Jump to content

Change Mode

Some Guy Shipped me a Laptop with Viruses and Trojans


jesse9212
 Share

Recommended Posts

Can't modify hosts file in Windows 8 even using the god mode and take ownership stuff.

127.0.0.1 d3oxij66pru1i3.cloudfront.net

 

So that's part of the problem. McAfee said it fixed one found trojan but it couldn't find any of the other problems I know are there. THANKS!

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:34:32 PM, on 10/9/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17278)

FIREFOX: 32.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Spring-Nexus\AppData\Local\Temp\infinite_screen\perl\bin\infinite_screen.exe
C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe
C:\Program Files (x86)\Extensis\Suitcase Fusion 5\FMCore.exe
C:\Users\Spring-Nexus\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Evernote\EvernoteClipper.exe
B:\Program Files\Firefox\firefox.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Clover\clover.exe
B:\Program Files\Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Users\Spring-Nexus\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\EvernoteIE.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: CouponDownloader - {c817d3d8-b9da-521d-971d-2c0a747ea697} - C:\Program Files\B9CBA23D-4CBF-4122-9CD4-34A83873247C\gohymlmtrh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Spring-Nexus\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Spring-Nexus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PriceMeterW] "C:\Users\Spring-Nexus\AppData\Local\PriceMeter\pricemeterw.exe"
O4 - HKCU\..\Run: [infinite_Screen] C:\Users\Spring-Nexus\AppData\Local\Temp\infinite_screen\perl\bin\infinite_screen.exe -xC:\Users\Spring-Nexus\AppData\Local\Temp\infinite_screen C:\Users\Spring-Nexus\AppData\Local\Temp\infinite_screen\screen
O4 - HKCU\..\Run: [Actual Window Manager] "C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe"
O4 - HKCU\..\Run: [FMCore.exe] "C:\Program Files (x86)\Extensis\Suitcase Fusion 5\FMCore.exe" -standalone
O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Dropbox.lnk = Spring-Nexus\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\EvernoteClipper.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.oracle.com/update/1.6.0/jinstall-6u17-windows-i586.cab
O20 - AppInit_DLLs: c:\program files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll
O23 - Service: ArcSoft Exchange Service (ADExchange) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\ASUS\P4G\InsOnSrv.exe
O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @oem62.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CouponDownloaderService64 - Unknown owner - C:\Program Files (x86)\B9CBA23D-4CBF-4122-9CD4-34A83873247C\eexvlcbkbu64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Wireless Bluetooth® 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: rqpbhevlkc64 - Unknown owner - C:\Program Files\004\rqpbhevlkc64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Synergy - Unknown owner - C:\Program Files\Synergy\synergyd.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\unsignedthemes.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 10978 bytes

Link to comment
Share on other sites

I can see a couple of items that need to be uninstalled

 

http://www.bleepingcomputer.com/tutorials/uninstall-a-program-in-windows/

Scroll down to

How to uninstall a program in Windows 7 and Windows 8

 

 

Look for and if found

CouponDownloader

PriceMeter

 

 

~~~~~~~~~~~~~

 

 

do a full reset for Internet Explorer

http://windows.microsoft.com/en-us/windows7/reset-internet-explorer-settings

 

Reset Firefox:

https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~~~~~~~~`

 

 

Scan with FRST in normal mode

 

Please download Farbar's Recovery Scan Tool to your desktop:

 

FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties)

(To use correct version for your system.....Which system am I using?)

  • Run FRST
  • Don´t change the checkboxes just click on Scan.
  • Logfiles are created on your desktop.
  • Post the FRST.txt
  • The first time the tool is run it generates another log Addition.txt - Please also paste that along with the FRST.txt into your reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

please post

C:\AdwCleaner.txt

JRT.txt

FRST.txt and the Addition.txt

Edited by Juliet
Link to comment
Share on other sites

# AdwCleaner v3.311 - Report created 10/10/2014 at 09:39:52
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 Heavier Edition 2014 x64 (64 bits)
# Username : Asus - ROG
# Running from : C:\Users\Spring-Nexus\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc
Service Deleted : CouponDownloaderService64
Service Deleted : netfilter64
Service Deleted : rqpbhevlkc64

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\MSR
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\Registry Dr
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Speedial
Folder Deleted : C:\Program Files (x86)\System Optimizer Pro
Folder Deleted : C:\Program Files\002
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\004
Folder Deleted : C:\Program Files\CouponDownloader
Folder Deleted : C:\Program Files\RrFilter
Folder Deleted : C:\Program Files\SupraSavings
Folder Deleted : C:\Users\Spring-Nexus\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Spring-Nexus\AppData\Local\PriceMeter
Folder Deleted : C:\Users\Spring-Nexus\AppData\Local\RegistryDr
Folder Deleted : C:\Users\Spring-Nexus\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Spring-Nexus\AppData\Local\Genesis_05270433
Folder Deleted : C:\Users\Spring-Nexus\Documents\Optimizer Pro
Folder Deleted : C:\Users\Spring-Nexus\Documents\RegistryDr
File Deleted : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\searchy@searchy.xpi
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\netfilter64.sys
File Deleted : C:\Users\Spring-Nexus\AppData\Local\AnyProtectScannerSetup.exe

***** [ Scheduled Tasks ] *****

Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : GPUpdate
Task Deleted : pricemeterdownloader
Task Deleted : Speedial

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\genesis
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Speedial
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Rr Savings
Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CouponDownloader
Key Deleted : HKLM\SOFTWARE\DealPlyLive
Key Deleted : HKLM\SOFTWARE\FreeSoftToday
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\Lightspark Team
Key Deleted : HKLM\SOFTWARE\PriceMeterLiveUpdate
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AEB719FD-EDB0-43E9-B524-90F97C1E6499}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speedial
Key Deleted : [x64] HKLM\SOFTWARE\coupon downloader
Key Deleted : [x64] HKLM\SOFTWARE\CouponDownloader
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\RrSavings
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - (x86)\searchprotect\searchprotect\bin\spvc32loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\DF917BEA0BDE9E345B42099FC7E14699
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\DF917BEA0BDE9E345B42099FC7E14699
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF917BEA0BDE9E345B42099FC7E14699

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17278


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\prefs.js ]


[ File : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\prefs.js ]


[ File : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\prefs.js ]


[ File : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\prefs.js ]


[ File : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\prefs.js ]


[ File : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\prefs.js ]


[ File : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\prefs.js ]


[ File : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\prefs.js ]


[ File : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\prefs.js ]


[ File : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\prefs.js ]


[ File : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\prefs.js ]


[ File : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\prefs.js ]


[ File : C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [9555 octets] - [10/10/2014 09:39:11]
AdwCleaner[s0].txt - [6904 octets] - [10/10/2014 09:39:52]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6964 octets] ##########

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 8.1 Heavier Edition 2014 x64 x64
Ran by Asus on Fri 10/10/2014 at 9:45:27.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sizlsearch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sizlsearch_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatesizlsearch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatesizlsearch_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilsizlsearch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilsizlsearch_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\sizlsearch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\sizlsearch_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatesizlsearch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatesizlsearch_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilsizlsearch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilsizlsearch_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Batman Arkham Origins Cold Cold Heart
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/10/2014 at 9:48:21.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01
Ran by Asus (administrator) on ROG on 10-10-2014 09:59:23
Running from C:\Users\Spring-Nexus\Downloads
Loaded Profile: Asus (Available profiles: Asus)
Platform: Windows 8.1 Heavier Edition 2014 x64 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(The Within Network, LLC) C:\Windows\unsignedthemes.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Synergy\synergyd.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee Inc.) C:\Program Files\McAfee\Raptor\RaptorClient.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Synergy\synergys.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Users\Spring-Nexus\AppData\Local\Temp\infinite_screen\perl\bin\infinite_screen.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Actual Tools) C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 5\FMCore.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\EvernoteClipper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Actual Tools) C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter64.exe
(Actual Tools) C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerShellCenter64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\LicensingUI.exe
(Microsoft Corporation) C:\Windows\System32\LicensingUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) B:\Program Files\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) B:\Program Files\Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-04-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-04-18] (Realtek Semiconductor)
HKLM\...\Run: [R.A.T.M] => C:\Program Files\Mad Catz\R.A.T.M\RATM_Profiler.exe [50176 2013-05-14] (Mad Catz Inc)
HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [fst_ca_98] => [X]
HKLM-x32\...\Run: [fst_ca_104] => [X]
HKLM-x32\...\Run: [t4pc_en_3] => [X]
HKLM\...\RunOnce: [RaptorClient] => C:\Program Files\McAfee\Raptor\RaptorClient.exe [1750896 2014-10-09] (McAfee Inc.)
HKLM\...\runonceex: [] => [X]
HKLM\...\runonceex: [TITLE] => Heavier Edition Installation
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2073220131-3286699005-4263925062-1001\...\Run: [uTorrent] => C:\Users\Spring-Nexus\AppData\Roaming\uTorrent\uTorrent.exe [1268560 2014-05-13] (BitTorrent Inc.)
HKU\S-1-5-21-2073220131-3286699005-4263925062-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-30] (Electronic Arts)
HKU\S-1-5-21-2073220131-3286699005-4263925062-1001\...\Run: [Google Update] => C:\Users\Spring-Nexus\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-22] (Google Inc.)
HKU\S-1-5-21-2073220131-3286699005-4263925062-1001\...\Run: [infinite_Screen] => C:\Users\Spring-Nexus\AppData\Local\Temp\infinite_screen\perl\bin\infinite_screen.exe [10240 2009-07-29] () <===== ATTENTION
HKU\S-1-5-21-2073220131-3286699005-4263925062-1001\...\Run: [Actual Window Manager] => C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe [1962288 2014-10-09] (Actual Tools)
HKU\S-1-5-21-2073220131-3286699005-4263925062-1001\...\Run: [FMCore.exe] => C:\Program Files (x86)\Extensis\Suitcase Fusion 5\FMCore.exe [10570752 2014-08-06] (Celartem, Inc., doing business as Extensis.)
HKU\S-1-5-21-2073220131-3286699005-4263925062-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2073220131-3286699005-4263925062-1001\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-2073220131-3286699005-4263925062-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2073220131-3286699005-4263925062-1001\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\Program Files => C:\Program Files [0 2014-10-10] ()
AppInit_DLLs-x32: c:\program files => c:\program files [0 2014-10-10] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Spring-Nexus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: CouponDownloader -> {c817d3d8-b9da-521d-971d-2c0a747ea697} -> C:\Program Files\B9CBA23D-4CBF-4122-9CD4-34A83873247C\gohymlmtrh.dll ()
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.oracle.com/update/1.6.0/jinstall-6u17-windows-i586.cab
Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Spring-Nexus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Spring-Nexus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Spring-Nexus\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Spring-Nexus\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Shortly URL Shortner - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\shortly@aloshbennett.in [2014-10-09]
FF Extension: LastPass - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\support@lastpass.com [2014-10-09]
FF Extension: Google Docs Viewer - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\adonis.cuhk@gmail.com.xpi [2014-10-09]
FF Extension: AutoPager - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\autopager@mozilla.org.xpi [2014-10-09]
FF Extension: Context Font - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\contextfont@easel.org.xpi [2014-10-09]
FF Extension: FindBar Tweak - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\fbt@quicksaver.xpi [2014-10-09]
FF Extension: Feed Sidebar - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\feedbar@efinke.com.xpi [2014-10-09]
FF Extension: Find and Replace for FireFox - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\findandreplace@notreal.org.xpi [2014-10-09]
FF Extension: FireGestures - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\firegestures@xuldev.org.xpi [2014-10-09]
FF Extension: Session box - Tabs manager - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\fvdmedia@googlemail.com.xpi [2014-10-09]
FF Extension: Gmail panel - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\gmail_panel@alejandrobrizuela.com.ar.xpi [2014-10-09]
FF Extension: CouponDownloader - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\j004-efxyrmbzyotmaw@jetpack.xpi [2014-07-28]
FF Extension: URLtoQRcode - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\jid0-ka1TZOfoMg9n3hOnAtSHYjg6GC4@jetpack.xpi [2014-10-09]
FF Extension: AlienTube - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\jid1-0GRQcsmyXNQRlg@jetpack.xpi [2014-10-09]
FF Extension: Reply Now - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\jid1-PZT4aItjRLlXew@jetpack.xpi [2014-10-09]
FF Extension: Reddit Enhancement Suite - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-10-09]
FF Extension: Private Tab - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\privateTab@infocatcher.xpi [2014-10-09]
FF Extension: Restartless Restart - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\restartless.restart@erikvold.com.xpi [2014-10-09]
FF Extension: Tree Style Tab - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2014-10-09]
FF Extension: Video Resumer - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\videoresumer@jetpack.xpi [2014-10-09]
FF Extension: Source Viewer Tab - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\viewsourceintab@piro.sakura.ne.jp.xpi [2014-10-09]
FF Extension: Stylish Sync - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\{0e3fc079-afbb-4a00-87e5-9486062d0f9c}.xpi [2014-10-09]
FF Extension: Session Manager - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-10-09]
FF Extension: Stylish - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-10-09]
FF Extension: Panorama Tab Group Name - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\{4899676e-bd13-45b0-9e53-89cac45ec4da}.xpi [2014-10-09]
FF Extension: Fasterfox - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2014-10-09]
FF Extension: DownThemAll! - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-10-09]
FF Extension: Greasemonkey - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-10-09]
FF Extension: Open link in... - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\{ff81e780-5cc0-11d9-9669-0800200c9a66}.xpi [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-09]
FF StartMenuInternet: FIREFOX.EXE - B:\Program Files\Firefox\firefox.exe

Chrome:
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-07-02] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-27] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S4 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-04] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S4 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [298496 2014-08-21] () [File not signed]
R2 UnsignedThemes; C:\Windows\unsignedthemes.exe [13824 2013-09-23] (The Within Network, LLC) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [100072 2014-04-18] (GenesysLogic)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2014-04-18] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-27] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-16] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-16] (Saitek)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
S3 USBMULCD; C:\Windows\system32\drivers\CM10664.sys [4120576 2012-10-04] (C-Media Electronics Inc)
R2 uxstyle; C:\Windows\system32\Drivers\uxstyle.sys [31440 2013-09-23] (The Within Network, LLC)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 _hid_0738_1710; C:\Windows\system32\DRIVERS\_hid_0738_1710.sys [180992 2013-04-16] (Saitek)
S3 _usb_0738_1710; C:\Windows\System32\drivers\_usb_0738_1710.sys [47616 2013-04-16] (Saitek)
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
U4 RAMDiskVE; No ImagePath
S3 WacHidRouter; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S3 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 09:59 - 2014-10-10 10:00 - 00024495 _____ () C:\Users\Spring-Nexus\Downloads\FRST.txt
2014-10-10 09:59 - 2014-10-10 09:59 - 00000000 ____D () C:\FRST
2014-10-10 09:58 - 2014-10-10 09:58 - 02109952 _____ (Farbar) C:\Users\Spring-Nexus\Downloads\FRST64.exe
2014-10-10 09:48 - 2014-10-10 09:48 - 00002163 _____ () C:\Users\Spring-Nexus\Desktop\JRT.txt
2014-10-10 09:45 - 2014-10-10 09:45 - 01705755 _____ (Thisisu) C:\Users\Spring-Nexus\Downloads\JRT.exe
2014-10-10 09:45 - 2014-10-10 09:45 - 00000000 ____D () C:\Windows\ERUNT
2014-10-10 09:42 - 2014-10-10 09:42 - 00007084 _____ () C:\Users\Spring-Nexus\Desktop\AdwCleaner[s0].txt
2014-10-10 09:37 - 2014-10-10 09:40 - 00000000 ____D () C:\AdwCleaner
2014-10-10 09:36 - 2014-10-10 09:36 - 01375089 _____ () C:\Users\Spring-Nexus\Downloads\AdwCleaner.exe
2014-10-09 21:56 - 2014-10-09 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-09 21:56 - 2014-10-09 21:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-09 21:56 - 2014-10-09 21:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-09 21:55 - 2014-10-09 21:55 - 13087456 _____ (Microsoft Corporation) C:\Users\Spring-Nexus\Downloads\Silverlight_x64.exe
2014-10-09 21:34 - 2014-10-09 21:34 - 00010980 _____ () C:\Users\Spring-Nexus\Desktop\hijackthis.log
2014-10-09 21:33 - 2014-10-09 21:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Spring-Nexus\Downloads\HijackThis.exe
2014-10-09 21:17 - 2014-10-09 21:17 - 00000128 ___RH () C:\Users\Spring-Nexus\Downloads\Stinger.opt
2014-10-09 21:10 - 2014-10-09 21:11 - 00000858 _____ () C:\Users\Spring-Nexus\Downloads\Stinger_09102014_211026.html
2014-10-09 21:01 - 2014-10-09 21:01 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.0ff9.deleteme
2014-10-09 21:01 - 2014-10-09 21:01 - 00000000 ____D () C:\Quarantine
2014-10-09 21:00 - 2014-10-09 21:17 - 00000000 ____D () C:\Program Files\stinger
2014-10-09 21:00 - 2014-10-09 21:03 - 00001069 _____ () C:\Users\Spring-Nexus\Downloads\Stinger_09102014_210055.html
2014-10-09 21:00 - 2014-10-09 21:00 - 00000000 ____D () C:\Program Files\McAfee
2014-10-09 20:47 - 2014-10-09 20:47 - 14178160 _____ (McAfee Inc) C:\Users\Spring-Nexus\Downloads\stinger64.exe
2014-10-09 19:01 - 2014-10-09 19:01 - 00000000 ____D () C:\Users\Spring-Nexus\AppData\Roaming\FolderColorize
2014-10-09 19:01 - 2014-10-09 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Colorizer
2014-10-09 19:01 - 2014-10-09 19:01 - 00000000 ____D () C:\Program Files\Folder Colorizer
2014-10-09 19:00 - 2014-10-09 19:00 - 01396040 _____ (Softorino ) C:\Users\Spring-Nexus\Downloads\FolderColorizerSetup.exe
2014-10-09 18:48 - 2014-10-09 18:48 - 00000010 _____ () C:\Users\Spring-Nexus\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
2014-10-09 18:48 - 2014-10-09 18:48 - 00000010 _____ () C:\ProgramData\.F4G6EEC4-B493-3E31-C6BG-8C6C9B764D36
2014-10-09 18:46 - 2014-10-09 18:57 - 00000000 ____D () C:\Users\Spring-Nexus\AppData\Local\Extensis
2014-10-09 18:46 - 2014-10-09 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extensis
2014-10-09 18:46 - 2014-10-09 18:46 - 00000000 ____D () C:\ProgramData\Extensis
2014-10-09 18:46 - 2014-10-09 18:46 - 00000000 ____D () C:\Program Files (x86)\Extensis
2014-10-09 18:46 - 2014-10-09 18:46 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-10-09 18:38 - 2014-10-09 18:38 - 00003490 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ROG-Asus
2014-10-09 18:35 - 2014-10-09 18:35 - 00000919 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-10-09 18:35 - 2014-10-09 18:35 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-09 18:34 - 2014-10-09 18:34 - 00001576 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-10-09 18:34 - 2014-10-09 18:34 - 00001564 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-10-09 18:33 - 2014-10-09 18:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-09 18:33 - 2014-10-09 18:33 - 00003474 _____ () C:\Windows\System32\Tasks\ASUS Live Update1
2014-10-09 18:33 - 2014-10-09 18:33 - 00003464 _____ () C:\Windows\System32\Tasks\ASUS Live Update2
2014-10-09 18:30 - 2014-10-09 18:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-09 18:26 - 2014-10-09 18:26 - 00000000 ____D () C:\Users\Spring-Nexus\AppData\Local\Evernote
2014-10-09 18:25 - 2014-10-09 18:25 - 00002535 _____ () C:\Users\Public\Desktop\Evernote.lnk
2014-10-09 18:25 - 2014-10-09 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-10-09 18:25 - 2014-10-09 18:25 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-10-09 18:23 - 2014-10-09 18:23 - 90039136 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Spring-Nexus\Downloads\Evernote_5.6.4.4632.exe
2014-10-09 18:17 - 2014-05-08 19:06 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-10-09 18:01 - 2014-10-09 18:01 - 00001005 _____ () C:\Users\Public\Desktop\Clover.lnk
2014-10-09 18:01 - 2014-10-09 18:01 - 00000000 ____D () C:\Users\Spring-Nexus\AppData\Local\Clover
2014-10-09 18:01 - 2014-10-09 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover
2014-10-09 18:01 - 2014-10-09 18:01 - 00000000 ____D () C:\Program Files (x86)\Clover
2014-10-09 17:59 - 2014-10-09 17:59 - 00000000 ____D () C:\Users\Spring-Nexus\AppData\Roaming\Actual Tools
2014-10-09 17:59 - 2014-10-09 17:59 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-10-09 17:59 - 2014-10-09 17:59 - 00000000 ____D () C:\ProgramData\Actual Tools
2014-10-09 17:53 - 2014-10-09 17:53 - 00000000 ____D () C:\Program Files\B9CBA23D-4CBF-4122-9CD4-34A83873247C
2014-10-09 17:53 - 2014-10-09 17:53 - 00000000 ____D () C:\Program Files (x86)\B9CBA23D-4CBF-4122-9CD4-34A83873247C
2014-10-09 17:52 - 2014-09-02 16:06 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-09 17:52 - 2014-09-02 16:06 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-09 17:49 - 2014-10-09 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-09 17:31 - 2014-10-09 17:31 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-10-09 17:31 - 2014-10-09 17:31 - 00000964 _____ () C:\Windows\LkmdfCoInst.log
2014-10-09 17:30 - 2014-10-09 17:59 - 00000000 ____D () C:\Users\Spring-Nexus\AppData\Roaming\Logitech
2014-10-09 17:30 - 2014-10-09 17:59 - 00000000 ____D () C:\ProgramData\Logishrd
2014-10-09 17:30 - 2014-10-09 17:31 - 00006486 _____ () C:\Windows\LDPINST.LOG
2014-10-09 17:30 - 2014-10-09 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-10-09 17:30 - 2014-10-09 17:31 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-10-09 17:30 - 2014-10-09 17:30 - 00000000 ____D () C:\Users\Spring-Nexus\AppData\Roaming\Logishrd
2014-10-09 17:30 - 2014-10-09 17:30 - 00000000 ____D () C:\Program Files\Logitech
2014-10-09 17:28 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-09 17:21 - 2014-10-09 17:22 - 81533904 _____ (Logitech Inc.) C:\Users\Spring-Nexus\Downloads\SetPoint6.65.62_64.exe
2014-10-09 17:21 - 2014-10-09 17:21 - 04147600 _____ ($Co_Name Inc.) C:\Users\Spring-Nexus\Downloads\unifying250.exe
2014-10-09 17:20 - 2014-10-09 17:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-09 17:20 - 2014-10-09 17:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-09 17:20 - 2014-10-09 17:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-09 17:20 - 2014-10-09 17:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-09 17:20 - 2014-10-09 17:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-09 17:20 - 2014-10-09 17:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-09 17:20 - 2014-10-09 17:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-09 17:20 - 2014-10-09 17:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-09 17:20 - 2014-10-09 17:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-09 17:20 - 2014-10-09 17:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-09 17:20 - 2014-10-09 17:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-09 17:20 - 2014-10-09 17:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-09 17:20 - 2014-08-15 22:40 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-09 17:20 - 2014-08-15 21:56 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-09 17:20 - 2014-08-15 21:54 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-09 17:20 - 2014-08-15 21:43 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-09 17:20 - 2014-08-15 21:32 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-09 17:20 - 2014-08-15 21:25 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-09 17:20 - 2014-08-15 21:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-09 17:20 - 2014-08-15 21:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-09 17:20 - 2014-08-15 21:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-09 17:20 - 2014-08-15 21:18 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-09 17:20 - 2014-08-15 21:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-09 17:20 - 2014-08-15 21:06 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-09 17:20 - 2014-08-15 21:05 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-09 17:20 - 2014-08-15 21:05 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-09 17:20 - 2014-08-15 21:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-09 17:20 - 2014-08-15 20:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-09 17:20 - 2014-08-15 20:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-09 17:20 - 2014-08-15 20:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-09 17:20 - 2014-08-15 20:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-09 17:20 - 2014-08-15 20:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-09 17:20 - 2014-08-15 20:18 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-09 17:20 - 2014-08-15 20:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-09 17:20 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-09 17:20 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-09 17:19 - 2014-08-15 22:04 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-09 17:19 - 2014-08-15 22:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-09 17:19 - 2014-08-15 22:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-09 17:19 - 2014-08-15 21:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-09 17:19 - 2014-08-15 21:18 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-09 17:19 - 2014-08-15 21:03 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-09 17:19 - 2014-08-15 20:56 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-09 17:19 - 2014-08-15 20:53 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-09 17:19 - 2014-08-15 20:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-09 17:19 - 2014-08-15 20:44 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-09 17:19 - 2014-08-15 20:34 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-09 17:19 - 2014-08-15 20:20 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-09 17:19 - 2014-08-15 20:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-09 17:16 - 2014-10-09 17:16 - 00000316 _____ () C:\Users\Spring-Nexus\Desktop\WinGrooves.appref-ms
2014-10-09 17:16 - 2014-10-09 17:16 - 00000000 ____D () C:\Users\Spring-Nexus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinGrooves
2014-10-09 17:15 - 2014-10-09 17:15 - 00428848 _____ () C:\Users\Spring-Nexus\Downloads\WinGroovesSetup.exe
2014-10-09 17:15 - 2014-09-04 22:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-10-09 17:15 - 2014-09-04 22:31 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-09 17:15 - 2014-09-04 20:48 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-09 17:15 - 2014-08-14 20:36 - 00146752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-10-09 17:15 - 2014-07-29 21:56 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-10-09 17:15 - 2014-07-29 01:22 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2014-10-09 17:15 - 2014-06-28 03:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-10-09 17:15 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-10-09 17:15 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-10-09 17:15 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-09 17:15 - 2014-05-09 23:46 - 02151424 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-09 17:15 - 2014-05-09 23:22 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-10-09 17:14 - 2014-10-09 17:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-09 17:14 - 2014-03-23 22:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-10-09 17:14 - 2014-03-23 22:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-10-09 17:14 - 2014-03-23 22:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-10-09 17:14 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-10-09 17:14 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-10-09 17:13 - 2014-10-09 17:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-09 17:13 - 2014-08-06 22:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-09 17:13 - 2014-08-01 23:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-09 17:13 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-09 17:13 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-09 17:13 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-10-09 17:13 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-09 17:13 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-10-09 17:13 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-10-09 17:12 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-10-09 17:12 - 2014-04-11 02:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-09 17:12 - 2014-04-11 01:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-10-09 17:12 - 2014-04-10 23:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-10-09 17:12 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-09 17:12 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-09 17:12 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-09 17:12 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-09 17:12 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-10-09 17:12 - 2014-04-10 22:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-09 17:12 - 2014-04-10 22:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-09 17:09 - 2014-08-01 20:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-10-09 17:09 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-10-09 17:09 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-10-09 17:09 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-10-09 17:09 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-10-09 17:09 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-09 17:09 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-10-09 17:09 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-10-09 17:09 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-10-09 17:09 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-10-09 17:09 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-09 17:07 - 2014-08-28 21:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-09 17:07 - 2014-08-28 21:32 - 02779136 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-09 17:07 - 2014-08-28 20:59 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-09 17:07 - 2014-08-28 19:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-09 17:07 - 2014-08-28 19:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-09 17:07 - 2014-08-25 18:27 - 04148736 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-09 17:07 - 2014-08-23 03:48 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-10-09 17:07 - 2014-08-23 03:13 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-10-09 17:07 - 2014-08-23 02:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-10-09 17:07 - 2014-08-23 01:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-10-09 17:07 - 2014-08-23 00:44 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-10-09 17:07 - 2014-08-23 00:34 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-09 17:07 - 2014-08-23 00:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-10-09 17:07 - 2014-08-23 00:31 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-10-09 17:07 - 2014-08-23 00:20 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-09 17:07 - 2014-08-16 00:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-09 17:07 - 2014-08-16 00:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-09 17:07 - 2014-08-16 00:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-09 17:07 - 2014-08-15 23:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-09 17:07 - 2014-08-15 23:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-09 17:07 - 2014-08-15 23:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-09 17:07 - 2014-08-15 23:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-09 17:07 - 2014-08-15 23:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-09 17:07 - 2014-08-15 23:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-09 17:07 - 2014-08-15 21:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-09 17:07 - 2014-08-15 21:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-09 17:07 - 2014-08-15 20:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-09 17:07 - 2014-08-15 20:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-09 17:07 - 2014-08-15 20:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-09 17:07 - 2014-08-15 20:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-09 17:07 - 2014-08-15 20:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-09 17:07 - 2014-08-15 20:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-09 17:07 - 2014-08-15 20:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-09 17:07 - 2014-08-15 20:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-09 17:07 - 2014-08-15 20:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-09 17:07 - 2014-08-15 20:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-09 17:07 - 2014-08-15 20:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-09 17:07 - 2014-08-15 20:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-09 17:07 - 2014-08-15 20:20 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-09 17:07 - 2014-08-15 20:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-09 17:07 - 2014-08-15 20:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-09 17:07 - 2014-08-15 20:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-09 17:07 - 2014-08-15 20:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-09 17:07 - 2014-08-15 20:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-09 17:07 - 2014-08-15 20:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-09 17:07 - 2014-08-15 20:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-09 17:07 - 2014-08-15 20:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-09 17:07 - 2014-08-15 20:11 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-09 17:07 - 2014-08-15 20:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-09 17:07 - 2014-08-15 20:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-09 17:07 - 2014-08-15 20:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-09 17:07 - 2014-07-31 19:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-09 17:07 - 2014-07-24 11:28 - 00468288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-10-09 17:07 - 2014-07-24 07:42 - 01200640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-10-09 17:07 - 2014-07-24 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2014-10-09 17:07 - 2014-07-24 06:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-10-09 17:07 - 2014-07-24 05:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-09 17:07 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-09 17:07 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-09 17:07 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-10-09 17:06 - 2014-05-05 00:02 - 03360256 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-09 17:05 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-10-09 17:05 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-10-09 17:05 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-09 17:05 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-10-09 17:05 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-10-09 17:05 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-10-09 17:05 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-10-09 17:05 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-10-09 17:05 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-10-09 17:05 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-10-09 17:05 - 2014-05-02 19:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-10-09 17:05 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-09 17:05 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-10-09 17:05 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-10-09 17:05 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-10-09 17:05 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-10-09 17:05 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-10-09 17:05 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-10-09 17:05 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-10-09 17:05 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-10-09 17:05 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-10-09 17:05 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-10-09 17:05 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-10-09 17:05 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-10-09 17:05 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-10-09 17:05 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-10-09 17:05 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-10-09 17:05

Link to comment
Share on other sites

I see you have P2P software ( BitTorrent uTorrent etc ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

 

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Malware and Virus removal.

 

~~~~~~~~~~~~~

 

You have an item in your startups folder that needs to be removed.

From the Start screen, type msconfig to open the Search, and then select msconfig from the search results.

Click the General tab.

Select Selective Startup, and remove the checkmark next to Load startup items.

Click on the Startup and click OK.

PriceMeterW <-- look for this and remove the checkmark. OK your way out and continue.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Running from C:\Users\Spring-Nexus\Downloads

This is in the wrong location.

 

Please go to your downloads folder, locate FRST, right click on it and select CUT

Go to an empty spot on your desktop, right click and select Paste.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CloseProcesses:

HKLM-x32\...\Run: [fst_ca_98] => [X]

HKLM-x32\...\Run: [fst_ca_104] => [X]

HKLM-x32\...\Run: [t4pc_en_3] => [X]

HKLM\...\runonceex: [] => [X]

HKU\S-1-5-21-2073220131-3286699005-4263925062-1001\...\Run: [infinite_Screen] => C:\Users\Spring-Nexus\AppData\Local\Temp\infinite_screen\perl\bin\infinite_screen.exe [10240 2009-07-29] () <===== ATTENTION

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

BHO-x32: CouponDownloader -> {c817d3d8-b9da-521d-971d-2c0a747ea697} -> C:\Program Files\B9CBA23D-4CBF-4122-9CD4-34A83873247C\gohymlmtrh.dll ()

FF Extension: CouponDownloader - C:\Users\Spring-Nexus\AppData\Roaming\Mozilla\Firefox\Profiles\pxfh51iu.default\Extensions\j004-efxyrmbzyotmaw@jetpack.xpi [2014-07-28]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

C:\Users\Spring-Nexus\AppData\Local\Temp\infinite_screen\perl\bin\infinite_screen.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\11191uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\23352uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\2562uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\26582uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\28915uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\30485uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\33947uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\38009uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\40599uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\50022uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\57756uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\57839uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\61185uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\63516uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\6886uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\69056uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\70592uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\71249uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\72025uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\72317uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\74982uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\84271uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\86428uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\8783uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\91249uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\91641uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\91988uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\92573uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\93262uninstall.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\aimemb.dll

C:\Users\Spring-Nexus\AppData\Local\Temp\aimemb64.dll

C:\Users\Spring-Nexus\AppData\Local\Temp\BackupSetup.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\bassmod.dll

C:\Users\Spring-Nexus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplbvu04.dll

C:\Users\Spring-Nexus\AppData\Local\Temp\eqroq0h5.y1u.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\fjgh1opy.3d0.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\fqzqsz4f.5xw.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\GURB2D5.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\ICReinstall_IDM2-Win-EN.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\jgclbwum.uza.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\LMkRstPt.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\nsf3115.tmp.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\nsg9BCA.tmp.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\nshA683.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\nshA75B.tmp.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\nsi8EA2.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\nsn8FFA.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\nsnA7DC.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\nv3DVStreaming.dll

C:\Users\Spring-Nexus\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Spring-Nexus\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Spring-Nexus\AppData\Local\Temp\nvStereoApiI.dll

C:\Users\Spring-Nexus\AppData\Local\Temp\nvStInst.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\Quarantine.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\RegistryDrSetup_S.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\setup__7926.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\setup__8271.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\SfpcHelper_installFinish.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\SfpcHelper_installStart.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\sonarinst.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\Sqlite3.dll

C:\Users\Spring-Nexus\AppData\Local\Temp\vlc-2.1.4-win64.exe

C:\Users\Spring-Nexus\AppData\Local\Temp\xmlUpdater.exe

2014-07-28 16:21 - 2014-07-28 16:21 - 00074752 _____ () C:\Program Files\B9CBA23D-4CBF-4122-9CD4-34A83873247C\gohymlmtrh.dll

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...