Swearware) C:\Users\john edmund\Downloads\dds.com
2013-08-02 13:43 - 2012-07-31 17:23 - 00000830 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-08-02 00:08 - 2013-08-02 00:08 - 00067953 _____ C:\Users\john edmund\Downloads\[kickass.to]batman.arkham.city.game.of.the.year.edition.rus.eng.repack.bon.torrent
2013-08-01 22:14 - 2012-07-26 13:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-08-01 21:09 - 2013-08-01 21:09 - 00000000 ____D C:\NvidiaLogging
2013-08-01 21:08 - 2012-07-31 17:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-01 21:08 - 2012-07-31 17:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-01 20:40 - 2013-01-09 22:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-01 11:06 - 2013-08-01 11:06 - 00012284 _____ C:\Users\john edmund\Downloads\[kickass.to]monsters.university.2013.hdts.xvid.feel.free.torrent
2013-07-31 22:13 - 2013-07-19 07:03 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2013-07-31 22:13 - 2013-07-19 07:03 - 00000000 ____D C:\WINDOWS\system32\NV
2013-07-31 07:08 - 2012-11-27 20:16 - 00000000 ____D C:\Users\john edmund\Documents\My Games
2013-07-31 07:01 - 2012-11-14 16:44 - 00522634 _____ C:\WINDOWS\DirectX.log
2013-07-31 06:39 - 2013-07-31 06:39 - 00000433 _____ C:\Users\Public\Desktop\Company of Heroes 2.lnk
2013-07-29 17:14 - 2012-07-26 16:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-07-28 21:38 - 2013-07-28 21:38 - 00028923 _____ C:\Users\john edmund\Downloads\[kickass.to]despicable.me.2.2013.1080p.ts.xvid.26k.torrent
2013-07-28 19:59 - 2013-07-28 19:59 - 00011649 _____ C:\Users\john edmund\Downloads\[kickass.to]world.war.z.2013.720p.internal.ts.divx.eng.addr.duqa.torrent
2013-07-28 19:58 - 2013-07-28 19:58 - 00102845 _____ C:\Users\john edmund\Downloads\[kickass.to]after.earth.2013.hdts.line.uncropped.xvid.ac3.hq.hive.cm8.torrent
2013-07-27 22:16 - 2013-07-27 22:16 - 00000542 _____ C:\Users\Public\Desktop\Steam.lnk
2013-07-27 22:16 - 2012-12-05 00:34 - 00000000 ____D C:\Users\john edmund
2013-07-27 22:12 - 2013-07-27 22:11 - 01669632 _____ C:\Users\john edmund\Downloads\SteamInstall.msi
2013-07-27 22:06 - 2013-07-27 22:06 - 00056899 _____ C:\Users\john edmund\Downloads\[kickass.to]company.of.heroes.2.reloaded.torrent
2013-07-27 22:05 - 2013-07-27 22:05 - 00000928 _____ C:\Users\Public\Desktop\Spec Ops The Line.lnk
2013-07-27 19:51 - 2013-03-15 00:04 - 00001353 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-07-26 23:58 - 2013-07-26 23:58 - 00069486 _____ C:\Users\john edmund\Downloads\Spec_Ops_The_Line-SKIDROW.torrent
2013-07-24 18:45 - 2013-07-24 18:45 - 00000951 _____ C:\Users\john edmund\Desktop\Dead Space 3.lnk
2013-07-24 17:24 - 2012-07-26 16:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-07-23 20:36 - 2013-07-23 20:30 - 00000000 ____D C:\Users\john edmund\Desktop\JDM
2013-07-23 19:45 - 2013-07-23 19:45 - 00020204 _____ C:\Users\john edmund\Downloads\[kickass.to]g.i.joe.retaliation.2013.1080p.brrip.x264.yify.torrent
2013-07-23 17:53 - 2013-07-23 17:53 - 00000000 ____D C:\Users\JOHNED~1\AppData\Local\EA Games
2013-07-23 17:53 - 2012-11-26 15:28 - 00000000 ____D C:\Users\john edmund\Documents\EA Games
2013-07-23 15:23 - 2013-07-23 15:23 - 00003054 _____ C:\WINDOWS\System32\Tasks\{BD0A63EB-5C70-46F3-9F75-3E8E41ABCB16}
2013-07-23 15:23 - 2013-07-23 15:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\Leader Technologies
2013-07-23 15:21 - 2012-07-26 15:28 - 00995152 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-23 15:10 - 2013-07-23 15:10 - 00000000 ____D C:\ProgramData\Origin
2013-07-22 10:50 - 2012-11-30 03:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-20 21:43 - 2013-07-20 21:43 - 00112498 _____ C:\Users\john edmund\Downloads\[kickass.to]dead.space.3.internal.reloaded.torrent
2013-07-19 07:03 - 2013-07-19 07:03 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-19 07:03 - 2012-07-31 17:20 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-19 07:01 - 2013-01-22 11:48 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-07-18 18:46 - 2012-11-26 18:03 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2013-07-17 00:56 - 2013-07-17 00:44 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-07-17 00:44 - 2013-07-17 00:44 - 00001867 _____ C:\Users\Public\Desktop\Apps.lnk
2013-07-17 00:44 - 2013-07-17 00:44 - 00001809 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2013-07-17 00:44 - 2013-07-17 00:44 - 00000000 ____D C:\ProgramData\BlueStacks
2013-07-17 00:44 - 2013-07-17 00:44 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2013-07-17 00:44 - 2012-07-26 16:12 - 00000000 ___RD C:\Users\Public\Libraries
2013-07-17 00:42 - 2013-07-17 00:39 - 09152016 _____ (BlueStack Systems Inc.) C:\Users\john edmund\Downloads\BlueStacks-SplitInstaller_native.exe
2013-07-17 00:41 - 2013-07-17 00:38 - 19512831 _____ C:\Users\john edmund\Downloads\742_com.tencent.mm.apk
2013-07-14 09:17 - 2013-07-19 06:58 - 29335328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 22100256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 15890648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 15631064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 13621504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 12880928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 11244320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2013-07-14 09:17 - 2013-07-19 06:58 - 09248072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 07694808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 07648000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 06329552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 02968352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 02789152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 01882912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6432619.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6432619.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 00632096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 00603424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 00517408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 00515360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 00317472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 00266984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2013-07-14 09:17 - 2013-07-19 06:58 - 00030496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2013-07-14 09:17 - 2013-01-30 01:39 - 00022581 _____ C:\WINDOWS\system32\nvinfo.pb
2013-07-14 09:17 - 2012-12-05 16:41 - 02985648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2013-07-14 09:17 - 2012-12-05 16:41 - 01412832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2013-07-14 09:17 - 2012-12-05 16:41 - 00387536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2013-07-14 09:17 - 2012-12-05 16:41 - 00326224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2013-07-14 09:17 - 2012-11-14 20:47 - 02630304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2013-07-14 09:17 - 2012-11-14 20:47 - 01222824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2013-07-14 06:55 - 2013-01-14 20:12 - 00359792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-14 03:49 - 2012-07-31 17:20 - 06598432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2013-07-14 03:49 - 2012-07-31 17:20 - 03447072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2013-07-14 03:48 - 2012-07-31 17:20 - 03274475 _____ C:\WINDOWS\system32\nvcoproc.bin
2013-07-14 03:48 - 2012-07-31 17:20 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2013-07-14 03:48 - 2012-07-31 17:20 - 01042208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2013-07-14 03:48 - 2012-07-31 17:20 - 00911136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2013-07-14 03:48 - 2012-07-31 17:20 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2013-07-14 03:48 - 2012-07-31 17:20 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2013-07-14 03:48 - 2012-07-31 17:20 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2013-07-14 00:14 - 2013-07-14 00:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-13 09:18 - 2013-07-13 09:18 - 00000706 _____ C:\Users\Public\Desktop\Silent Hill Homecoming.lnk
2013-07-13 09:18 - 2013-07-13 09:18 - 00000000 ____D C:\Users\Public\Documents\Silent Hill Homecoming
2013-07-13 02:13 - 2012-03-10 03:29 - 00003884 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 02:13 - 2012-03-10 03:29 - 00003648 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 21:45 - 2013-07-12 21:45 - 00022615 _____ C:\Users\john edmund\Downloads\silent-hill-homecoming.torrent
2013-07-11 18:10 - 2013-01-28 21:55 - 00000000 ____D C:\Users\john edmund\Desktop\RANDOM FILES
2013-07-10 23:16 - 2013-07-10 11:16 - 00000000 ____D C:\Users\john edmund\Desktop\SAN RAFAEL
2013-07-10 11:17 - 2013-07-10 11:17 - 01810523 _____ C:\Users\john edmund\Downloads\Attachments_2013710.zip
2013-07-09 23:08 - 2013-06-27 14:53 - 00000000 ____D C:\Users\john edmund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battle Realms
2013-07-09 22:16 - 2013-07-09 22:16 - 00978008 _____ (Conduit) C:\Users\john edmund\Downloads\Pconverter.exe
2013-07-09 14:05 - 2013-07-09 14:05 - 00015060 _____ C:\Users\john edmund\Downloads\[kickass.to]madagascar.3.europe.s.most.wanted.2012.1080p.brrip.x264.yify.torrent
2013-07-09 11:14 - 2012-12-14 18:57 - 00000000 ____D C:\Users\john edmund\Documents\FIFA 13
2013-07-09 09:28 - 2012-11-21 15:34 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2013-07-04 14:42 - 2012-12-28 22:21 - 00000000 ____D C:\Users\DefaultAppPool
2013-07-03 10:23 - 2012-11-27 15:53 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2013-07-03 10:23 - 2012-11-27 15:53 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-24 03:01

==================== End Of Log ============================


Report •

#29
August 2, 2013 at 08:17:52
Post the rest in sections.

Report •

#30
August 2, 2013 at 08:18:40
This is the other log from Farbar Recovery Scan Tool (Addition)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2013
Ran by john edmund at 2013-08-02 23:11:13
Running from C:\Users\john edmund\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


µTorrent (x32 Version: 3.3.0.29420)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Akamai NetSession Interface (HKCU)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Assassin's Creed ® III (x32 Version: 1.01)
ASUS AI Recovery (x32 Version: 1.0.24)
ASUS FaceLogon (x32 Version: 1.0.0014)
ASUS Instant Connect (x32 Version: 1.2.2)
ASUS InstantOn (x32 Version: 3.0.2)
ASUS LifeFrame3 (x32 Version: 3.1.1)
ASUS Live Update (x32 Version: 3.1.9)
ASUS Power4Gear Hybrid (Version: 1.2.0)
ASUS Smart Gesture (x32 Version: 1.0.35)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0041)
ASUS USB Charger Plus (x32 Version: 2.0.9)
ASUS Virtual Camera (x32 Version: 1.0.25)
ASUS Virtual Touch (x32 Version: 1.0.11)
ASUS WebStorage (x32 Version: 3.0.108.222)
ASUSDVD (x32 Version: 10.0.3622.52)
AsusVibe2.0 (x32 Version: 2.0.12.309)
ATK Package (x32 Version: 1.0.0015)
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0)
Autodesk Content Service (x32 Version: 3.0.84.0)
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230)
Autodesk Material Library 2013 (x32 Version: 3.0.13)
Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13)
Autodesk Sync (Version: 3.5.24.0)
Battle Realms (x32 Version: 0.10.000)
BlueStacks Notification Center (x32 Version: 0.7.15.909)
Bonjour (Version: 3.0.0.10)
Bubbletown (x32)
Call of Duty Black Ops II (x32 Version: 1.0.0.0)
Combined Community Codec Pack 2012-12-30 (x32 Version: 2012.12.30.0)
Company of Heroes 2 (x32 Version: 1)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Crysis® 2 (x32 Version: 1.0.0.0)
Crysis® 3 (x32 Version: 1.0.0.0)
CyberLink LabelPrint (x32 Version: 2.5.3624)
CyberLink Media Suite (x32 Version: 8.0.2926)
CyberLink Power2Go (x32 Version: 7.0.0.1126)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.46.1.0327)
Dead Island Riptide 1.1.0 (x32 Version: 1.1.0)
Dead Space™ 3 (x32 Version: 1.0.0.0)
Deadtime Stories (x32)
Dishonored (x32 Version: Dishonored)
Dream Day First Home (x32)
Dream Vacation Solitaire (x32)
EVGA Precision X 4.0.0 (x32 Version: 4.0.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Far Cry 3 (x32 Version: 1.00)
Farm Frenzy 3 - Madagascar (x32)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
FIFA 13 Crack (x32)
Front Mission Evolved (x32)
Galapago (x32)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Game Park Console (x32 Version: 1.2.4.431)
Garena - Heroes of Newerth (x32 Version: 2011)
Go Go Gourmet Chef of the Year (x32)
Google Chrome (x32 Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
Grand Theft Auto IV (x32 Version: 1.0.0013.131)
Hitman Absolution (x32 Version: 1.0.0.0)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35132)
Intel(R) Management Engine Components (x32 Version: 8.0.0.1351)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.6.1209.0268)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
iSafe (x32)
iTunes (Version: 11.0.2.26)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Mahjong Memoirs (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mass Effect 3 (x32 Version: 1.0.0.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Metro: Last Light (c) Deep Silver version 1 (x32 Version: 1)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 2.0.672.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (x32 Version: 12.0.4518.1014)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
myBitCast 1.0.0.3 (Version: 1.0.0.3)
NBA 2K13 (x32 Version: 1.0.0)
NBA 2K13 Crack (x32)
Need for Speed™ Carbon (x32)
NVIDIA Control Panel 326.19 (Version: 326.19)
NVIDIA GeForce Experience 1.6 (Version: 1.6)
NVIDIA Graphics Driver 326.19 (Version: 326.19)
NVIDIA Install Application (Version: 2.1002.132.865)
NVIDIA Optimus 7.2.17 (Version: 7.2.17)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)
NVIDIA Update 7.2.17 (Version: 7.2.17)
NVIDIA Update Components (Version: 7.2.17)
NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1)
oCAD 2013 - English (Version: 19.0.55.0)
OpenAL (x32)
Plants vs Zombies (x32)
PunkBuster Services (x32 Version: 0.993)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.206)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Qualcomm Atheros WiFi Driver Installation (x32 Version: 9.2)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6685)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.27024)
SceneSwitch (x32 Version: 1.0.11)
Secure Download Manager (x32 Version: 3.1.0)
SHIELD Streaming (Version: 1.05.19)
Silent Hill Homecoming (x32)
Skype Click to Call (x32 Version: 6.10.13089)
Skype™ 6.5 (x32 Version: 6.5.158)
Sniper: Ghost Warrior 2 (x32 Version: 1.0.0.0)
Spec Ops The Line (x32)
SpeedFan (remove only) (x32)
Star Wars: The Force Unleashed 2 (x32 Version: 1.0)
Steam (x32 Version: 1.0.0.0)
System Requirements Lab CYRI (x32 Version: 6.0.3.0)
The Sims™ 3 (x32 Version: 1.0.632)
Titanium Internet Security (Version: 5.4)
Tom Clancy's H.A.W.X. 2 (x32 Version: 1.0.1)
Tomb Raider (x32 Version: 1.0.0.0)
Trend Micro Titanium (Version: 5.00)
Turbo Fiesta (x32)
Uplay (x32 Version: 2.0)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2)
Viber (HKCU Version: 3.0.0.132799)
VirtualDJ Home FREE (x32 Version: 7.3)
VLC media player 2.0.5 (x32 Version: 2.0.5)
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (Version: 10/29/2012 1.0.0.148)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 照片库 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3538.0513)
Windows Live 软件包 (x32 Version: 15.4.3502.0922)
WinFlash (x32 Version: 2.41.0)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Wireless Console 3 (x32 Version: 3.0.27)
Wise Disk Cleaner 7.87 (x32 Version: 7.87)
World of Goo (x32)
Wsys Control 1.0.0.2598 (x32 Version: 1.0.0.2598)
Yahoo! Messenger (x32)
بريد Windows Live (x32 Version: 15.4.3502.0922)
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (x32 Version: 15.4.5722.2)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (x32 Version: 15.4.5722.2)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)

==================== Restore Points =========================

02-08-2013 14:50:59 Removed Java 7 Update 25

==================== Hosts content: ==========================

2012-07-26 13:26 - 2012-07-26 13:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0307CE5A-2536-4531-8FF3-136930EF1A38} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe No File
Task: {049687D5-C948-49E8-9E5B-D3E0745DD4C4} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2012-04-12] (ASUSTeK Computer Inc.)
Task: {0CE22ED3-DE53-4C68-B2DD-7FDA6F9FE9A4} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-17] (ASUSTek Computer Inc.)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1A4727EE-C5BE-4217-BDA8-8755A8D4CBC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {1E4053F0-5838-4620-A6A9-347E07B945DB} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-03-01] (ASUSTek Computer Inc.)
Task: {1ED1A9DF-790F-410A-8DA5-016D3B2A2415} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe No File
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {2239A9F9-70F8-46D0-901C-68D77F8FBDE7} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {225E6F24-6AA8-4186-AF41-4944AAEA8ADD} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2A9ABDE4-3013-4B13-AE04-03BB4C96A142} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe No File
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {31C15628-3D51-4C66-92E6-BD90069FC574} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe No File
Task: {322E5D16-AA35-4092-890F-5DBBB0C27A26} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2012-03-10] (ASUSTek Computer Inc.)
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {42A6588A-A40F-4273-A63E-C9365CF4A9D1} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2012-04-12] (ASUSTeK Computer Inc.)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {491B4BCC-39A6-49C4-B411-D62377D6CDBB} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5BF4A156-9EE9-4310-A8B4-75F14A75360F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {60E96AE0-254E-45B1-87B8-14C9BAFC21B5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2626116416-3959848454-4129707019-1001UA => C:\Users\john edmund\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-28] (Facebook Inc.)
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {718B7C0F-1AC4-4D33-93F1-38EF42D90832} - System32\Tasks\User_Feed_Synchronization-{CF1D83F9-BC8F-461A-B026-4052A2D5E735} => C:\Windows\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation)
Task: {730315E2-AE60-4F4B-8636-2DE1D8DD7A40} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7BCAADA9-D9CF-46B6-8670-ABD841129324} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-01-05] (ASUS)
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {89DEAE1D-E52C-4D0A-864F-03A6635305F9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2626116416-3959848454-4129707019-1001Core => C:\Users\john edmund\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-28] (Facebook Inc.)
Task: {8D9A38AC-7EF2-45DF-B826-E969BFCFE9B5} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9E6B67EE-8824-4B73-97E3-7ECB6BB96A91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10] (Google Inc.)
Task: {A3E30C4D-A15B-4EAA-AAC8-27ADC029EDDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-24] (Adobe Systems Incorporated)
Task: {A70F6C55-0E07-4B90-9A3E-0F5426FF7C5E} - System32\Tasks\CCleanerSkipUAC => C:\CCleaner.exe [2013-03-26] (Piriform Ltd)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {A8767A3C-CC43-40A1-8535-A6B3088632B7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B2A3901F-8590-42B5-BF3E-CFFB40B562E1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {B7206E48-CE40-4782-998C-D37D714C0F04} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {B80DDD23-C591-4A99-9F41-B19C6E9088B5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {BAF4A33E-4FFE-45F4-BD26-D60DE3B855CD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C4E1F92D-C265-4C33-8DF0-E601143CA06B} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2626116416-3959848454-4129707019-1001
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {C83B5731-FF9E-4ADF-87A1-679473590D52} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-05] (Adobe Systems Incorporated)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D722A7D0-28ED-4484-A753-ADD312131ECA} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe No File
Task: {D9282F5F-75FD-4FB4-B8AE-B8D4D0697404} - System32\Tasks\gg_uac_daemon_john edmund => C:\WINDOWS\SysWOW64\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E43E9C78-9299-4211-9227-EDB9CED681D4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {E4710BA0-472F-44CE-AB04-EDB004F27FB6} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-23] (ASUSTek Computer Inc.)
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F2614EA3-958D-4177-8E0F-DE0FBF888657} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {F2C25723-3A1B-49F8-AA80-8B84AA5355EC} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2626116416-3959848454-4129707019-1001Core.job => C:\Users\john edmund\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2626116416-3959848454-4129707019-1001UA.job => C:\Users\john edmund\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2013 11:02:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594

Error: (08/02/2013 11:02:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594

Error: (08/02/2013 11:02:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/02/2013 10:55:35 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (08/02/2013 10:55:26 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]


System errors:
=============
Error: (08/02/2013 11:05:00 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Solution Platform service failed to start due to the following error:
%%1053

Error: (08/02/2013 11:04:59 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Trend Micro Solution Platform service to connect.

Error: (08/02/2013 10:56:10 PM) (Source: DCOM) (User: johnedmund-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}johnedmund-PCjohn edmundS-1-5-21-2626116416-3959848454-4129707019-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/02/2013 10:56:10 PM) (Source: DCOM) (User: johnedmund-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}johnedmund-PCjohn edmundS-1-5-21-2626116416-3959848454-4129707019-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/02/2013 10:56:10 PM) (Source: DCOM) (User: johnedmund-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}johnedmund-PCjohn edmundS-1-5-21-2626116416-3959848454-4129707019-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/02/2013 10:56:10 PM) (Source: DCOM) (User: johnedmund-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}johnedmund-PCjohn edmundS-1-5-21-2626116416-3959848454-4129707019-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/02/2013 10:56:10 PM) (Source: DCOM) (User: johnedmund-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}johnedmund-PCjohn edmundS-1-5-21-2626116416-3959848454-4129707019-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/02/2013 10:56:10 PM) (Source: DCOM) (User: johnedmund-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}johnedmund-PCjohn edmundS-1-5-21-2626116416-3959848454-4129707019-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/02/2013 10:56:09 PM) (Source: DCOM) (User: johnedmund-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}johnedmund-PCjohn edmundS-1-5-21-2626116416-3959848454-4129707019-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/02/2013 10:56:09 PM) (Source: DCOM) (User: johnedmund-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}johnedmund-PCjohn edmundS-1-5-21-2626116416-3959848454-4129707019-1001LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (08/02/2013 11:02:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594

Error: (08/02/2013 11:02:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594

Error: (08/02/2013 11:02:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/02/2013 10:55:35 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (08/02/2013 10:55:26 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]


CodeIntegrity Errors:
===================================
Date: 2013-01-27 17:51:07.418
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-23 23:42:54.027
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-22 17:01:37.479
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-22 13:52:57.886
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-22 12:12:21.323
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 3981.81 MB
Available physical RAM: 1531.76 MB
Total Pagefile: 10125.81 MB
Available Pagefile: 7261.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:3.5 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:393.86 GB) (Free:116.55 GB) NTFS (Disk=0 Partition=4)
Drive g: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:764.42 GB) NTFS (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 473CAA27)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 426376CB)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Report •

#31
August 2, 2013 at 08:22:31
Beautiful, I shall go through those last 2 logs tomorrow.
Ok, now to get into the heavy duty stuff, Run ESET & I will go to bed.
Catch you when I wake up.

Report •

#32
August 2, 2013 at 08:25:29
That's the last one..

Report •

#33
August 2, 2013 at 08:28:06
Okay I will run ESET now. Thanks again for the help. Talk to you tomorrow

Report •

#34
August 2, 2013 at 22:13:28
I'm done with ESET. What should I do now?

Report •

#35
August 2, 2013 at 23:08:55
"I'm done with ESET. What should I do now?"
Log please.

Report •

#36
August 5, 2013 at 04:45:04
ESET does not give me any logs after scanning. I already ran ESET three times

Report •

#37
August 5, 2013 at 06:17:28
ESET does not give me any logs after scanning. I already ran ESET three times

Opp's, refer my post #3
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...

I shall proceed to do a thorough search for nasties that may be lurking, if that is alright with you. The trick for removing malware over the last 3 or so years, is to get all of the remnants.

Please download and run ListParts64 by Farbar (for 64-bit system):
http://download.bleepingcomputer.co...
Click on the Scan button.
The scan results will open in Notepad.
Copy and Paste the contents into your reply.


Report •

#38
August 5, 2013 at 07:07:22
there are about 8 threats that was found but ESET did not give me any log. okay i will run Farbar now

Report •

#39
August 5, 2013 at 07:10:30
Here's the log from ListParts by Farbar

ListParts by Farbar Version: 10-05-2013
Ran by john edmund (administrator) on 05-08-2013 at 22:07:26
Windows 8 (X64)
Running From: C:\Users\john edmund\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 73%
Total physical RAM: 3981.81 MB
Available physical RAM: 1072.86 MB
Total Pagefile: 10125.81 MB
Available Pagefile: 5878.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:1.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:393.86 GB) (Free:99.77 GB) NTFS
5 Drive g: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:756.22 GB) NTFS


Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B *
Disk 1 Online 931 GB 0 B

Partitions of Disk 0:
===============

Disk ID: {06B88D3E-312E-465D-B2C1-CC46C03FD736}

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System (partition with boot components) 200 MB 1024 KB
Partition 2 Reserved 128 MB 201 MB
Partition 3 Primary 279 GB 329 MB
Partition 4 Primary 393 GB 279 GB
Partition 5 Recovery 25 GB 673 GB

======================================================================================================

Disk: 0
Partition 1
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 SYSTEM FAT32 Partition 200 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 3
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 279 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 4
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 393 GB Healthy Pagefile

======================================================================================================

Disk: 0
Partition 5
Type : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden : Yes
Required: Yes
Attrib : 0X8000000000000001

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 Recovery NTFS Partition 25 GB Healthy Hidden

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: 426376CB

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 G Seagate Exp NTFS Partition 931 GB Healthy

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 473CAA27

Partition : GPT Partition Type
==============================
Partitions of Disk 1:
===============
Disk ID: 426376CB
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)


****** End Of Log ******


Report •

#40
August 5, 2013 at 15:17:21
"there are about 8 threats that was found but ESET did not give me any log"
Weird, but good it removed those 8 threats.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
Official tutorial
http://tigzyrk.blogspot.fr/2012/11/...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.


Report •

#41
August 5, 2013 at 16:13:45
RogueKiller Log

RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/rog...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : john edmund [Admin rights]
Mode : Remove -- Date : 08/06/2013 07:12:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Viber ("C:\Users\john edmund\AppData\Local\Viber\Viber.exe" StartMinimized [-][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2626116416-3959848454-4129707019-1001\[...]\Run : Viber ("C:\Users\john edmund\AppData\Local\Viber\Viber.exe" StartMinimized [-][x]) -> [0x2] The system cannot find the file specified.
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 0986f8b6297f3f3a1bda4bfeccfbeb9b
[BSP] ad721cbbd6ec05de60d21d1233687a95 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08062013_071247.txt >>
RKreport[0]_S_08062013_071200.txt


Report •

#42
August 5, 2013 at 16:29:38
Run ComboFix. Copy & Paste the contents of the log please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
"There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
Run Defogger
http://majorgeeks.com/Defogger_d708...
http://www.bleepingcomputer.com/dow...
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Report •

#43
August 21, 2013 at 09:35:31
Hi there, I've been out of town and I'm thinkin if I can still continue with this. By the way, I ran combofix and here's the log


ComboFix 13-08-20.01 - john edmund 08/22/2013 0:14.1.8 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1252.63.1033.18.3982.1560 [GMT 8:00]
Running from: c:\users\john edmund\Downloads\ComboFix.exe
AV: Titanium Internet Security *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Titanium Internet Security *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\Uninstall.exe
D:\WinRAR.exe
G:\Autorun.inf
G:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WsysSvc
.
.
((((((((((((((((((((((((( Files Created from 2013-07-21 to 2013-08-21 )))))))))))))))))))))))))))))))
.
.
2013-08-21 16:19 . 2013-08-21 16:24 -------- d-----w- c:\users\john edmund\AppData\Local\temp
2013-08-21 16:19 . 2013-08-21 16:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-21 16:19 . 2013-08-21 16:19 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-08-21 16:19 . 2013-08-21 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-21 10:45 . 2013-08-21 10:45 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-21 10:45 . 2013-08-21 10:45 -------- d-----w- c:\program files\iTunes
2013-08-21 10:45 . 2013-08-21 10:45 -------- d-----w- c:\program files\iPod
2013-08-20 15:31 . 2013-08-20 15:31 240304 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10214.bin
2013-08-17 15:37 . 2013-08-17 15:37 -------- d-----w- c:\users\john edmund\AppData\Roaming\Garena
2013-08-17 15:37 . 2013-08-17 15:37 -------- d-----w- c:\programdata\Garena
2013-08-04 12:13 . 2013-08-21 15:56 -------- d-----w- c:\windows\SysWow64\NV
2013-08-04 12:13 . 2013-08-21 15:56 -------- d-----w- c:\windows\system32\NV
2013-08-04 12:10 . 2013-08-04 12:10 -------- d-----w- c:\windows\LastGood.Tmp
2013-08-04 12:09 . 2013-07-26 06:09 1884448 ----a-w- c:\windows\system32\nvdispco6432641.dll
2013-08-04 12:09 . 2013-07-26 06:09 1511712 ----a-w- c:\windows\system32\nvdispgenco6432641.dll
2013-08-04 02:45 . 2013-08-04 02:45 -------- d-----w- c:\program files\ESET
2013-08-02 15:38 . 2013-08-02 15:38 -------- d-----w- c:\program files (x86)\ESET
2013-08-02 15:10 . 2013-08-02 15:10 -------- d-----w- C:\FRST
2013-08-02 15:00 . 2013-08-21 15:56 -------- d-----w- c:\users\john edmund\AppData\Roaming\Wise Disk Cleaner
2013-08-02 14:58 . 2013-08-02 14:58 -------- d-----w- c:\program files (x86)\Wise
2013-08-02 14:55 . 2013-08-21 16:22 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-08-02 14:24 . 2013-08-02 14:24 -------- d-----w- c:\windows\ERUNT
2013-08-02 14:12 . 2013-08-02 14:13 260 ----a-w- c:\windows\DeleteOnReboot.bat
2013-08-02 11:31 . 2013-08-02 11:31 -------- d-----w- c:\users\john edmund\AppData\Roaming\Malwarebytes
2013-08-02 11:31 . 2013-08-02 11:31 -------- d-----w- c:\programdata\Malwarebytes
2013-08-02 11:31 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-02 11:23 . 2013-08-02 11:23 -------- d-----w- c:\windows\system32\log
2013-08-01 13:09 . 2013-08-01 13:09 -------- d-----w- C:\NvidiaLogging
2013-08-01 13:07 . 2013-05-14 19:28 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-08-01 13:07 . 2013-05-14 19:27 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-08-01 13:07 . 2013-05-14 19:27 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-07-27 14:16 . 2013-07-31 08:37 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-07-23 09:53 . 2013-08-09 12:55 -------- d-----w- c:\users\john edmund\AppData\Local\EA Games
2013-07-23 07:10 . 2013-07-23 07:10 -------- d-----w- c:\programdata\Origin
2013-07-22 23:22 . 2013-07-22 23:22 -------- d-----w- c:\program files (x86)\Common Files\EAInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 02:35 . 2013-06-21 17:15 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-08-20 02:35 . 2012-11-26 10:03 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-08-19 15:37 . 2012-11-26 10:03 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-08-18 21:02 . 2012-12-05 08:41 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-08-18 21:02 . 2012-12-05 08:41 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-08-18 21:02 . 2012-12-05 08:41 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-08-18 21:02 . 2012-12-05 08:41 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-08-18 21:02 . 2012-11-14 12:47 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-08-18 21:02 . 2012-11-14 12:47 1222824 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-07-26 04:59 . 2012-07-31 09:20 6601504 ----a-w- c:\windows\system32\nvcpl.dll
2013-07-26 04:59 . 2012-07-31 09:20 3452704 ----a-w- c:\windows\system32\nvsvc64.dll
2013-07-26 04:59 . 2012-07-31 09:20 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-07-26 04:59 . 2012-07-31 09:20 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-07-26 04:59 . 2012-07-31 09:20 1041696 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-07-26 04:59 . 2012-07-31 09:20 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-07-26 04:59 . 2012-07-31 09:20 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-07-26 04:59 . 2012-07-31 09:20 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-07-22 19:12 . 2012-07-31 09:20 3282455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-07-14 01:17 . 2013-07-18 22:58 1882912 ----a-w- c:\windows\system32\nvdispco6432619.dll
2013-07-14 01:17 . 2013-07-18 22:58 1511712 ----a-w- c:\windows\system32\nvdispgenco6432619.dll
2013-07-09 15:08 . 2013-07-09 15:08 53248 ----a-r- c:\users\john edmund\AppData\Roaming\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F522ED7EA612_4117_B86D_78467DE01E30.exe
2013-07-03 02:23 . 2012-11-27 07:53 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-03 02:23 . 2012-11-27 07:53 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-27 06:53 . 2013-06-27 06:53 256000 ----a-w- c:\users\john edmund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
2013-06-27 02:31 . 2013-03-26 09:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-06-21 17:11 . 2012-11-26 10:03 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-06-18 13:57 . 2012-12-06 08:00 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-06-15 11:15 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\john edmund\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-08-06 9739056]
"uTorrent"="D:\uTorrent.exe" [2013-05-02 802136]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
"Steam"="d:\steam\Steam.exe" [2013-07-26 1807272]
"Viber"="c:\users\john edmund\AppData\Local\Viber\Viber.exe" [2013-05-08 906240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-07-04 601928]
"iTunesHelper"="D:\iTunesHelper.exe" [2013-08-16 152392]
.
c:\users\john edmund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2013-6-27 256000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll c:\windows\SysWOW64\nvinit.dll
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
R2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;d:\globe tattoo broadband\UpdateDog\ouc.exe;d:\globe tattoo broadband\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\System32\drivers\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\drivers\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 WUDFWpdComp;WUDFWpdComp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;d:\malwarebytes' anti-malware\mbamscheduler.exe;d:\malwarebytes' anti-malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe;d:\malwarebytes' anti-malware\mbamservice.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-02 19:18 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-23 23:39]
.
2013-08-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2626116416-3959848454-4129707019-1001Core.job
- c:\users\john edmund\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-28 13:35]
.
2013-08-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2626116416-3959848454-4129707019-1001UA.job
- c:\users\john edmund\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-28 13:35]
.
2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 19:29]
.
2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 19:29]
.
2013-08-21 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-08-21 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-12-18 1304296]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-13 12936848]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-08-10 764032]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-08-10 127616]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-13 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-13 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-13 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
FF - ProfilePath - c:\users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\
FF - prefs.js: browser.search.selectedEngine - Search Here
FF - ExtSQL: 2013-06-23 23:47; torntv2@torntv.com; c:\users\john edmund\AppData\Roaming\Mozilla\Firefox\Profiles\eu8al5sl.default\extensions\torntv2@torntv.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-iSafe - c:\program files (x86)\iSafe\uninstall.exe
AddRemove-WinRAR archiver - D:\uninstall.exe
AddRemove-WsysControl - c:\programdata\eSafe\eGdpSvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AtherosSvc]
"ImagePath"="%SystemRoot%\system32\AdminService.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
d:\malwarebytes' anti-malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-08-22 00:28:59 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-21 16:28
.
Pre-Run: 1,071,362,048 bytes free
Post-Run: 1,027,211,264 bytes free
.
- - End Of File - - 8940EF16132941C0B384949D6431D653
5FB38429D5D77768867C76DCBDB35194


Report •

#44
August 27, 2013 at 18:49:44
Opp's, somehow I missed your reply, sorry.

Let me know how it is running. After all the stuff we have removed, we may have some repairs to do. What issues do you have?

Did you try running ESET again after Combofix?


Report •

#45
August 31, 2013 at 02:45:11
I am still running low on disk space. Not yet. Will do

Report •

#46
August 31, 2013 at 03:24:53
"I am still running low on disk space"

Go into Control Panel & tell me what the Java cache is set on.
http://steveshank.com/cgi-bin/artic...

Go to System Restore & tell me if it is set as per this SS..
http://i.imgur.com/F5M7bJd.gif

Windows 8 System Restore Guide
http://www.bleepingcomputer.com/tut...


Report •

#47
September 3, 2013 at 05:16:22
-The java cache is set on 3000+ MB
-system protection is on, current usage is at 288.37MB and the max usage is at 0%(320.00MB)
I will follow the restore guide now

Report •

#48
September 3, 2013 at 05:21:22
"-The java cache is set on 3000+ MB"
Why don't you set it at 51mb as per the guide.
http://steveshank.com/cgi-bin/artic...

Report •

#49
September 3, 2013 at 05:34:13
It says that I haven't created any restore points on my computer's system drive

Report •

#50
September 3, 2013 at 05:36:17
yes I did set it at 51MB

Report •

#51
September 3, 2013 at 05:40:52
System Restore will have infected files in it, turning System Restore OFF & then ON will remove them. When you turn Restore back on, make sure it is set to Min.

Is that what you did, can't remember.


Report •

#52
September 3, 2013 at 05:58:34
Going to bed now, will finish off tomorrow.

Run SpyBHORemover
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://securityxploded.com/bhoremov...

Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#53
September 3, 2013 at 05:58:58
Ok I turned system restore off and then on. it is set to 1%(2.79GB)

No I mean I just did it like twenty minutes ago


Report •

#54
September 4, 2013 at 07:59:24
How should I run SpyBHORemover? Should I click Disable ALL button?

Report •

#55
September 4, 2013 at 16:21:08
"How should I run SpyBHORemover? Should I click Disable ALL button
Depends, there are good & bad BHO's.

Without knowing what you have, I have no idea.

Right click on any you are not sure of, or give me a SS.

Here is a SS of mine, only have one & it's marked good.

http://i.imgur.com/VTk2CwN.gif


Report •

#56
September 5, 2013 at 02:06:29
Okay everything in my list says "no threats found".

Report •

#57
September 5, 2013 at 02:09:17
Here's the log from Security check

Results of screen317's Security Check version 0.99.73
x64 (UAC is enabled)
Internet Explorer 10
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Titanium Internet Security
Windows Defender
Antivirus up to date! (On Access scanning [b]disabled[/b]!)
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Wise Disk Cleaner 7.87
Java 7 Update 25
Adobe Flash Player 10 [color=red][b]Flash Player out of Date![/b][/color]
Adobe Reader 10.1.7 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox (23.0)
Google Chrome 29.0.1547.62
Google Chrome 29.0.1547.66
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
mbamscheduler.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: %
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#58
September 5, 2013 at 03:10:27
"Here's the log from Security check"
Thanks.

To improve your security, these both need updating.

Adobe Flash Player 10 [color=red][b]Flash Player out of Date![/b][/color]
Adobe Reader 10.1.7 [color=red][b]Adobe Reader out of Date![/b][/color]

As you can see, you have a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

Uninstall ComboFix. The reason we remove Combofix, is that a new version comes out nearly every day.
Turn off all active protection software.
Push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
Please Copy and Paste the following into the box > ComboFix /Uninstall and click OK.
Or,
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Or,
Start > All Programs > Accessories > Command Prompt, Copy and Paste > ComboFix /uninstall and hit > Enter.
Qoobox is a folder created by Combofix to quarantine any infected files.

Let me know how it is running. After all the stuff we have removed, we may have some repairs to do. What issues do you have?


Report •

#59
September 5, 2013 at 08:48:10
Okay I updated Combofix. Should I run it again?
The issues are still the same, last time I checked, the replicating virus is still there, my Trend Micro antivirus isn't working properly or should I say not working at all (since the virus snuck in I think) and my hard drive (C) is still getting lower and lower on space each day even if I have already deleted almost everything I installed in that drive.

Report •

#60
September 5, 2013 at 15:32:33
"Should I run it again?"
Not just yet.

Run ListParts again, make sure no usb storage devices ( thumb drives etc ) are plugged in.


Report •

#61
September 9, 2013 at 08:58:08
This is the log from ListParts

ListParts by Farbar Version: 10-05-2013
Ran by john edmund (administrator) on 09-09-2013 at 23:56:26
Windows 8 (X64)
Running From: C:\Users\john edmund\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 54%
Total physical RAM: 3981.81 MB
Available physical RAM: 1831.38 MB
Total Pagefile: 8077.81 MB
Available Pagefile: 4852.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:0.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:393.86 GB) (Free:58.08 GB) NTFS
4 Drive f: (Resident Evil 6-) (CDROM) (Total:2.44 GB) (Free:0 GB) CDFS


Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B *

Partitions of Disk 0:
===============

Disk ID: {06B88D3E-312E-465D-B2C1-CC46C03FD736}

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System (partition with boot components) 200 MB 1024 KB
Partition 2 Reserved 128 MB 201 MB
Partition 3 Primary 279 GB 329 MB
Partition 4 Primary 393 GB 279 GB
Partition 5 Recovery 25 GB 673 GB

======================================================================================================

Disk: 0
Partition 1
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 SYSTEM FAT32 Partition 200 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 3
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 279 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 4
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 393 GB Healthy

======================================================================================================

Disk: 0
Partition 5
Type : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden : Yes
Required: Yes
Attrib : 0X8000000000000001

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 Recovery NTFS Partition 25 GB Healthy Hidden

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 473CAA27

Partition : GPT Partition Type

****** End Of Log ******


Report •

#62
September 12, 2013 at 01:36:25
These hidden partitions are not required, do so research on these, to find out what is going on.

Disk: 0
Partition 1
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 SYSTEM FAT32 Partition 200 MB Healthy System (partition with boot components)

==================================================================

Disk: 0
Partition 2
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

I would reinstall W8.

Make sure when you reinstall, you delete ALL partitions & format to NTFS.

W8 - The complete guide to a Windows 8 clean installation
http://i.imgur.com/2FOd60C.gif
http://i.imgur.com/pm8d5Xm.gif
http://pcsupport.about.com/od/windo...
http://www.techrepublic.com/blog/wi...

Here are some examples of why you delete all partitions.
http://forums.spybot.info/showthrea...
http://forums.whatthetech.com/index...
http://blog.eset.com/2011/10/18/tdl...


Report •

#63
September 18, 2013 at 19:09:56
Okay so I need to reinstall W8?

Report •

#64
September 18, 2013 at 19:15:39
"Okay so I need to reinstall W8?"
I would.

Report •

Ask Question