PC infected with "provider" adware/malware - Please help

**kellyr02** · 2015-03-20, 16:15

Hello, about a week or two ago I noticed that my browser (Chrome) was launching new tabs at unusual times (like when I click on a drop down box), and that I was seeing hyperlink ads more often. All of these Ads seem to be by "Provider". I have downloaded and run the Registry back up, FRST, and aswBMR programs as described in the top post on this page. Thank you in advance for any help you are able to render. -Rob Kelly

FRST log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Robert (administrator) on ROBERT-PC on 18-03-2015 23:52:44
Running from C:\Users\Robert\Downloads
Loaded Profiles: Robert & UpdatusUser (Available profiles: Robert & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AV Security Software) C:\Windows\mlwps.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Bitberry Software) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11075176 2010-07-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2011-11-04] (ASUS)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [905216 2010-09-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe [84464 2010-10-15] ()
HKLM-x32\...\Run: [SessionLogon] => C:\ExpressGateUtil\SessionLogon.exe
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-01-24] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2010-04-16] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [77824 2011-11-18] (Apple Computer, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3142822200-3783541570-118272861-1000\...\Run: [NCsoft] => [X]
HKU\S-1-5-21-3142822200-3783541570-118272861-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3142822200-3783541570-118272861-1000\...\Run: [GoogleChromeAutoLaunch_8CC0C224CAA679A6B63017BE99A17B85] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-3142822200-3783541570-118272861-1000\...\MountPoints2: {f292dbb2-06ba-11e1-a5bf-806e6f6e6963} - D:\InstAll.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bigfoot Killer Network Manager.lnk
ShortcutTarget: Bigfoot Killer Network Manager.lnk -> C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3142822200-3783541570-118272861-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3142822200-3783541570-118272861-1000] => 127.0.0.1:8118
HKU\S-1-5-21-3142822200-3783541570-118272861-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3142822200-3783541570-118272861-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
HKU\S-1-5-21-3142822200-3783541570-118272861-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
HKU\S-1-5-21-3142822200-3783541570-118272861-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
HKU\S-1-5-21-3142822200-3783541570-118272861-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-3142822200-3783541570-118272861-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={67595EE4-30D6-4AEE-9C59-310E81C8A327}&mid=bbc6d66421fc47d19371d15869fce37c-a672a061497620a4b1c69ba00e0834dcf98f65ae&lang=en&ds=AVG&pr=fr&d=2011-10-06 02:38:53&v=8.0.0.34&sap=dsp&q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll [2015-03-09] (Jelbrus)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [180840] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [180840] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [180840] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [180840] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BfLLR.dll [180840] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [195688] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [195688] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [195688] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [195688] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\BfLLR.dll [195688] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-11-13] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-11-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3142822200-3783541570-118272861-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll [2012-12-27] (Amazon.com, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-05-05]
CHR Extension: (Orbital Clock) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\agkkailckcebbicfkmdpelhdjjgmiehb [2012-08-24]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-20]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google Search) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Google Calendar) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-05-05]
CHR Extension: (Dictionary.com Extension) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkhgmlgiomobdlofllfmoejgjdojknn [2012-08-24]
CHR Extension: (APOD) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gggblmmgahdkappoldbhdbofnjlklphc [2012-08-24]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2014-05-05]
CHR Extension: (eMusic Download Manager) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdmknaopmioddhgcdjemlflcnfgpdhd [2012-04-01]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-05-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (The Gansberg Clock) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhecpmapflhhdpcnpedpcaabolnapcae [2012-08-24]
CHR Extension: (Wikipedia Search) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2012-08-24]
CHR Extension: (Google Wallet) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Advanced Periodic Table) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\obpkghbakijeifcoimhhechlmcbdmmli [2012-08-24]
CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Bigfoot Networks Killer Service; C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [467456 2011-11-07] () [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-11-04] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-11-04] (Creative Labs) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 Live Malware Protection; C:\Windows\mlwps.exe [239104 2015-03-05] (AV Security Software) [File not signed] <==== ATTENTION
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PrivoxyService; C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe [371200 2015-03-09] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [25536 2014-04-14] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [2740328 2011-11-07] (Bigfoot Networks, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-01-16] (AVG Technologies CZ, s.r.o.)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [69224 2011-11-07] (Bigfoot Networks, Inc.)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 23:52 - 2015-03-18 23:53 - 00022191 _____ () C:\Users\Robert\Downloads\FRST.txt
2015-03-18 23:51 - 2015-03-18 23:52 - 00000000 ____D () C:\FRST
2015-03-18 23:51 - 2015-03-18 23:51 - 02095616 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2015-03-18 23:37 - 2015-03-18 23:37 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-03-18 23:37 - 2015-03-18 23:37 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ROBERT-PC-Windows-7-Professional-(64-bit).dat
2015-03-18 23:37 - 2015-03-18 23:37 - 00000000 ____D () C:\RegBackup
2015-03-18 23:37 - 2015-03-18 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-18 23:37 - 2015-03-18 23:37 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-03-18 23:10 - 2015-03-18 23:10 - 04720448 _____ () C:\Users\Robert\Downloads\tweaking.com_registry_backup_setup.exe
2015-03-12 00:20 - 2015-03-12 00:20 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-03-12 00:20 - 2015-03-12 00:20 - 00000000 ___HD () C:\$AVG
2015-03-12 00:20 - 2015-03-12 00:20 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\TuneUp Software
2015-03-12 00:20 - 2015-03-12 00:20 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\AVG2015
2015-03-12 00:20 - 2015-03-12 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-12 00:20 - 2015-03-12 00:20 - 00000000 ____D () C:\ProgramData\AVG2015
2015-03-12 00:18 - 2015-03-12 00:23 - 00000000 ____D () C:\Users\Robert\AppData\Local\Avg2015
2015-03-12 00:18 - 2015-03-12 00:18 - 04800936 _____ (AVG Technologies) C:\Users\Robert\Downloads\avg_free_stb_all_5751p1_177.exe
2015-03-12 00:18 - 2015-03-12 00:18 - 00000000 ____D () C:\Users\Robert\AppData\Local\MFAData
2015-03-10 20:43 - 2015-03-10 20:43 - 01475529 _____ () C:\Users\Robert\Downloads\56 Locust Offer minus signed disclosure
2015-03-10 20:33 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 20:33 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 20:33 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 20:33 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 20:33 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 20:33 - 2015-01-14 02:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 20:33 - 2015-01-14 02:09 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 20:33 - 2015-01-14 02:09 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 20:33 - 2015-01-14 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 20:33 - 2015-01-14 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 20:33 - 2015-01-14 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 20:33 - 2015-01-14 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 20:33 - 2015-01-14 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 20:33 - 2015-01-14 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 20:33 - 2015-01-14 02:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 20:33 - 2015-01-14 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 20:33 - 2015-01-14 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 20:33 - 2015-01-14 02:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 20:33 - 2015-01-14 02:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 20:33 - 2015-01-14 01:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 20:33 - 2015-01-14 01:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 20:33 - 2015-01-14 01:41 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 20:33 - 2015-01-14 01:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 20:33 - 2015-01-14 01:40 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 20:33 - 2015-01-14 01:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 20:33 - 2015-01-14 01:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 20:33 - 2015-01-14 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 20:33 - 2014-12-29 21:23 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 20:33 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-10 20:33 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-10 20:32 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 20:32 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 20:32 - 2015-01-14 01:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 20:32 - 2015-01-14 01:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-09 19:05 - 2015-03-18 21:50 - 00003282 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task
2015-03-09 19:05 - 2015-03-09 19:05 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web
2015-03-07 00:23 - 2015-03-11 21:37 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2015-03-05 22:19 - 2015-03-12 00:34 - 00000000 ____D () C:\Program Files (x86)\PrivateVPN
2015-03-05 22:19 - 2015-03-05 22:19 - 00239104 _____ (AV Security Software) C:\Windows\mlwps.exe
2015-03-05 22:19 - 2015-03-05 22:19 - 00003262 _____ () C:\Windows\System32\Tasks\Malware Cleaner
2015-03-05 22:19 - 2015-03-05 22:19 - 00000000 _____ () C:\Users\Robert\AppData\Roaming\214.tmp
2015-02-19 21:26 - 2015-02-19 21:26 - 00270816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 23:52 - 2011-11-04 04:05 - 02074026 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 23:26 - 2011-12-08 12:56 - 00000000 ___DC () C:\Users\Robert\AppData\Local\MigWiz
2015-03-18 23:15 - 2011-11-17 10:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-18 22:59 - 2009-07-14 01:13 - 00797890 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 21:58 - 2011-11-17 10:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 21:55 - 2012-01-07 17:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-18 21:50 - 2011-11-20 15:07 - 00000404 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2015-03-18 01:46 - 2009-07-14 00:45 - 00019824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-18 01:46 - 2009-07-14 00:45 - 00019824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 01:41 - 2014-04-17 22:32 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2015-03-18 01:40 - 2011-11-21 22:15 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-03-18 01:39 - 2011-11-23 22:12 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\uTorrent
2015-03-18 01:39 - 2011-11-04 04:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-18 01:39 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-18 01:39 - 2009-07-14 00:51 - 00062338 _____ () C:\Windows\setupact.log
2015-03-12 00:20 - 2012-01-07 17:59 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-03-11 21:39 - 2011-11-04 04:05 - 00001355 _____ () C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-10 22:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-10 22:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-10 21:38 - 2011-11-23 22:33 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\vlc
2015-03-10 20:37 - 2011-11-04 04:16 - 00169430 _____ () C:\Windows\PFRO.log
2015-03-10 20:37 - 2009-07-14 00:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 20:36 - 2013-08-15 20:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 20:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-26 21:14 - 2011-11-18 12:06 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-24 04:17 - 2011-11-13 16:01 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-03-05 22:19 - 2015-03-05 22:19 - 0000000 _____ () C:\Users\Robert\AppData\Roaming\214.tmp
2011-12-08 14:44 - 2011-12-08 14:44 - 0003584 _____ () C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-26 23:55 - 2014-05-26 23:55 - 0026847 _____ () C:\ProgramData\dxdiag.txt
2012-12-10 23:01 - 2012-12-10 23:05 - 0000815 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Robert\AppData\Local\Temp\GPUpd54FA7DB10.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27240.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27251.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27282.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE47060.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Robert\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Robert\AppData\Local\Temp\tasks.dll
C:\Users\Robert\AppData\Local\Temp\utt48B5.tmp.exe
C:\Users\Robert\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Robert\AppData\Local\Temp\_is310E.exe
C:\Users\Robert\AppData\Local\Temp\_isBAA7.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-15 21:53

==================== End Of Log ============================

ADDITIONAL FRST LOG:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Robert at 2015-03-18 23:53:11
Running from C:\Users\Robert\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3142822200-3783541570-118272861-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3142822200-3783541570-118272861-1000\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{02EE09E7-958A-4E7F-80B6-8BA2D262BD04}) (Version: 1.0.12 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.42 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
Asus_G73_Screensaver (HKLM-x32\...\Asus_G73_Screensaver) (Version: 1.0.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4311 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
Bigfoot Networks Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: - )
Bigfoot Networks Killer Network Manager (Version: 6.1.0.219 - Bigfoot Networks) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version: - Canon Inc.‎)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
City of Heroes (HKU\S-1-5-21-3142822200-3783541570-118272861-1000\...\NCsoft-CityOfHeroes) (Version: - NCsoft)
Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version: - )
Civilization III: Conquests (HKLM-x32\...\{F31BC49F-AB7B-4A53-A399-EB7331B585BC}) (Version: - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
eMusic Download Manager (HKLM-x32\...\eMusic Download Manager 5.0.5) (Version: 5.0.5 - eMusic.com Inc.)
ExpressGate Cloud (HKLM-x32\...\InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}) (Version: 2.1.81.393 - Asus)
ExpressGate Cloud (x32 Version: 2.1.81.393 - Asus) Hidden
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: - Trusted Software) <==== ATTENTION
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version: - Bitberry Software) <==== ATTENTION
Fresco Logic USB3.0 Host Controller (HKLM\...\{A445B6F1-C69E-4F0F-B3F8-79A5C7A6066B}) (Version: 3.0.108.16 - Fresco Logic Inc.)
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7876 - Memeo Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Myst III: Exile (HKLM-x32\...\{9F05B89E-2873-11D5-9E9D-0050DA1EA555}) (Version: - )
Myst Masterpiece Edition (HKLM-x32\...\{7D1CE80E-3EAE-441E-BE97-625F9ABD07D9}) (Version: - )
NCsoft Launcher (HKLM-x32\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.25.1 - NCsoft)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
OverDrive Media Console (HKLM-x32\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6162 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Riven (HKLM-x32\...\{D9577427-2D9D-4580-BDB3-FFDDE06A9554}) (Version: - )
Roxio CinePlayer (HKLM-x32\...\{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}) (Version: 5.6.221.0 - Roxio)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
THX TruStudio (HKLM-x32\...\{B11AB9C8-18A6-41DC-98B4-4988CC030136}) (Version: 1.0 - Creative Technology Limited)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TunnelBear (HKLM-x32\...\{55ae0a37-4bee-4922-80f2-a72d28fc14f1}) (Version: 2.2.19.0 - TunnelBear)
TunnelBear (x32 Version: 2.2.19.0 - TunnelBear) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC (HKLM-x32\...\{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}) (Version: 1.0.0.0 - VLC)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.600 - Broadcom Corporation)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

07-02-2015 01:03:58 Removed Free MKV To MP4 Converter
20-02-2015 21:05:31 Windows Update
01-03-2015 20:34:56 Windows Update
07-03-2015 01:02:45 Windows Update
10-03-2015 18:20:38 Windows Update
10-03-2015 20:32:43 Windows Update
12-03-2015 00:20:03 Installed AVG 2015
12-03-2015 00:20:13 Installed AVG 2015
18-03-2015 01:18:44 prior to possibly installing malware removal software

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02DC2B7F-496D-486F-86C1-8F60927DAA1A} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {0B3B863C-BDC9-4C78-ADD8-DE947C27F1FB} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {34AD7555-3342-4D49-B40F-1040586E829A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {3A904008-F4A4-4F83-AA57-70E44BA72610} - System32\Tasks\Malware Cleaner => C:\Users\Robert\AppData\Roaming\214.tmp.exe <==== ATTENTION
Task: {45DF8F5C-F924-4CB2-97F4-A6F189E104ED} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {634AF79B-63AB-4E24-B7CF-9B795BC367BD} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Task: {82F0912E-49D7-485B-9C04-A80149B5765A} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-03-09] (Jelbrus) <==== ATTENTION
Task: {8856E19F-EF5D-4F0A-AFA6-CB025A234D7D} - System32\Tasks\{85F68CD5-795E-44F9-99F7-05F1917E8FD0} => C:\kmouse\tmpanel.exe [1999-07-12] (Kensington Technology Group)
Task: {A644E7F0-5323-4DC7-AEB8-3C6B33206891} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {BED5A996-CF2E-4896-A21D-E8A7DC8050FC} - System32\Tasks\{D78BAFCF-9795-4400-9F8A-875FA461A25A} => C:\kmouse\tmpanel.exe [1999-07-12] (Kensington Technology Group)
Task: {C74CA3CB-EFAF-42CF-BAC4-B75554116EF1} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-11-10] (ASUS)
Task: {D0558837-07F7-48EF-A253-A732DBE80C1F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {DE79F674-34E5-44B1-9D1E-8CCA44823565} - System32\Tasks\Giga Perfect Uninstaller => C:\Program Files (x86)\PrivateVPN\gpup.exe
Task: {F1165C17-A9BA-4EBD-8C95-F07066538AEE} - System32\Tasks\{AB77F0A4-3577-4A92-AA94-7ADE96DBF922} => pcalua.exe -a D:\Setup.EXE -d D:\
Task: {F851D707-2D1E-4342-B992-CA6F55AFBC0E} - System32\Tasks\TunnelBear => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2014-04-14] (TunnelBear)
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-04-15 13:49 - 2013-08-29 18:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-07 22:52 - 2011-11-07 22:52 - 00467456 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
2011-05-09 19:46 - 2011-05-09 19:46 - 02760192 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtCore4.dll
2011-05-09 19:56 - 2011-05-09 19:56 - 09856000 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtGui4.dll
2011-05-09 19:47 - 2011-05-09 19:47 - 00416256 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtXml4.dll
2011-11-07 22:52 - 2011-11-07 22:52 - 00203264 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\BFCommon.dll
2011-05-10 12:32 - 2011-05-10 12:32 - 00731648 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\qwt5.dll
2011-05-09 19:48 - 2011-05-09 19:48 - 00990720 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtNetwork4.dll
2010-08-20 21:47 - 2010-08-20 21:47 - 00077312 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-03-11 23:14 - 2010-03-11 23:14 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-04-02 22:21 - 2008-10-01 02:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-11-07 22:52 - 2011-11-07 22:52 - 00568832 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
2011-11-07 22:52 - 2011-11-07 22:52 - 00403968 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modApplications.dll
2011-11-07 22:52 - 2011-11-07 22:52 - 00036864 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modFeatures.dll
2011-11-07 22:52 - 2011-11-07 22:52 - 00025088 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modFraps.dll
2011-11-07 22:52 - 2011-11-07 22:52 - 00245248 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modGraph.dll
2011-11-07 22:52 - 2011-11-07 22:52 - 00062464 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modlcd.dll
2011-11-07 22:52 - 2011-11-07 22:52 - 00290816 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modNetwork.dll
2011-11-07 22:52 - 2011-11-07 22:52 - 00184832 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modNpu.dll
2011-11-07 22:52 - 2011-11-07 22:52 - 00215040 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modOptions.dll
2011-11-07 22:52 - 2011-11-07 22:52 - 00055808 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modOverview.dll
2011-11-07 22:52 - 2011-11-07 22:52 - 00048640 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modPing.dll
2011-11-07 22:52 - 2011-11-07 22:52 - 00333824 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modSystemInfo.dll
2010-09-23 19:53 - 2010-09-23 19:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-10-15 04:24 - 2010-10-15 04:24 - 00084464 _____ () C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
2010-08-12 20:52 - 2010-08-12 20:52 - 00021504 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2014-04-14 12:29 - 2014-04-14 12:29 - 00025536 _____ () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
2015-03-09 19:05 - 2015-03-09 19:05 - 00086528 _____ () C:\Program Files (x86)\Jelbrus Secure Web\mgwz.dll
2010-08-12 20:52 - 2010-08-12 20:52 - 00151552 _____ () C:\ExpressGateUtil\libexpat.dll
2010-08-12 20:52 - 2010-08-12 20:52 - 00057344 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2010-07-01 14:21 - 2010-07-01 14:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2015-03-12 21:28 - 2015-03-07 02:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-12 21:28 - 2015-03-07 02:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-12 21:28 - 2015-03-07 02:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-12 21:28 - 2015-03-07 02:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3142822200-3783541570-118272861-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-3142822200-3783541570-118272861-500 - Administrator - Disabled)
Guest (S-1-5-21-3142822200-3783541570-118272861-501 - Limited - Disabled)
Robert (S-1-5-21-3142822200-3783541570-118272861-1000 - Administrator - Enabled) => C:\Users\Robert
UpdatusUser (S-1-5-21-3142822200-3783541570-118272861-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2015 09:50:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71575614

Error: (03/18/2015 09:50:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71575614

Error: (03/18/2015 09:50:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/17/2015 08:09:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2472912

Error: (03/17/2015 08:09:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2472912

Error: (03/17/2015 08:09:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/17/2015 07:27:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2090

Error: (03/17/2015 07:27:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2090

Error: (03/17/2015 07:27:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/17/2015 06:56:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 65185439

System errors:
=============
Error: (03/12/2015 11:50:38 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/12/2015 11:50:31 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/12/2015 11:50:25 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/12/2015 11:50:02 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/12/2015 11:49:54 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/09/2015 08:44:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (03/09/2015 07:05:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Privoxy (PrivoxyService) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/05/2015 10:23:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Live Malware Protection service terminated unexpectedly. It has done this 1 time(s).

Error: (02/07/2015 02:01:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/06/2015 00:50:32 AM) (Source: RTL8167) (EventID: 5008) (User: )
Description: Realtek PCIe GBE Family Controller : Has encountered an invalid network address.

Microsoft Office Sessions:
=========================
Error: (03/18/2015 09:50:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71575614

Error: (03/18/2015 09:50:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71575614

Error: (03/18/2015 09:50:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/17/2015 08:09:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2472912

Error: (03/17/2015 08:09:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2472912

Error: (03/17/2015 08:09:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/17/2015 07:27:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2090

Error: (03/17/2015 07:27:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2090

Error: (03/17/2015 07:27:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/17/2015 06:56:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 65185439

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 33%
Total physical RAM: 8169.17 MB
Available physical RAM: 5421.63 MB
Total Pagefile: 16336.52 MB
Available Pagefile: 13183.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.58 GB) (Free:58.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: 742DEA4B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=167.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

ASWMBR LOG:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-03-19 00:02:06
-----------------------------
00:02:06.919 OS Version: Windows x64 6.1.7601 Service Pack 1
00:02:06.919 Number of processors: 8 586 0x2A07
00:02:06.919 ComputerName: ROBERT-PC UserName: Robert
00:02:07.310 Initialize success
00:02:07.367 VM: initialized successfully
00:02:07.368 VM: Intel CPU supported
00:02:10.929 VM: supported disk I/O iaStor.sys
00:03:55.036 AVAST engine defs: 15031801
00:04:03.940 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:04:03.942 Disk 0 Vendor: OCZ-VERT 1.28 Size: 171705MB BusType: 3
00:04:03.953 VM: Disk 0 MBR read successfully
00:04:03.955 Disk 0 MBR scan
00:04:03.959 Disk 0 Windows 7 default MBR code
00:04:03.961 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:04:03.964 Disk 0 default boot code
00:04:03.968 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 171603 MB offset 206848
00:04:03.982 Disk 0 scanning C:\Windows\system32\drivers
00:04:07.655 Service scanning
00:04:16.647 Modules scanning
00:04:16.648 Disk 0 trace - called modules:
00:04:16.648 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
00:04:16.664 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fb6790]
00:04:16.664 3 CLASSPNP.SYS[fffff88001ab543f] -> nt!IofCallDriver -> [0xfffffa8006a4f550]
00:04:16.664 5 ACPI.sys[fffff880011317a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006a52050]
00:04:17.133 AVAST engine scan C:\Windows
00:04:18.119 AVAST engine scan C:\Windows\system32
00:05:56.366 AVAST engine scan C:\Windows\system32\drivers
00:06:00.396 AVAST engine scan C:\Users\Robert
00:07:04.985 File: C:\Users\Robert\AppData\Local\Temp\GPUpd54FA7DB10.exe **INFECTED** Win32:Malware-gen
00:07:05.072 File: C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27251.exe **INFECTED** Win32:Malware-gen
00:07:05.157 File: C:\Users\Robert\AppData\Local\Temp\GPUpd54FE47060.exe **INFECTED** Win32:Malware-gen
00:07:06.826 File: C:\Users\Robert\AppData\Local\Temp\is1852162411\Setup-D502DD2B71B5.exe **INFECTED** Win32:Webcake-A [Adw]
00:09:15.967 AVAST engine scan C:\ProgramData
00:10:08.836 Disk 0 statistics 4952120/0/18 @ 18.76 MB/s
00:10:08.838 Scan finished successfully
22:36:34.542 Disk 0 MBR has been saved successfully to "C:\Users\Robert\Downloads\MBR.dat"
22:36:34.544 The log file has been saved successfully to "C:\Users\Robert\Downloads\aswMBR log.txt"

**Juliet** · 2015-03-20, 21:50

Running from C:\Users\Robert\Downloads

It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
R2 PrivoxyService; C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe [371200 2015-03-09] (The Privoxy team - www.privoxy.org)
ProxyServer: [S-1-5-21-3142822200-3783541570-118272861-1000] => 127.0.0.1:8118
Task: {3A904008-F4A4-4F83-AA57-70E44BA72610} - System32\Tasks\Malware Cleaner => C:\Users\Robert\AppData\Roaming\214.tmp.exe <==== ATTENTION
C:\Users\Robert\AppData\Local\Temp\GPUpd54FA7DB10.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27240.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27251.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27282.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE47060.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Robert\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Robert\AppData\Local\Temp\tasks.dll
C:\Users\Robert\AppData\Local\Temp\utt48B5.tmp.exe
C:\Users\Robert\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Robert\AppData\Local\Temp\_is310E.exe
C:\Users\Robert\AppData\Local\Temp\_isBAA7.exe
Task: {634AF79B-63AB-4E24-B7CF-9B795BC367BD} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Task: {82F0912E-49D7-485B-9C04-A80149B5765A} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-03-09] (Jelbrus) <==== ATTENTION
C:\Users\Robert\AppData\Local\Temp\GPUpd54FA7DB10.exe
00:07:05.072 File: C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27251.exe
00:07:05.157 File: C:\Users\Robert\AppData\Local\Temp\GPUpd54FE47060.exe
00:07:06.826 File: C:\Users\Robert\AppData\Local\Temp\is1852162411\Setup-D502DD2B71B5.exe
R2 Live Malware Protection; C:\Windows\mlwps.exe [239104 2015-03-05] (AV Security Software) [File not signed] <==== ATTENTION
R2 PrivoxyService; C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe [371200 2015-03-09] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
2015-03-09 19:05 - 2015-03-18 21:50 - 00003282 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task
2015-03-09 19:05 - 2015-03-09 19:05 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web
2015-03-05 22:19 - 2015-03-05 22:19 - 00239104 _____ (AV Security Software) C:\Windows\mlwps.exe
2015-03-05 22:19 - 2015-03-05 22:19 - 00003262 _____ () C:\Windows\System32\Tasks\Malware Cleaner
2015-03-05 22:19 - 2015-03-05 22:19 - 00000000 _____ () C:\Users\Robert\AppData\Roaming\214.tmp
C:\Windows\mlwps.exe
EmptyTemp:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

please post
Fixlog.txt
C:\AdwCleaner.txt

**kellyr02** · 2015-03-21, 02:59

Hi Juliet,

Thanks for your reply and instructions. I moved and re-ran FRST without trouble and will post the log below. I had a minor problem with AdwCleaner. I downloaded AdwCleaner, moved it to my desktop, clicked scan, checked the log, left all the boxes checked, and clicked "clean." AdwCleaner got part way through its operation and then stopped - my PC told me it needed to be closed and that it would look for a solution. I wish I wrote down the exact text but I didn't. Anyway, after clicking "ok" I simply restarted AdwCleaner and did another scan. About half of the items that appeared in the first scan were gone. I clicked "clean" again and the program completed properly and generated the AdwCleaner[S0].txt report - which of course does not display all of the items from the first scan, but instead only the items that were still present for the second scan.

-Rob

FRST log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Robert at 2015-03-20 17:52:13 Run:1
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert & UpdatusUser (Available profiles: Robert & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
R2 PrivoxyService; C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe [371200 2015-03-09] (The Privoxy team - www.privoxy.org)
ProxyServer: [S-1-5-21-3142822200-3783541570-118272861-1000] => 127.0.0.1:8118
Task: {3A904008-F4A4-4F83-AA57-70E44BA72610} - System32\Tasks\MALWARE CLEANER => C:\Users\Robert\AppData\Roaming\214.tmp.exe <==== ATTENTION
C:\Users\Robert\AppData\Local\Temp\GPUpd54FA7DB10.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27240.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27251.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27282.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE47060.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Robert\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Robert\AppData\Local\Temp\tasks.dll
C:\Users\Robert\AppData\Local\Temp\utt48B5.tmp.exe
C:\Users\Robert\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Robert\AppData\Local\Temp\_is310E.exe
C:\Users\Robert\AppData\Local\Temp\_isBAA7.exe
Task: {634AF79B-63AB-4E24-B7CF-9B795BC367BD} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry SOFTWARE) <==== ATTENTION
Task: {82F0912E-49D7-485B-9C04-A80149B5765A} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-03-09] (Jelbrus) <==== ATTENTION
C:\Users\Robert\AppData\Local\Temp\GPUpd54FA7DB10.exe
00:07:05.072 File: C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27251.exe
00:07:05.157 File: C:\Users\Robert\AppData\Local\Temp\GPUpd54FE47060.exe
00:07:06.826 File: C:\Users\Robert\AppData\Local\Temp\is1852162411\Setup-D502DD2B71B5.exe
R2 Live MALWARE PROTECTION; C:\Windows\mlwps.exe [239104 2015-03-05] (AV SECURITY SOFTWARE) [File not signed] <==== ATTENTION
R2 PrivoxyService; C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe [371200 2015-03-09] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
2015-03-09 19:05 - 2015-03-18 21:50 - 00003282 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task
2015-03-09 19:05 - 2015-03-09 19:05 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web
2015-03-05 22:19 - 2015-03-05 22:19 - 00239104 _____ (AV SECURITY SOFTWARE) C:\Windows\mlwps.exe
2015-03-05 22:19 - 2015-03-05 22:19 - 00003262 _____ () C:\Windows\System32\Tasks\MALWARE CLEANER
2015-03-05 22:19 - 2015-03-05 22:19 - 00000000 _____ () C:\Users\Robert\AppData\Roaming\214.tmp
C:\Windows\mlwps.exe
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
PrivoxyService => Service deleted successfully.
HKU\S-1-5-21-3142822200-3783541570-118272861-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A904008-F4A4-4F83-AA57-70E44BA72610}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A904008-F4A4-4F83-AA57-70E44BA72610}" => Key deleted successfully.
C:\Windows\System32\Tasks\MALWARE CLEANER => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MALWARE CLEANER" => Key deleted successfully.
C:\Users\Robert\AppData\Local\Temp\GPUpd54FA7DB10.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27240.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27251.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27282.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\GPUpd54FE47060.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\jre-8u40-windows-au.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\MSETUP4.EXE => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\tasks.dll => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\utt48B5.tmp.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\vlc-2.1.3-win32.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\_is310E.exe => Moved successfully.
C:\Users\Robert\AppData\Local\Temp\_isBAA7.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{634AF79B-63AB-4E24-B7CF-9B795BC367BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{634AF79B-63AB-4E24-B7CF-9B795BC367BD}" => Key deleted successfully.
C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82F0912E-49D7-485B-9C04-A80149B5765A} => Key not found.
C:\Windows\System32\Tasks\Jelbrus Secure Web Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task" => Key deleted successfully.
"C:\Users\Robert\AppData\Local\Temp\GPUpd54FA7DB10.exe" => File/Directory not found.
00:07:05.072 File: C:\Users\Robert\AppData\Local\Temp\GPUpd54FE27251.exe => Error: No automatic fix found for this entry.
00:07:05.157 File: C:\Users\Robert\AppData\Local\Temp\GPUpd54FE47060.exe => Error: No automatic fix found for this entry.
00:07:06.826 File: C:\Users\Robert\AppData\Local\Temp\is1852162411\Setup-D502DD2B71B5.exe => Error: No automatic fix found for this entry.
Live MALWARE PROTECTION => Service deleted successfully.
PrivoxyService => Service not found.
"C:\Windows\System32\Tasks\Jelbrus Secure Web Task" => File/Directory not found.
C:\Program Files (x86)\Jelbrus Secure Web => Moved successfully.
C:\Windows\mlwps.exe => Moved successfully.
"C:\Windows\System32\Tasks\MALWARE CLEANER" => File/Directory not found.
C:\Users\Robert\AppData\Roaming\214.tmp => Moved successfully.
"C:\Windows\mlwps.exe" => File/Directory not found.
EmptyTemp: => Removed 2.5 GB temporary data.

The system needed a reboot.

==== End of Fixlog 17:54:37 ====

AdwCleaner log (2nd pass):
# AdwCleaner v4.112 - Logfile created 20/03/2015 at 21:37:45
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Robert - ROBERT-PC
# Running from : C:\Users\Robert\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - localhost;*.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v41.0.2272.89

*************************

AdwCleaner[R0].txt - [2076 bytes] - [20/03/2015 17:59:13]
AdwCleaner[R1].txt - [1307 bytes] - [20/03/2015 21:34:04]
AdwCleaner[S0].txt - [1149 bytes] - [20/03/2015 21:29:16]
AdwCleaner[S1].txt - [1202 bytes] - [20/03/2015 21:37:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1261 bytes] ##########

**Juliet** · 2015-03-21, 11:51

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click on the setup file (mbam-setup.exe), then click on Run to install.
Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
Click on Update Now to download the current database definitions, then click the Scan Now >> button.
If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
You will be prompted to update Malwarebytes...click on the Update Now button.
The THREAT SCAN will automatically begin.
When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
After rebooting the computer, copy and paste the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

Open Malwarebytes Anti-Malware.
Click the History Tab at the top and select Application Logs.
Select (check) the box next to Scan Log. Choose the most current scan.
Click the View button.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

Open Malwarebytes Anti-Malware.
Click the Scan Tab at the top.
Click the View detailed log link on the right.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

~~~~~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please run a free online scan with the ESET Online Scanner

US Link: http://www.eset.com/us/online-scanner/
EU Link: http://www.eset.eu/online-scanner/

Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.

Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Under "Current Scan Targets" > click "change" and ensure all your drives are selected
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Attach the log as a reply to your next reply..
Close the ESET online scan, and let me know how things are now.

********

please post
Malwarebytes Anti-Malware log
Eset log

Also tell me how the computer is doing now.

**kellyr02** · 2015-03-21, 23:47

Here is th eMalwarebytes log. NO threats found so no quarantine.

PC is running well - ad pages no longer appear when clicking buttons, webpages no longer have hyperlink ads.

I will do the next step later tonight.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/21/2015
Scan Time: 6:31:15 PM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.21.06
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Robert

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387271
Time Elapsed: 5 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

**kellyr02** · 2015-03-22, 04:51

Tried to access ESET, first with Chrome, then with Iinternet Explorer 11. The link took me to this page:

ESET online virus scanner screen shot.jpg

Clicking the "Run ESET online scanner" link took me to a nearly blank page - the words "Online Scanner" appeared at the top, but nothing else happened. Do I need to up date Chrome or IE or Java or something?

-Rob

**Juliet** · 2015-03-22, 11:28

I have a feeling your antivirus is interfering

Please open the AVG Control Center, by right clicking on the AVG icon on task bar.

Click on Open AVG User Interface.
On the Menu Bar, click on Tools
Click Advanced Settings
In the new screen which opens, scroll down to Temporarily disable AVG protection. Click on it to highlight it.
In the right hand pane, tick the box for Temporarily disable AVG protection
Click Apply
In the next screen which opens, select 15 minutes from the drop down menu, then click the Disable real time protection button.
Click OK

Re-enable:
Tick Enable on the main GUI interface to Re-enable. You may also need to click Fix (enable becomes Fix if all components do not start)

See if you follow this to disable it long enough now to run the scan. Don't do any browsing while the antivirus is disabled.

**Juliet** · 2015-03-22, 11:35

Let's try downloading the installer and running it this way.

ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click . If no threats were found, skip the next two bullet points.
Click and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to and click .
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

**kellyr02** · 2015-03-22, 21:18

Hi Juliet,

I had already disabled AVG (and I had set the duration as "until restart"), so that wasn't the issue.

The second link to ESET worked just fine. I moved the installer file from Downloads to my desktop and ran it as administrator, which brings me to the "step 1 of 4... Computer Scan Settings" page, where I checked and unchecked boxes as requested. When I click "start" the scanner displays "step 2 of 4... Initializing... downloading virus signature database." Unfortunately the progress bar does not progress, and eventually the process time's out, displaying "Can not get update. Is proxy configured?"

On the previous screen, the one labelled "step 1 of 4... Computer Scan Settings," there is a box named "use custom proxy settings" with a link to "configure." This box is unchecked, which I assume means that the proxy settings should be determined automatically. In any event, if you have any suggestions regarding the configuration of "cusotm proxy settings" I am happy to try them, but unfortunately I don't know how to do that myself.

Also, after running into this problem I uninstalled AVG and tried again, with the same results.

Thanks, Rob

**kellyr02** · 2015-03-22, 22:10

Well, I'll chalk this up to "the ghost in the machine"...

Having nothing else to try, I tried running ESET a fourht and fifth time and it worked...the program connected and completed. Here it the Scan file:

C:\FRST\Quarantine\C\Program Files (x86)\Jelbrus Secure Web\jswchromium.exe Win32/Techsnab.D potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Jelbrus Secure Web\jswchromium64.exe Win64/Techsnab.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Jelbrus Secure Web\jsweb.dll Win32/Techsnab.D potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Jelbrus Secure Web\jsweb64.dll Win64/Techsnab.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Jelbrus Secure Web\jswff.exe a variant of Win32/Techsnab.C potentially unwanted application

Thread: PC infected with "provider" adware/malware - Please help

Thread Tools

Display

PC infected with "provider" adware/malware - Please help

Posting Permissions