Jump to content

Comprev

Members
  • Posts

    950
  • Joined

  • Last visited

Everything posted by Comprev

  1. Thanks for the help! You take care as well.
  2. Computer's running fine, and nothing bad or strange has happened since the original incident which prompted me to come here.
  3. Sorry about that. I disabled Windows Defender Firewall, and both Avast and Malwarebytes' realtime shields. Hopefully this is better. msert.log
  4. Hi, Both scans are attached. msert.log eset.txt
  5. Long time no see @AdvancedSetup I ran a full scan on Avast since it didn't have a threat scan, no malware was detected.
  6. Hello, Earlier today I went to play on the old (legitimate) flash game website Miniclip, and one of the games asked me to enable Adobe Flash. Clicking on that notification sent me to the real Adobe website where I started to download Flash, but before it finished the page changed to a "Virus/spyware download blocked" page similar to the last image on this page, making me think it might have been my home network AT&T's firewall. Nothing else unusual happened, all the websites I visited were real and legitimate as far as I could tell (all had the real URL), and none of my antivirus or antimalware scans found anything, so I don't think I have an infection, but I decided to come here just in case. I ran CCleaner before I had decided come here for help; my apologies if that makes this any more complicated. I've attached Malwarebytes scans from both immediately before and after I ran CCleaner if that makes this any easier (it found nothing in either scan). Thank you for your time to whoever helps me with this. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm6lCAC firstmbamscan.txt Addition.txt FRST.txt secondmbamscan.txt
  7. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/27/2014 Scan Time: 8:02:34 PM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.27.08 Rootkit Database: v2014.12.23.02 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Lucas Scan Type: Threat Scan Result: Completed Objects Scanned: 347611 Time Elapsed: 18 min, 16 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [7fc5c89e2953290dca590fc7d32f669a], PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [7fc5c89e2953290dca590fc7d32f669a], Registry Values: 1 PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [93b1d98df08c2610e420a43d47bdbe42] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) I'm pretty sure Unchecky downloaded today with the virus, so I uninstalled it anyway. Once again, thanks for all the help.
  8. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-12-2014 Ran by Lucas at 2014-12-27 19:27:27 Run:1 Running from C:\Users\Lucas\Desktop Loaded Profile: Lucas (Available profiles: Lucas) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKLM-x32\...\Run: [PerforMax Cleaner] => C:\Program Files (x86)\PerforMax Cleaner\PerforMax Cleaner.exe [1589760 2014-12-05] () C:\Program Files (x86)\PerforMax Cleaner HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-524691610-2607265322-4011940379-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/...=1961717218&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/...=1961717218&ir= SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-524691610-2607265322-4011940379-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/...=1961717218&ir= SearchScopes: HKU\S-1-5-21-524691610-2607265322-4011940379-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/...=1961717218&ir= FF SelectedSearchEngine: Vosteran FF Homepage: hxxp://Vosteran.com/?f=1&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzzyByEtByCzytDtGyC0DyDyCtGtC0C0C0AtGyC0C0D0BtGtC0CyCyCtA0BtCyC0AtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDtBtAtD0FtAtGyCzztDtDtGyEtDzyyCtG0AtDyB0FtGyC0EyEyC0AyDtC0DtD0F0C0F2Q&cr=1961717218&ir= CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzzyByEtByCzytDtGyC0DyDyCtGtC0C0C0AtGyC0C0D0BtGtC0CyCyCtA0BtCyC0AtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDtBtAtD0FtAtGyCzztDtDtGyEtDzyyCtG0AtDyB0FtGyC0EyEyC0AyDtC0DtD0F0C0F2Q&cr=1961717218&ir= CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzzyByEtByCzytDtGyC0DyDyCtGtC0C0C0AtGyC0C0D0BtGtC0CyCyCtA0BtCyC0AtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDtBtAtD0FtAtGyCzztDtDtGyEtDzyyCtG0AtDyB0FtGyC0EyEyC0AyDtC0DtD0F0C0F2Q&cr=1961717218&ir=" S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X] C:\Users\Public\Desktop\PerforMax Cleaner.lnk C:\Users\Lucas\AppData\Local\Temp\CloudBackup4511.exe C:\Users\Lucas\AppData\Local\Temp\vcredist_x64.exe C:\Users\Lucas\AppData\Local\Temp\_is479F.exe C:\Users\Lucas\AppData\Local\Temp\_is49B1.exe C:\Users\Lucas\AppData\Local\Temp\_is74C7.exe C:\Users\Lucas\AppData\Local\Temp\_isB993.exe C:\Users\Lucas\AppData\Local\Temp\_isBD89.exe PerforMax Cleaner (x32 Version: 1.0.0.0 - OneBit IT) Hidden PursuePoint (HKLM\...\PursuePoint) (Version: 2014.03.05.221816 - PursuePoint) <==== ATTENTION! Task: {C3442A41-1867-4B5C-BD1E-EE9880562F4E} - \TidyNetwork Update No Task File <==== ATTENTION Task: {D3546AAA-99AE-436C-B8F3-8C4CEF8E98AE} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION Emptytemp: end ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PerforMax Cleaner => value deleted successfully. "C:\Program Files (x86)\PerforMax Cleaner" directory move: C:\Program Files (x86)\PerforMax Cleaner\PerforMax Cleaner.exe => Moved successfully. C:\Program Files (x86)\PerforMax Cleaner\PerforMax Cleaner.exe.config => Moved successfully. C:\Program Files (x86)\PerforMax Cleaner\System.Data.SQLite.dll => Moved successfully. C:\Program Files (x86)\PerforMax Cleaner\System.Data.SQLite.Linq.dll => Moved successfully. C:\Program Files (x86)\PerforMax Cleaner\UrlHistoryLibrary.dll => Moved successfully. C:\Program Files (x86)\PerforMax Cleaner\x86\SQLite.Interop.dll => Moved successfully. C:\Program Files (x86)\PerforMax Cleaner\x64\SQLite.Interop.dll => Moved successfully. Could not move "C:\Program Files (x86)\PerforMax Cleaner" directory. => Scheduled to move on reboot. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-524691610-2607265322-4011940379-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKU\S-1-5-21-524691610-2607265322-4011940379-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-524691610-2607265322-4011940379-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. Firefox SelectedSearchEngine deleted successfully. Firefox homepage deleted successfully. Chrome HomePage deleted successfully. Chrome StartupUrls deleted successfully. catchme => Service deleted successfully. X6va015 => Service deleted successfully. X6va016 => Service deleted successfully. X6va017 => Service deleted successfully. C:\Users\Public\Desktop\PerforMax Cleaner.lnk => Moved successfully. C:\Users\Lucas\AppData\Local\Temp\CloudBackup4511.exe => Moved successfully. C:\Users\Lucas\AppData\Local\Temp\vcredist_x64.exe => Moved successfully. C:\Users\Lucas\AppData\Local\Temp\_is479F.exe => Moved successfully. C:\Users\Lucas\AppData\Local\Temp\_is49B1.exe => Moved successfully. C:\Users\Lucas\AppData\Local\Temp\_is74C7.exe => Moved successfully. C:\Users\Lucas\AppData\Local\Temp\_isB993.exe => Moved successfully. C:\Users\Lucas\AppData\Local\Temp\_isBD89.exe => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{22EEFAC1-0121-4CC4-AA10-6B79CEEA63AE}\\SystemComponent => value deleted successfully. PursuePoint (HKLM\...\PursuePoint) (Version: 2014.03.05.221816 - PursuePoint) <==== ATTENTION! => Error: No automatic fix found for this entry. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3442A41-1867-4B5C-BD1E-EE9880562F4E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3442A41-1867-4B5C-BD1E-EE9880562F4E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3546AAA-99AE-436C-B8F3-8C4CEF8E98AE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3546AAA-99AE-436C-B8F3-8C4CEF8E98AE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key deleted successfully. EmptyTemp: => Removed 686.7 MB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-27 19:34:36)<= C:\Program Files (x86)\PerforMax Cleaner => Is moved successfully. ==== End of Fixlog 19:34:36 ==== # AdwCleaner v4.106 - Report created 27/12/2014 at 19:47:04 # Updated 21/12/2014 by Xplode # Database : 2014-12-21.4 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Lucas - LUCAS-PC # Running from : C:\Users\Lucas\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\Settings Manager Folder Deleted : C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts File Deleted : C:\Users\Lucas\Desktop\Sync Folder.lnk File Deleted : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\invalidprefs.js File Deleted : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\user.js File Deleted : C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage ***** [ Scheduled Tasks ] ***** Task Deleted : LaunchSignup ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1 Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Key Deleted : HKCU\Software\Linkey Key Deleted : HKCU\Software\Vosteran Key Deleted : HKLM\SOFTWARE\InstallCore Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Mozilla Firefox v34.0.5 (x86 en-US) [6zd0no7f.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,eBay,Twitter,Wikipedia (en),default-search.net,DuckDuckGo"); [6zd0no7f.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1[...] [6zd0no7f.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDy[...] [6zd0no7f.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran"); [6zd0no7f.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran"); [6zd0no7f.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzyt[...] -\\ Google Chrome v39.0.2171.95 [C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzzyByEtByCzytDtGyC0DyDyCtGtC0C0C0AtGyC0C0D0BtGtC0CyCyCtA0BtCyC0AtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDtBtAtD0FtAtGyCzztDtDtGyEtDzyyCtG0AtDyB0FtGyC0EyEyC0AyDtC0DtD0F0C0F2Q&cr=1961717218&ir= [C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzzyByEtByCzytDtGyC0DyDyCtGtC0C0C0AtGyC0C0D0BtGtC0CyCyCtA0BtCyC0AtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDtBtAtD0FtAtGyCzztDtDtGyEtDzyyCtG0AtDyB0FtGyC0EyEyC0AyDtC0DtD0F0C0F2Q&cr=1961717218&ir= ************************* AdwCleaner[R0].txt - [10514 octets] - [27/12/2014 19:39:34] AdwCleaner[R1].txt - [10575 octets] - [27/12/2014 19:44:36] AdwCleaner[s0].txt - [10413 octets] - [27/12/2014 19:47:04] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10474 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Home Premium x64 Ran by Lucas on Sat 12/27/2014 at 19:54:14.48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{39B74F4D-1646-4C4B-97CA-810E1CBA9B5F} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{9B6DF167-BBBA-444A-B8AA-B3FDE8B42666} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{A0775BA6-1C53-4221-A04E-13555E550FAA} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{AA7F4B20-D403-4462-8560-FE6118872D41} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{DAFDC66C-EB6B-4A88-AE48-3C69873DFADC} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{E57D3488-76C4-4A3D-A7E8-8F234FE86C1B} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{FE8A46AF-0878-4DCF-998D-C622D57D0B56} ~~~ FireFox Emptied folder: C:\Users\Lucas\AppData\Roaming\mozilla\firefox\profiles\6zd0no7f.default\minidumps [105 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 12/27/2014 at 19:57:37.91 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware www.malwarebytes.org Protection, 12/27/2014 11:25:39 AM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Starting, Protection, 12/27/2014 11:25:39 AM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Started, Protection, 12/27/2014 11:25:44 AM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Starting, Protection, 12/27/2014 11:25:45 AM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Started, Update, 12/27/2014 11:25:45 AM, SYSTEM, LUCAS-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 12/27/2014 11:25:45 AM, SYSTEM, LUCAS-PC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.23.2, Update, 12/27/2014 11:25:58 AM, SYSTEM, LUCAS-PC, Manual, Malware Database, 2014.11.20.6, 2014.12.27.5, Protection, 12/27/2014 11:25:58 AM, SYSTEM, LUCAS-PC, Protection, Refresh, Starting, Protection, 12/27/2014 11:25:58 AM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 12/27/2014 11:25:58 AM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 12/27/2014 11:26:04 AM, SYSTEM, LUCAS-PC, Protection, Refresh, Success, Protection, 12/27/2014 11:26:19 AM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Starting, Detection, 12/27/2014 11:26:21 AM, SYSTEM, LUCAS-PC, Protection, Malware Protection, File, PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{8fb4e628-35c6-4275-89be-ce3462febcc4}Gw64.sys, Quarantine, [db2b08367a0273c3d4b84309020143bd] Protection, 12/27/2014 11:26:24 AM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Started, Detection, 12/27/2014 11:46:48 AM, Lucas, LUCAS-PC, Protection, Malware Protection, File, PUP.Optional.FasterLight.A, C:\Program Files (x86)\Faster Light\bin\{8fb4e628-35c6-4275-89be-ce3462febcc4}.dll, Quarantine Failed, 5, Access is denied. , [ece5cf98097304328d12ee6916edd42c] Detection, 12/27/2014 11:48:17 AM, SYSTEM, LUCAS-PC, Protection, Malware Protection, File, PUP.Optional.FasterLight.A, C:\Program Files (x86)\Faster Light\bin\7za.exe, Quarantine, [488975f26c1025110c9381d66d96d22e] Scan, 12/27/2014 11:48:19 AM, SYSTEM, LUCAS-PC, Manual, Start:12/27/2014 11:26:35 AM, Duration:19 min 5 sec, Threat Scan, Completed, 0 Malware Detections, 1047 Non-Malware Detections, Detection, 12/27/2014 11:48:32 AM, SYSTEM, LUCAS-PC, Protection, Malware Protection, File, PUP.Optional.FasterLight.A, C:\Program Files (x86)\Faster Light\bin\{8fb4e628-35c6-4275-89be-ce3462febcc4}.dll, Quarantine, [ece5cf98097304328d12ee6916edd42c] Detection, 12/27/2014 11:48:33 AM, SYSTEM, LUCAS-PC, Protection, Malware Protection, File, PUP.Optional.FasterLight.A, C:\Program Files (x86)\Faster Light\bin\{8fb4e628-35c6-4275-89be-ce3462febcc4}64.dll, Quarantine, [874af374097359dd2e7122350ff42bd5] Detection, 12/27/2014 11:48:42 AM, SYSTEM, LUCAS-PC, Protection, Malware Protection, File, PUP.Optional.FasterLight.A, C:\Program Files (x86)\Faster Light\bin\FasterLight.expext.exe, Quarantine, [03ce44234d2f66d08d1291c6857ef40c] Protection, 12/27/2014 11:49:51 AM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Starting, Protection, 12/27/2014 11:49:51 AM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Started, Protection, 12/27/2014 11:49:51 AM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Starting, Protection, 12/27/2014 11:49:54 AM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Started, Update, 12/27/2014 12:59:36 PM, SYSTEM, LUCAS-PC, Scheduler, Malware Database, 2014.12.27.5, 2014.12.27.6, Protection, 12/27/2014 12:59:36 PM, SYSTEM, LUCAS-PC, Protection, Refresh, Starting, Protection, 12/27/2014 12:59:36 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 12/27/2014 12:59:36 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 12/27/2014 1:01:17 PM, SYSTEM, LUCAS-PC, Protection, Refresh, Success, Protection, 12/27/2014 1:01:17 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Starting, Protection, 12/27/2014 1:01:17 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Started, Update, 12/27/2014 4:48:52 PM, SYSTEM, LUCAS-PC, Scheduler, Malware Database, 2014.12.27.6, 2014.12.27.7, Protection, 12/27/2014 4:48:52 PM, SYSTEM, LUCAS-PC, Protection, Refresh, Starting, Protection, 12/27/2014 4:48:52 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 12/27/2014 4:48:52 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 12/27/2014 4:50:35 PM, SYSTEM, LUCAS-PC, Protection, Refresh, Success, Protection, 12/27/2014 4:50:35 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Starting, Protection, 12/27/2014 4:50:36 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Started, Update, 12/27/2014 6:10:14 PM, SYSTEM, LUCAS-PC, Scheduler, Malware Database, 2014.12.27.7, 2014.12.27.8, Protection, 12/27/2014 6:10:14 PM, SYSTEM, LUCAS-PC, Protection, Refresh, Starting, Protection, 12/27/2014 6:10:14 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 12/27/2014 6:10:14 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 12/27/2014 6:10:20 PM, SYSTEM, LUCAS-PC, Protection, Refresh, Success, Protection, 12/27/2014 6:10:20 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Starting, Protection, 12/27/2014 6:10:20 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Started, Protection, 12/27/2014 7:29:36 PM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Starting, Protection, 12/27/2014 7:29:36 PM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Started, Protection, 12/27/2014 7:29:36 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Starting, Protection, 12/27/2014 7:29:36 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Started, Protection, 12/27/2014 7:48:31 PM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Starting, Protection, 12/27/2014 7:48:31 PM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Started, Protection, 12/27/2014 7:48:31 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Starting, Protection, 12/27/2014 7:48:31 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Started, Protection, 12/27/2014 7:52:30 PM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Stopping, Protection, 12/27/2014 7:52:30 PM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Stopped, Protection, 12/27/2014 7:52:32 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 12/27/2014 7:52:32 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 12/27/2014 8:02:01 PM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Starting, Protection, 12/27/2014 8:02:01 PM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Started, Protection, 12/27/2014 8:02:02 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Starting, Protection, 12/27/2014 8:02:02 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Started, Scan, 12/27/2014 8:23:19 PM, SYSTEM, LUCAS-PC, Manual, Start:12/27/2014 8:02:34 PM, Duration:18 min 16 sec, Threat Scan, Completed, 0 Malware Detections, 3 Non-Malware Detections, Protection, 12/27/2014 8:24:25 PM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Starting, Protection, 12/27/2014 8:24:25 PM, SYSTEM, LUCAS-PC, Protection, Malware Protection, Started, Protection, 12/27/2014 8:24:25 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Starting, Protection, 12/27/2014 8:24:30 PM, SYSTEM, LUCAS-PC, Protection, Malicious Website Protection, Started, (end) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0) Started On Wed May 14 21:58:30 2014 Engine: 1.1.10502.0 Signatures: 1.173.1305.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed May 14 22:00:29 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0) Started On Thu Jun 12 07:52:16 2014 Engine: 1.1.10600.0 Signatures: 1.175.1113.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 12 07:56:27 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0) Started On Fri Jul 11 07:32:02 2014 Engine: 1.1.10701.0 Signatures: 1.177.949.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 11 07:36:42 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0) Started On Fri Aug 15 07:52:47 2014 Engine: 1.1.10802.0 Signatures: 1.179.1796.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 15 07:57:54 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0) Started On Fri Sep 12 07:44:55 2014 Engine: 1.1.10904.0 Signatures: 1.183.882.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 12 07:51:40 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0) Started On Tue Oct 14 21:55:00 2014 Engine: 1.1.11005.0 Signatures: 1.185.2035.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 14 22:02:25 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0) Started On Thu Nov 13 16:36:56 2014 Engine: 1.1.11104.0 Signatures: 1.187.1116.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 16:41:05 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0) Started On Thu Dec 11 14:19:32 2014 Engine: 1.1.11202.0 Signatures: 1.189.872.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 11 14:23:26 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0) Started On Sat Dec 27 20:34:37 2014 Engine: 1.1.11202.0 Signatures: 1.189.872.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Sat Dec 27 20:37:46 2014 Return code: 0 (0x0) A few things: 1. When I attempted to uninstall PursuePoint, it said that there was an error and that it had may have already been uninstalled, so I simply removed it from the programs list. 2. There were two icons for the PerforMax Cleaner. With one, an alert from Windows notified me that there was some .msi file that was from an unknown publisher (it was in the OneIT folder, which is where the rogue seems to have had its program files) that needed to be run as part of the installation. I clicked OK. 3. For the second icon, the installer actually seemed to be part of the PerforMax software. I went ahead with it, and it seems to be gone. 4. A hamachi.exe file (obviously not real Hamachi) still exists on the desktop. Can I just delete that? 5. Another program called "Unchecky" still exists on the computer. From what I understand, Unchecky is a legitimate program, but I don't know if this is. What should I do with that? Other than that, everything seems to be fine - redirects have stopped, and there have been no popups from the rogue (or any sign that it still exists). Thanks for the help, and happy new year, Kevin!
  9. Earlier today I was trying to install Hamachi on this computer and stupidly used an ad link on Google thinking it was the top result. Thus, I have the PerforMAX rogue and Vosteran browser redirect. A full scan on Malwarebytes and most of a full scan of MSE (I stopped it so I could run Farbar, and I'll run it again after this post) did not fix the problem. Here are the logs: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014 Ran by Lucas (administrator) on LUCAS-PC on 27-12-2014 16:56:14 Running from C:\Users\Lucas\Desktop Loaded Profile: Lucas (Available profiles: Lucas) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe () C:\Program Files (x86)\PerforMax Cleaner\PerforMax Cleaner.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUS) C:\Windows\AsScrPro.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor) HKLM\...\Run: [setwallpaper] => c:\programdata\SetWallpaper.cmd HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme) HKLM-x32\...\Run: [sonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS) HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.) HKLM-x32\...\Run: [PerforMax Cleaner] => C:\Program Files (x86)\PerforMax Cleaner\PerforMax Cleaner.exe [1589760 2014-12-05] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-524691610-2607265322-4011940379-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30528608 2014-11-27] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe () ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-524691610-2607265322-4011940379-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-524691610-2607265322-4011940379-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-524691610-2607265322-4011940379-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzzyByEtByCzytDtGyC0DyDyCtGtC0C0C0AtGyC0C0D0BtGtC0CyCyCtA0BtCyC0AtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDtBtAtD0FtAtGyCzztDtDtGyEtDzyyCtG0AtDyB0FtGyC0EyEyC0AyDtC0DtD0F0C0F2Q&cr=1961717218&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzzyByEtByCzytDtGyC0DyDyCtGtC0C0C0AtGyC0C0D0BtGtC0CyCyCtA0BtCyC0AtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDtBtAtD0FtAtGyCzztDtDtGyEtDzyyCtG0AtDyB0FtGyC0EyEyC0AyDtC0DtD0F0C0F2Q&cr=1961717218&ir= SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\S-1-5-21-524691610-2607265322-4011940379-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzzyByEtByCzytDtGyC0DyDyCtGtC0C0C0AtGyC0C0D0BtGtC0CyCyCtA0BtCyC0AtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDtBtAtD0FtAtGyCzztDtDtGyEtDzyyCtG0AtDyB0FtGyC0EyEyC0AyDtC0DtD0F0C0F2Q&cr=1961717218&ir= SearchScopes: HKU\S-1-5-21-524691610-2607265322-4011940379-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzzyByEtByCzytDtGyC0DyDyCtGtC0C0C0AtGyC0C0D0BtGtC0CyCyCtA0BtCyC0AtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDtBtAtD0FtAtGyCzztDtDtGyEtDzyyCtG0AtDyB0FtGyC0EyEyC0AyDtC0DtD0F0C0F2Q&cr=1961717218&ir= BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKU\S-1-5-21-524691610-2607265322-4011940379-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default FF DefaultSearchEngine: Google FF SelectedSearchEngine: Vosteran FF Homepage: hxxp://Vosteran.com/?f=1&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzzyByEtByCzytDtGyC0DyDyCtGtC0C0C0AtGyC0C0D0BtGtC0CyCyCtA0BtCyC0AtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDtBtAtD0FtAtGyCzztDtDtGyEtDzyyCtG0AtDyB0FtGyC0EyEyC0AyDtC0DtD0F0C0F2Q&cr=1961717218&ir= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF Plugin HKU\S-1-5-21-524691610-2607265322-4011940379-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF user.js: detected! => C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\user.js FF Extension: Settings Manager - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\Extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E} [2014-04-17] FF Extension: Flashblock - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-15] FF Extension: WOT - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28] FF Extension: Adblock Plus - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-16] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-10] Chrome: ======= CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzzyByEtByCzytDtGyC0DyDyCtGtC0C0C0AtGyC0C0D0BtGtC0CyCyCtA0BtCyC0AtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDtBtAtD0FtAtGyCzztDtDtGyEtDzyyCtG0AtDyB0FtGyC0EyEyC0AyDtC0DtD0F0C0F2Q&cr=1961717218&ir= CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ir_14_52_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DyC0AyD0E0B0D0DtN0D0Tzu0StCtDzytCtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzzyByEtByCzytDtGyC0DyDyCtGtC0C0C0AtGyC0C0D0BtGtC0CyCyCtA0BtCyC0AtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBtDtBtAtD0FtAtGyCzztDtDtGyEtDzyyCtG0AtDyB0FtGyC0EyEyC0AyDtC0DtD0F0C0F2Q&cr=1961717218&ir=" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19] CHR Extension: (Google Wallet) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-06] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed] R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed] R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-27] (RaMMicHaeL) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-05] (Windows ® Win 7 DDK provider) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 16:56 - 2014-12-27 16:57 - 00023205 _____ () C:\Users\Lucas\Desktop\FRST.txt 2014-12-27 16:56 - 2014-12-27 16:56 - 00000000 ____D () C:\FRST 2014-12-27 16:55 - 2014-12-27 16:55 - 02122752 _____ (Farbar) C:\Users\Lucas\Desktop\FRST64.exe 2014-12-27 11:25 - 2014-12-27 16:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-27 11:25 - 2014-12-27 11:25 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-27 11:25 - 2014-12-27 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-27 11:25 - 2014-12-27 11:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-27 11:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-27 11:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-27 11:20 - 2014-12-27 11:20 - 00004014 _____ () C:\Windows\System32\Tasks\LaunchSignup 2014-12-27 11:20 - 2014-12-27 11:20 - 00002407 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerforMax Cleaner.lnk 2014-12-27 11:20 - 2014-12-27 11:20 - 00002401 _____ () C:\Users\Public\Desktop\PerforMax Cleaner.lnk 2014-12-27 11:20 - 2014-12-27 11:20 - 00001971 _____ () C:\Users\Lucas\Desktop\Sync Folder.lnk 2014-12-27 11:19 - 2014-12-27 11:20 - 00000000 ____D () C:\Program Files (x86)\PerforMax Cleaner 2014-12-27 11:17 - 2014-12-27 11:17 - 08536064 _____ () C:\Users\Lucas\Downloads\hamachi.msi 2014-12-27 11:17 - 2014-12-27 11:17 - 00731984 _____ ( ) C:\Users\Lucas\Desktop\hamachi.exe 2014-12-27 11:17 - 2014-12-27 11:17 - 00001021 _____ () C:\Users\Public\Desktop\Unchecky.lnk 2014-12-27 11:17 - 2014-12-27 11:17 - 00000000 ____D () C:\ProgramData\Unchecky 2014-12-27 11:17 - 2014-12-27 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky 2014-12-27 11:17 - 2014-12-27 11:17 - 00000000 ____D () C:\Program Files (x86)\Unchecky 2014-12-17 18:55 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-17 18:55 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-14 20:10 - 2014-12-14 20:10 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-11 14:17 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-11 14:17 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 19:11 - 2014-12-10 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-09 18:35 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-09 18:35 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-09 18:35 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-09 18:35 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-09 18:35 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-09 18:35 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-09 18:35 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-09 18:35 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-09 18:35 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-09 18:35 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-09 18:35 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-09 18:35 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-09 18:35 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-09 18:35 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-09 18:35 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-09 18:35 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-09 18:35 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-09 18:35 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-09 18:35 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-09 18:35 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-09 18:35 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-09 18:35 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-09 18:35 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-09 18:35 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-09 18:35 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-09 18:35 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-09 18:35 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-09 18:35 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-09 18:35 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-09 18:35 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-09 18:35 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-09 18:35 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-09 18:35 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-09 18:35 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-09 18:35 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-09 18:35 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-09 18:35 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-09 18:35 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-09 18:35 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-09 18:35 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-09 18:35 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-09 18:35 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-09 18:35 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-09 18:35 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-09 18:35 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-09 18:35 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-09 18:35 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-09 18:35 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-09 18:35 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-09 18:35 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-09 18:35 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-09 18:35 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-09 18:35 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-09 18:35 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-09 18:35 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-09 18:35 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-09 18:35 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-09 18:35 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-09 18:35 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-09 18:35 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-09 18:35 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-09 18:35 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-09 18:35 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-09 18:35 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-09 18:35 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-09 18:34 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-09 18:34 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-09 18:34 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-09 18:34 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-09 18:34 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-09 18:34 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-09 18:34 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-09 18:34 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-09 18:34 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-09 18:34 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-09 18:34 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-09 18:34 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-09 18:34 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-09 18:34 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-06 17:55 - 2014-12-06 17:55 - 00001315 _____ () C:\Users\Public\Desktop\Plants vs. Zombies.lnk 2014-12-06 17:55 - 2014-12-06 17:55 - 00000202 _____ () C:\Users\Public\Desktop\Play More Great Games!.url 2014-12-06 17:55 - 2014-12-06 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games 2014-12-06 17:55 - 2014-12-06 17:55 - 00000000 ____D () C:\Program Files (x86)\PopCap Games 2014-12-01 21:33 - 2014-12-03 21:00 - 01143724 _____ () C:\Users\Lucas\Desktop\Fission and Fusion v.2.pptx 2014-11-27 14:40 - 2014-11-27 14:40 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Risk_of_Rain ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 16:50 - 2014-05-26 18:48 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Skype 2014-12-27 16:48 - 2012-09-02 18:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-27 16:48 - 2011-08-28 22:00 - 01296819 _____ () C:\Windows\WindowsUpdate.log 2014-12-27 11:57 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-27 11:57 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-27 11:55 - 2009-07-14 00:13 - 00798844 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-27 11:51 - 2011-08-28 22:12 - 00002176 _____ () C:\Windows\system32\AutoRunFilter.ini 2014-12-27 11:51 - 2011-08-28 22:12 - 00001230 _____ () C:\Windows\system32\ServiceFilter.ini 2014-12-27 11:50 - 2012-09-10 21:46 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe 2014-12-27 11:49 - 2014-06-04 15:34 - 00395228 _____ () C:\Windows\PFRO.log 2014-12-27 11:49 - 2014-05-15 06:24 - 00015770 _____ () C:\Windows\setupact.log 2014-12-27 11:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-27 11:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding 2014-12-27 11:25 - 2014-02-15 19:24 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Malwarebytes 2014-12-27 11:25 - 2014-02-15 19:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-27 11:25 - 2014-02-15 19:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-12-27 11:25 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini 2014-12-27 11:19 - 2014-11-10 22:41 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-27 09:30 - 2013-01-10 16:35 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-12-27 08:34 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-12-27 08:33 - 2012-08-27 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-26 16:24 - 2012-09-08 11:35 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\.minecraft 2014-12-26 15:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-26 08:33 - 2013-10-22 18:10 - 00000000 ____D () C:\ProgramData\Norton 2014-12-16 18:21 - 2012-09-01 14:37 - 00000000 ____D () C:\Users\Lucas\Desktop\Homework 2014-12-15 18:39 - 2014-05-26 18:48 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-15 18:39 - 2014-05-26 18:48 - 00000000 ____D () C:\ProgramData\Skype 2014-12-14 20:10 - 2014-05-07 15:30 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-14 20:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-14 20:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-11 14:25 - 2012-09-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-11 14:23 - 2013-07-19 13:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-11 14:19 - 2012-09-08 11:33 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 19:02 - 2014-05-06 19:33 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-09 18:33 - 2012-09-02 18:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-09 18:33 - 2012-09-02 18:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-09 18:33 - 2012-09-02 18:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-06 17:55 - 2013-11-28 11:56 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-12-06 17:55 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games Some content of TEMP: ==================== C:\Users\Lucas\AppData\Local\Temp\CloudBackup4511.exe C:\Users\Lucas\AppData\Local\Temp\vcredist_x64.exe C:\Users\Lucas\AppData\Local\Temp\_is479F.exe C:\Users\Lucas\AppData\Local\Temp\_is49B1.exe C:\Users\Lucas\AppData\Local\Temp\_is74C7.exe C:\Users\Lucas\AppData\Local\Temp\_isB993.exe C:\Users\Lucas\AppData\Local\Temp\_isBD89.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-25 09:58 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014 Ran by Lucas at 2014-12-27 16:57:41 Running from C:\Users\Lucas\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft) ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS) ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.) AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS) Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Elsword version v3.1218.9.2 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v3.1218.9.2 - Kill3rCombo) ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS) File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team) Goofball Goals (HKLM-x32\...\Goofball Goals) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.) HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{68550918-63B5-4762-85CB-3C160AA4B213}) (Version: 14.0 - HP) Insaniquarium (HKLM-x32\...\{E67E4B20-5A8A-41B3-9A15-088CB7A09B36}) (Version: 1.00.0000 - Valusoft) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kodu Game Lab (HKLM-x32\...\{7DE737B3-B287-4107-8D41-B10E039991CC}) (Version: 1.2.88 - Microsoft Research) League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon) Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon) Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.) PerforMax Cleaner (HKLM-x32\...\{918813b3-de2f-404c-9f62-4652a8493f2c}) (Version: 1.0.0.0 - OneBit IT) PerforMax Cleaner (x32 Version: 1.0.0.0 - OneBit IT) Hidden Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.9 - Nikon) Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games) PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden PursuePoint (HKLM\...\PursuePoint) (Version: 2014.03.05.221816 - PursuePoint) <==== ATTENTION! Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0175 - REALTEK Semiconductor Corp.) Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - ) Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.) Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.) StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden Unchecky v0.3.5 (HKLM-x32\...\Unchecky) (Version: 0.3.5 - RaMMicHaeL) Unity Web Player (HKU\S-1-5-21-524691610-2607265322-4011940379-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.1 - Nikon) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS) Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS) 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation) 適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 14-12-2014 19:24:44 Windows Update 17-12-2014 22:28:39 Windows Update 18-12-2014 07:31:48 Windows Update 21-12-2014 18:34:18 Windows Update 25-12-2014 07:59:08 Windows Update 27-12-2014 11:17:57 PerforMax Cleaner ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-12-27 11:49 - 00001196 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com There are 5 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0E170835-29A9-44CF-B9A1-94573D708D3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {146FBC1F-A23E-4511-8A03-19DB22691A8F} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS) Task: {2ABF3524-8FB3-4650-8AFD-58D6960D01CE} - System32\Tasks\{A63A8072-338C-4C1F-87ED-478D81BD3107} => C:\Program Files (x86)\StarCraft\StarCraft.exe [2009-01-09] (Blizzard Entertainment) Task: {31A3D1B1-B1ED-46C4-ACA2-B2D2C47875D4} - System32\Tasks\{B5C0BC31-AAFD-431D-92C2-67029047A4E6} => C:\Program Files (x86)\StarCraft\StarCraft.exe [2009-01-09] (Blizzard Entertainment) Task: {3217B703-7C39-4800-B8EF-BE81022531A8} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {3DA14D67-F534-4EE2-A7EB-2078F25F1F84} - System32\Tasks\{5BA5A978-DC7D-4F51-8A18-C3495BCF9497} => C:\Program Files (x86)\StarCraft\StarCraft.exe [2009-01-09] (Blizzard Entertainment) Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {4FAFD734-79D0-46B5-BCB3-698AE405EEB5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS) Task: {5624AE23-BA86-49F2-90E5-4F508C2A48A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {62C75524-DA7C-4690-9218-4A7D6DFB7144} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.) Task: {6507C230-0745-4931-9BB9-7C713EB96957} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated) Task: {6FD611A6-401C-447A-921D-846A13479D59} - System32\Tasks\{AA52EBAF-1ACD-4CC5-A0B6-98A6476E1D45} => pcalua.exe -a C:\Users\Lucas\Desktop\HijackThis.exe -d C:\Users\Lucas\Desktop Task: {A39A1932-C558-4B97-893C-A5C5DBA93E86} - System32\Tasks\{C9C62E99-2E9D-4BA3-A494-9C840D3E084C} => pcalua.exe -a C:\Users\Lucas\Downloads\BW-1161.exe -d C:\Users\Lucas\Downloads Task: {A5656DB0-2D28-4C67-976A-CE085DA215F7} - System32\Tasks\{1EB21245-6E8C-4FF5-AA0F-BE4A45555A83} => C:\Program Files (x86)\StarCraft\StarCraft.exe [2009-01-09] (Blizzard Entertainment) Task: {C3442A41-1867-4B5C-BD1E-EE9880562F4E} - \TidyNetwork Update No Task File <==== ATTENTION Task: {CB2E7E47-1290-4411-BCC9-666EDF311991} - System32\Tasks\{A5AF77C6-2BDA-452A-841A-09C193B3293C} => C:\Program Files (x86)\StarCraft\StarCraft.exe [2009-01-09] (Blizzard Entertainment) Task: {D29E6CA6-611A-4352-8FA3-6ECCCB1E2EC9} - System32\Tasks\{BE92F4E1-10E2-4847-A65D-29966F5AA3A0} => pcalua.exe -a C:\Users\Lucas\AppData\Local\Temp\{CF8E91A4-DB1B-4FEC-AA8B-D173A75F7992}\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {D3546AAA-99AE-436C-B8F3-8C4CEF8E98AE} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION Task: {DF27DE07-8F60-4136-819F-3F4DBBDF3931} - System32\Tasks\{F387621D-5A89-4A5D-BB42-6881FBD4320F} => pcalua.exe -a "C:\Users\Lucas\Downloads\Reis Minimap Mod Installer.exe" -d C:\Users\Lucas\Downloads Task: {EDD823BC-295F-486A-8591-A5EA8615290C} - System32\Tasks\{4E012E54-16F1-4334-A353-48EDC9536D38} => C:\Program Files (x86)\StarCraft\StarCraft.exe [2009-01-09] (Blizzard Entertainment) Task: {F6D59D6D-79E3-4638-B1B7-A6D1F7A6D749} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {F7F18271-4F85-46E7-AA4F-A62647B1C5A5} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-07-14 18:11 - 2010-07-14 18:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2011-05-08 22:27 - 2011-03-06 07:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-12-05 03:36 - 2014-12-05 03:36 - 01589760 _____ () C:\Program Files (x86)\PerforMax Cleaner\PerforMax Cleaner.exe 2011-12-06 18:21 - 2011-12-06 18:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2007-07-12 13:11 - 2007-07-12 13:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll 2014-11-09 16:47 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2009-11-02 16:20 - 2009-11-02 16:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 16:23 - 2009-11-02 16:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2014-12-10 19:11 - 2014-12-10 19:11 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s ========================= Accounts: ========================== Administrator (S-1-5-21-524691610-2607265322-4011940379-500 - Administrator - Disabled) Guest (S-1-5-21-524691610-2607265322-4011940379-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-524691610-2607265322-4011940379-1002 - Limited - Enabled) Lucas (S-1-5-21-524691610-2607265322-4011940379-1000 - Administrator - Enabled) => C:\Users\Lucas ==================== Faulty Device Manager Devices ============= Name: Photosmart C4700 series Description: Photosmart C4700 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Photosmart C4700 series Description: Photosmart C4700 series Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/27/2014 04:49:43 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e70 Start Time: 01d021f527bba2dc Termination Time: 187 Application Path: C:\Windows\Explorer.EXE Report Id: 359b927d-8e12-11e4-9719-14dae9c9bd08 Error: (12/27/2014 11:51:50 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Stream product id=0x0066): Streaming Failed Error: (12/27/2014 11:51:20 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Too many failures while downloading ranges: 2 Error: (12/27/2014 08:43:57 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (12/27/2014 08:35:49 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Stream product id=0x0066): Streaming Failed Error: (12/27/2014 08:35:19 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Too many failures while downloading ranges: 2 Error: (12/27/2014 08:29:10 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Risk of Rain.exe version 1.0.0.39 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1970 Start Time: 01d021d78e0ddd09 Termination Time: 434 Application Path: C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe Report Id: Error: (12/26/2014 03:21:58 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (12/21/2014 09:40:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: javaw.exe, version: 7.0.670.1, time stamp: 0x53d27f39 Faulting module name: glass.dll, version: 0.0.0.0, time stamp: 0x53d28873 Exception code: 0xc0000005 Fault offset: 0x0000000000001046 Faulting process id: 0x56c Faulting application start time: 0xjavaw.exe0 Faulting application path: javaw.exe1 Faulting module path: javaw.exe2 Report Id: javaw.exe3 Error: (12/16/2014 07:10:32 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Microsoft Word because of this error. Program: Microsoft Word File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0 System errors: ============= Error: (12/27/2014 11:26:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The {8fb4e628-35c6-4275-89be-ce3462febcc4}Gw64 service failed to start due to the following error: %%577 Error: (12/27/2014 09:05:49 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.191.886.0 Update Source: %NT AUTHORITY59 Update Stage: 4.6.0305.00 Source Path: 4.6.0305.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (12/27/2014 08:57:24 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (12/27/2014 08:57:19 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} Error: (12/27/2014 08:56:49 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (12/27/2014 08:43:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.191.886.0 Update Source: %NT AUTHORITY59 Update Stage: 4.6.0305.00 Source Path: 4.6.0305.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (12/27/2014 08:31:41 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (12/27/2014 08:17:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.191.886.0 Update Source: %NT AUTHORITY59 Update Stage: 4.6.0305.00 Source Path: 4.6.0305.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (12/26/2014 04:08:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.191.886.0 Update Source: %NT AUTHORITY59 Update Stage: 4.6.0305.00 Source Path: 4.6.0305.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (12/26/2014 03:31:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.191.886.0 Update Source: %NT AUTHORITY59 Update Stage: 4.6.0305.00 Source Path: 4.6.0305.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Microsoft Office Sessions: ========================= Error: (12/27/2014 04:49:43 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.17567e7001d021f527bba2dc187C:\Windows\Explorer.EXE359b927d-8e12-11e4-9719-14dae9c9bd08 Error: (12/27/2014 11:51:50 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: (Stream product id=0x0066): Streaming Failed Error: (12/27/2014 11:51:20 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Too many failures while downloading ranges: 2 Error: (12/27/2014 08:43:57 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (12/27/2014 08:35:49 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: (Stream product id=0x0066): Streaming Failed Error: (12/27/2014 08:35:19 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Too many failures while downloading ranges: 2 Error: (12/27/2014 08:29:10 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Risk of Rain.exe1.0.0.39197001d021d78e0ddd09434C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe Error: (12/26/2014 03:21:58 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (12/21/2014 09:40:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: javaw.exe7.0.670.153d27f39glass.dll0.0.0.053d28873c0000005000000000000104656c01d01d6f2fe2a672C:\Program Files\Java\jre7\bin\javaw.exeC:\Program Files\Java\jre7\bin\glass.dlld7e01663-8983-11e4-a677-14dae9c9bd08 Error: (12/16/2014 07:10:32 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Microsoft Word000000000 CodeIntegrity Errors: =================================== Date: 2014-12-27 11:26:21.407 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-27 11:26:21.343 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-15 21:29:05.666 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-15 21:29:05.354 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i3-2330M CPU @ 2.20GHz Percentage of memory in use: 39% Total physical RAM: 5922.22 MB Available physical RAM: 3561.09 MB Total Pagefile: 11842.62 MB Available Pagefile: 9022.02 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:238.47 GB) (Free:159.36 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:332.7 GB) (Free:332.6 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: AA9693FE) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=238.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=332.7 GB) - (Type=OF Extended) ==================== End Of Log ============================
  10. I have read your closing post. Thank you so much for your help! Once again, I am very sorry about extending this for two months. Have a good one!
  11. I ended up using F-secure, as the ESET scanner was still unusable. Nothing was found, and there are no symptoms.
  12. I ran the HJT fix, but the add-on doesn't make itself available for downlad when I try to run the scanner. After I agree to the TOS, it just displays a grey box.
  13. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.05.12.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17105 Lucas :: LUCAS-PC [administrator] 5/12/2014 9:02:42 PM mbam-log-2014-05-12 (21-02-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 243156 Time elapsed: 11 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files (x86)\Settings Manager\systemk (PUP.Optional.SettingsManager.A) -> Quarantined and deleted successfully. Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:08:50 PM, on 5/12/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17041) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe C:\Users\Lucas\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S O4 - HKLM\..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe O4 - Global Startup: FancyStart daemon.lnk = ? O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11305 bytes No major issues so far. HJT thought it was denied access to hosts, but I did not find any blocks in there (as per the instructions).
  14. It appears to have worked; the redirects have stopped.
  15. I haven't completed all of the steps; my brother doesn't have a Google Sync account. Would any Google/Youtube account be sufficient?
  16. ComboFix 14-04-30.01 - Lucas 05/01/2014 20:57:58.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5922.4525 [GMT -4:00] Running from: c:\users\Lucas\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2014-04-02 to 2014-05-02 ))))))))))))))))))))))))))))))) . . 2014-05-02 01:08 . 2014-05-02 01:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-29 01:36 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6113CB8-56D9-44B5-BDD8-A9CED623D420}\mpengine.dll 2014-04-26 16:52 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-04-20 14:35 . 2014-04-23 22:08 -------- d-----w- C:\FRST 2014-04-19 13:13 . 2014-02-20 01:04 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15CF442B-9B13-41E5-A0E9-86A2E1AF02FD}\gapaengine.dll 2014-04-17 22:02 . 2014-04-17 22:02 -------- d-----w- c:\program files (x86)\Settings Manager 2014-04-17 22:02 . 2014-04-17 22:02 -------- d-----w- c:\program files\File Association Helper 2014-04-17 10:20 . 2014-04-17 10:20 -------- d-sh--w- c:\users\Lucas\AppData\Local\EmieUserList 2014-04-17 10:20 . 2014-04-17 10:20 -------- d-sh--w- c:\users\Lucas\AppData\Local\EmieSiteList 2014-04-11 07:01 . 2014-03-06 08:32 574976 ----a-w- c:\windows\system32\ieui.dll 2014-04-11 07:01 . 2014-03-06 06:00 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2014-04-11 07:01 . 2014-03-06 05:50 257536 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll 2014-04-11 07:01 . 2014-03-06 08:57 548352 ----a-w- c:\windows\system32\vbscript.dll 2014-04-11 07:01 . 2014-03-06 08:02 455168 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-04-11 07:01 . 2014-03-06 08:36 222720 ----a-w- c:\program files\Internet Explorer\ielowutil.exe 2014-04-11 07:01 . 2014-03-06 07:44 222720 ----a-w- c:\program files (x86)\Internet Explorer\ielowutil.exe 2014-04-11 07:01 . 2014-03-06 07:03 470016 ----a-w- c:\program files (x86)\Internet Explorer\ieinstal.exe 2014-04-09 21:01 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-05-01 20:45 . 2012-09-02 23:57 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-05-01 20:45 . 2012-09-02 23:57 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-04-26 19:11 . 2012-09-11 02:46 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe 2014-04-10 11:41 . 2012-09-08 16:33 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-03-11 13:52 . 2012-03-21 03:44 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2014-03-04 09:17 . 2014-04-09 21:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2014-02-20 01:04 . 2012-10-02 21:39 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-02-07 01:23 . 2014-03-13 18:15 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-02-04 02:32 . 2014-03-13 18:11 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-02-04 02:32 . 2014-03-13 18:11 624128 ----a-w- c:\windows\system32\qedit.dll 2014-02-04 02:04 . 2014-03-13 18:11 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-02-04 02:04 . 2014-03-13 18:11 509440 ----a-w- c:\windows\SysWow64\qedit.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-02-25 1821888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536] "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-2 548528] FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe -d [2011-8-28 12862] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys;c:\windows\SYSNATIVE\DRIVERS\HP8207_8307.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x] R3 X6va016;X6va016;c:\windows\SysWOW64\Drivers\X6va016;c:\windows\SysWOW64\Drivers\X6va016 [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-30 02:16 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 20:45] . 2014-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36] . 2014-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36] . 2014-05-01 c:\windows\Tasks\Norton Security Scan for Lucas.job - c:\progra~2\NORTON~2\Engine\410~1.28\Nss.exe [2014-02-13 06:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-28 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2014-01-28 729272] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Toolbar-10 - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va015] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va016] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va016" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.13" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-05-01 21:12:48 ComboFix-quarantined-files.txt 2014-05-02 01:12 ComboFix2.txt 2014-04-16 01:36 . Pre-Run: 180,599,369,728 bytes free Post-Run: 182,369,849,344 bytes free . - - End Of File - - 3B4192D4D784541126B73B0235B7E2D2 The redirect is still present for Chrome (my brother changed the homepage for Firefox.) Other than that, everything seems to be fine.
  17. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-04-2014 Ran by Lucas at 2014-04-23 18:08:53 Run:1 Running from C:\Users\Lucas\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll File Not Found SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...m=320&src=ds&p={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...m=320&src=ds&p={searchTerms} SearchScopes: HKCU - URL http://search.condui...6BD7DB65654D&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...on.ashx?prefix={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...m=320&src=ds&p={searchTerms} BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll No File BHO: TidyNetwork - {5AB835E1-4A43-3826-FDF5-5636839C9F15} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-s...&tm=320&src=hmp FF Extension: Linkey for Firefox - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\Extensions\extension@linkeyproject.com [2014-04-17] ***************** HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe => Key deleted successfully. "C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll" => Value Data removed successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key deleted successfully. HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key deleted successfully. HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully. HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB835E1-4A43-3826-FDF5-5636839C9F15} => Key deleted successfully. HKCR\CLSID\{5AB835E1-4A43-3826-FDF5-5636839C9F15} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\Extensions\extension@linkeyproject.com => Moved successfully. ==== End of Fixlog ====
  18. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 Ran by Lucas (administrator) on LUCAS-PC on 20-04-2014 10:35:12 Running from C:\Users\Lucas\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (ASUS) C:\Windows\AsScrPro.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor) HKLM\...\Run: [setwallpaper] => c:\programdata\SetWallpaper.cmd HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing) HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme) HKLM-x32\...\Run: [sonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [updateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-524691610-2607265322-4011940379-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-524691610-2607265322-4011940379-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [841096 2014-03-22] (Adobe Systems Incorporated) AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll File Not Found IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=492&aid=100&itype=n&ver=12283&tm=320&src=hmp StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=n&ver=12283&tm=320&src=ds&p={searchTerms} SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=n&ver=12283&tm=320&src=ds&p={searchTerms} SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3321972&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2C19C6B8-4F4A-4707-B89D-6BD7DB65654D&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=n&ver=12283&tm=320&src=ds&p={searchTerms} BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll No File BHO: TidyNetwork - {5AB835E1-4A43-3826-FDF5-5636839C9F15} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\searchplugins\default-search.xml FF Extension: Linkey for Firefox - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\Extensions\extension@linkeyproject.com [2014-04-17] FF Extension: Settings Manager - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\Extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E} [2014-04-17] FF Extension: Flashblock - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-15] FF Extension: WOT - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28] FF Extension: Adblock Plus - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-16] Chrome: ======= CHR DefaultSearchProvider: default-search.net CHR DefaultSearchURL: http://www.default-search.net/search?sid=492&aid=100&itype=n&ver=12283&tm=320&src=ds&p={searchTerms} CHR Extension: (Google Wallet) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28] ==================== Services (Whitelisted) ================= S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-13] (Symantec Corporation) S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-05] (Windows ® Win 7 DDK provider) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-20 10:35 - 2014-04-20 10:36 - 00019170 _____ () C:\Users\Lucas\Desktop\FRST.txt 2014-04-20 10:35 - 2014-04-20 10:35 - 00000000 ____D () C:\FRST 2014-04-20 10:33 - 2014-04-20 10:34 - 02055680 _____ (Farbar) C:\Users\Lucas\Desktop\FRST64.exe 2014-04-17 18:02 - 2014-04-17 18:02 - 00000000 ____D () C:\Program Files\File Association Helper 2014-04-17 18:02 - 2014-04-17 18:02 - 00000000 ____D () C:\Program Files (x86)\Settings Manager 2014-04-17 18:01 - 2014-04-17 18:01 - 00820840 _____ ( ) C:\Users\Lucas\Downloads\winzip175-mediafire.exe 2014-04-17 06:20 - 2014-04-17 06:20 - 00000000 __SHD () C:\Users\Lucas\AppData\Local\EmieUserList 2014-04-17 06:20 - 2014-04-17 06:20 - 00000000 __SHD () C:\Users\Lucas\AppData\Local\EmieSiteList 2014-04-15 21:36 - 2014-04-15 21:36 - 00021712 _____ () C:\ComboFix.txt 2014-04-15 21:28 - 2014-04-15 21:28 - 00000219 _____ () C:\Users\Lucas\Desktop\Super Mario Boards - Index.URL 2014-04-15 19:32 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-15 19:32 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-15 19:32 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-15 19:32 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-15 19:32 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-15 19:32 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-15 19:32 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-15 19:32 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-15 19:31 - 2014-04-15 21:36 - 00000000 ____D () C:\Qoobox 2014-04-15 19:31 - 2014-04-15 21:33 - 00000000 ____D () C:\Windows\erdnt 2014-04-15 16:34 - 2014-04-15 16:34 - 00000000 ____D () C:\Users\Lucas\AppData\Local\{39B74F4D-1646-4C4B-97CA-810E1CBA9B5F} 2014-04-11 19:25 - 2014-04-11 19:25 - 01070496 _____ (Unity Technologies ApS) C:\Users\Lucas\Downloads\UnityWebPlayer.exe 2014-04-11 03:01 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-11 03:01 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-11 03:01 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-11 03:01 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-11 03:00 - 2014-03-06 06:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-11 03:00 - 2014-03-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-11 03:00 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-11 03:00 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-11 03:00 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-11 03:00 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-11 03:00 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-11 03:00 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-11 03:00 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-11 03:00 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-11 03:00 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-11 03:00 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-11 03:00 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-11 03:00 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-11 03:00 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-11 03:00 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-11 03:00 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-11 03:00 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-11 03:00 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-11 03:00 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-11 03:00 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-11 03:00 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-11 03:00 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-11 03:00 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-11 03:00 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-11 03:00 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-11 03:00 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-11 03:00 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-11 03:00 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-11 03:00 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-11 03:00 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-11 03:00 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-11 03:00 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-11 03:00 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-11 03:00 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-11 03:00 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-11 03:00 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-11 03:00 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-11 03:00 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-11 03:00 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-11 03:00 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-11 03:00 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-11 03:00 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-11 03:00 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-09 17:01 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 17:01 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 17:01 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 17:01 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 17:01 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 17:01 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 17:01 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 17:01 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 17:01 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 17:01 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 17:01 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 17:01 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 17:01 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 17:01 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 17:01 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 17:01 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 17:01 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-08 15:08 - 2014-04-15 19:30 - 05194807 ____R (Swearware) C:\Users\Lucas\Downloads\ComboFix.exe 2014-04-01 19:26 - 2014-04-01 19:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-22 17:37 - 2014-04-15 16:33 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Windows Live 2014-03-22 17:36 - 2014-03-22 17:37 - 00000000 ____D () C:\Users\Lucas\AppData\Local\{AA7F4B20-D403-4462-8560-FE6118872D41} 2014-03-22 16:17 - 2014-03-22 16:17 - 00024576 ___SH () C:\Users\Lucas\Thumbs.db 2014-03-22 15:00 - 2014-03-22 15:00 - 02269709 _____ () C:\Users\Lucas\Downloads\forge-1.6.4-9.11.1.953-installer.jar ==================== One Month Modified Files and Folders ======= 2014-04-20 10:36 - 2014-04-20 10:35 - 00019170 _____ () C:\Users\Lucas\Desktop\FRST.txt 2014-04-20 10:35 - 2014-04-20 10:35 - 00000000 ____D () C:\FRST 2014-04-20 10:34 - 2014-04-20 10:33 - 02055680 _____ (Farbar) C:\Users\Lucas\Desktop\FRST64.exe 2014-04-20 10:33 - 2012-09-02 19:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-20 10:16 - 2011-08-28 23:00 - 01939170 _____ () C:\Windows\WindowsUpdate.log 2014-04-20 10:15 - 2011-04-02 00:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-19 19:15 - 2011-04-02 00:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-19 18:46 - 2013-10-22 19:10 - 00000452 ____H () C:\Windows\Tasks\Norton Security Scan for Lucas.job 2014-04-19 09:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-04-19 07:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-18 07:40 - 2012-09-10 22:46 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe 2014-04-18 07:29 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-18 07:29 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-18 07:22 - 2013-01-10 17:35 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-18 07:22 - 2012-08-27 20:28 - 00000000 ___HD () C:\ASUS.DAT 2014-04-18 07:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-18 07:21 - 2009-07-14 00:51 - 00078880 _____ () C:\Windows\setupact.log 2014-04-17 22:53 - 2011-04-02 00:17 - 00564568 _____ () C:\Windows\PFRO.log 2014-04-17 22:24 - 2011-08-28 23:12 - 00002106 _____ () C:\Windows\system32\AutoRunFilter.ini 2014-04-17 18:02 - 2014-04-17 18:02 - 00000000 ____D () C:\Program Files\File Association Helper 2014-04-17 18:02 - 2014-04-17 18:02 - 00000000 ____D () C:\Program Files (x86)\Settings Manager 2014-04-17 18:01 - 2014-04-17 18:01 - 00820840 _____ ( ) C:\Users\Lucas\Downloads\winzip175-mediafire.exe 2014-04-17 06:20 - 2014-04-17 06:20 - 00000000 __SHD () C:\Users\Lucas\AppData\Local\EmieUserList 2014-04-17 06:20 - 2014-04-17 06:20 - 00000000 __SHD () C:\Users\Lucas\AppData\Local\EmieSiteList 2014-04-15 21:36 - 2014-04-15 21:36 - 00021712 _____ () C:\ComboFix.txt 2014-04-15 21:36 - 2014-04-15 19:31 - 00000000 ____D () C:\Qoobox 2014-04-15 21:36 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default 2014-04-15 21:33 - 2014-04-15 19:31 - 00000000 ____D () C:\Windows\erdnt 2014-04-15 21:31 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini 2014-04-15 21:28 - 2014-04-15 21:28 - 00000219 _____ () C:\Users\Lucas\Desktop\Super Mario Boards - Index.URL 2014-04-15 19:30 - 2014-04-08 15:08 - 05194807 ____R (Swearware) C:\Users\Lucas\Downloads\ComboFix.exe 2014-04-15 16:34 - 2014-04-15 16:34 - 00000000 ____D () C:\Users\Lucas\AppData\Local\{39B74F4D-1646-4C4B-97CA-810E1CBA9B5F} 2014-04-15 16:33 - 2014-03-22 17:37 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Windows Live 2014-04-11 20:35 - 2012-09-08 12:35 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\.minecraft 2014-04-11 19:25 - 2014-04-11 19:25 - 01070496 _____ (Unity Technologies ApS) C:\Users\Lucas\Downloads\UnityWebPlayer.exe 2014-04-11 03:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-10 07:56 - 2009-07-14 01:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-10 07:45 - 2012-09-03 14:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-10 07:44 - 2013-07-19 14:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 07:41 - 2012-09-08 12:33 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-08 21:15 - 2013-09-28 14:32 - 00000000 ____D () C:\Users\Lucas\Desktop\EVERYTHING 2014-04-03 16:35 - 2012-08-27 17:50 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-04-03 16:34 - 2012-08-27 17:50 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-03 16:34 - 2012-08-27 17:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-03 16:34 - 2009-07-14 01:13 - 00798780 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-03 16:29 - 2012-08-27 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-01 19:27 - 2014-04-01 19:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-31 19:10 - 2011-04-02 00:36 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-31 19:10 - 2011-04-02 00:36 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-22 17:37 - 2014-03-22 17:36 - 00000000 ____D () C:\Users\Lucas\AppData\Local\{AA7F4B20-D403-4462-8560-FE6118872D41} 2014-03-22 16:17 - 2014-03-22 16:17 - 00024576 ___SH () C:\Users\Lucas\Thumbs.db 2014-03-22 16:17 - 2012-08-27 20:28 - 00000000 ____D () C:\Users\Lucas 2014-03-22 15:02 - 2014-01-20 11:44 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Adobe 2014-03-22 15:02 - 2012-09-02 19:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-22 15:02 - 2012-09-02 19:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-22 15:02 - 2012-09-02 19:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-22 15:00 - 2014-03-22 15:00 - 02269709 _____ () C:\Users\Lucas\Downloads\forge-1.6.4-9.11.1.953-installer.jar Files to move or delete: ==================== C:\ProgramData\PKP_DLeo.DAT C:\ProgramData\PKP_DLes.DAT C:\ProgramData\PKP_DLet.DAT C:\ProgramData\PKP_DLev.DAT Some content of TEMP: ==================== C:\Users\Lucas\AppData\Local\Temp\ICReinstall_winzip175-mediafire.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-19 09:07 ==================== End Of Log ============================ Addition.txt
  19. Before I run the scans, I think I should point out that my brother just got another bit of adware on his computer, one that redirects to default-search.net MSE didn't find anything, and here's the log from MBAM: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.18.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17041 Lucas :: LUCAS-PC [administrator] 4/17/2014 10:31:00 PM mbam-log-2014-04-17 (22-31-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 235665 Time elapsed: 11 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll (PUP.Optional.SettingsManager.A) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 C:\Program Files (x86)\Settings Manager\systemk (PUP.Optional.SettingsManager.A) -> Delete on reboot. C:\Program Files (x86)\Settings Manager\systemk\x64 (PUP.Optional.SettingsManager.A) -> Delete on reboot. Files Detected: 2 C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll (PUP.Optional.SettingsManager.A) -> Delete on reboot. C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (PUP.Optional.SettingsManager.A) -> Delete on reboot. (end)
  20. Again, I'm very, very sorry for the wait. I'll make sure it doesn't happen again. My apologies for this out. ComboFix 14-04-12.01 - Lucas 04/15/2014 19:35:50.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5922.4464 [GMT -4:00] Running from: c:\users\Lucas\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{07C20F8E-9676-433E-B3EC-E8853DC729FF}.xps c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1ADE91E7-35FD-4AD1-B835-0312E2F86CC3}.xps c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2BE8F50D-FFF6-4300-8B8A-EC9D35937D1B}.xps c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{32680394-EAE6-42C0-8B37-5C1F82F16475}.xps c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3D07C742-4436-48FF-9D57-FB3A52691B33}.xps c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41E4362C-21B9-40C1-93AF-9102BBE71775}.xps c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{48B272A7-4BAD-4896-B092-D0831408112A}.xps c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6A6166C7-13AD-42B1-97DF-A81D67931BD3}.xps c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{84EF7F24-6C9B-4230-88EF-F43758629731}.xps c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABC2FDA6-09D7-4AB1-8D21-73C91F7ECE8A}.xps c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B47E4D1C-50A1-4B39-9373-0C90BC7FBF55}.xps c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BF122C44-8B67-43D4-BA36-3060879144D0}.xps c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C35DA063-3588-48D3-9FB4-343F0288F24B}.xps c:\users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C94480F8-19F4-40C3-B0F2-B5ACA13284D2}.xps c:\users\Lucas\Documents\~WRL3669.tmp . . ((((((((((((((((((((((((( Files Created from 2014-03-16 to 2014-04-16 ))))))))))))))))))))))))))))))) . . 2014-04-16 01:30 . 2014-04-16 01:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-16 01:06 . 2014-04-01 01:15 10651696 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5F15611-7648-4465-9AE7-8F85A85B0F73}\mpengine.dll 2014-04-14 23:15 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-04-11 07:01 . 2014-03-06 08:32 574976 ----a-w- c:\windows\system32\ieui.dll 2014-04-11 07:01 . 2014-03-06 06:00 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2014-04-11 07:01 . 2014-03-06 05:50 257536 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll 2014-04-11 07:01 . 2014-03-06 08:57 548352 ----a-w- c:\windows\system32\vbscript.dll 2014-04-11 07:01 . 2014-03-06 08:02 455168 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-04-11 07:01 . 2014-03-06 08:36 222720 ----a-w- c:\program files\Internet Explorer\ielowutil.exe 2014-04-11 07:01 . 2014-03-06 07:44 222720 ----a-w- c:\program files (x86)\Internet Explorer\ielowutil.exe 2014-04-11 07:01 . 2014-03-06 07:03 470016 ----a-w- c:\program files (x86)\Internet Explorer\ieinstal.exe 2014-04-09 21:01 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys 2014-04-03 23:40 . 2014-02-20 01:04 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F48D764C-9DA1-4A8F-A327-B454DDBDA75A}\gapaengine.dll 2014-03-22 21:37 . 2014-04-15 20:33 -------- d-----w- c:\users\Lucas\AppData\Local\Windows Live . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-10 11:41 . 2012-09-08 16:33 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-04-08 19:37 . 2012-09-11 02:46 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe 2014-03-22 19:02 . 2012-09-02 23:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-22 19:02 . 2012-09-02 23:57 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-11 13:52 . 2012-03-21 03:44 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2014-03-04 09:17 . 2014-04-09 21:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2014-02-20 01:04 . 2012-10-02 21:39 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-02-07 01:23 . 2014-03-13 18:15 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-02-04 02:32 . 2014-03-13 18:11 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-02-04 02:32 . 2014-03-13 18:11 624128 ----a-w- c:\windows\system32\qedit.dll 2014-02-04 02:04 . 2014-03-13 18:11 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-02-04 02:04 . 2014-03-13 18:11 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-01-29 02:32 . 2014-03-13 18:15 484864 ----a-w- c:\windows\system32\wer.dll 2014-01-29 02:06 . 2014-03-13 18:15 381440 ----a-w- c:\windows\SysWow64\wer.dll 2014-01-28 02:32 . 2014-03-13 18:15 228864 ----a-w- c:\windows\system32\wwansvc.dll 2014-01-25 05:19 . 2014-01-25 05:19 268512 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2014-01-19 07:33 . 2012-08-27 21:53 270496 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-02-25 1821888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536] "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-2 548528] FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe -d [2011-8-28 12862] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys;c:\windows\SYSNATIVE\DRIVERS\HP8207_8307.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x] R3 X6va016;X6va016;c:\windows\SysWOW64\Drivers\X6va016;c:\windows\SysWOW64\Drivers\X6va016 [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-09 20:42 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 19:02] . 2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36] . 2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36] . 2014-04-12 c:\windows\Tasks\Norton Security Scan for Lucas.job - c:\progra~2\NORTON~2\Engine\410~1.28\Nss.exe [2014-02-13 06:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-28 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\ FF - prefs.js: browser.search.selectedEngine - Google . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{5AB835E1-4A43-3826-FDF5-5636839C9F15} - c:\program files (x86)\TidyNetwork\petn64.dll Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va015] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va016] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va016" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-04-15 21:36:48 ComboFix-quarantined-files.txt 2014-04-16 01:36 . Pre-Run: 180,621,262,848 bytes free Post-Run: 181,666,492,416 bytes free . - - End Of File - - 786F702BEB7C016130B2A14E3203727E So far there are no indicators of a continued infections as far as I've observed. Thanks once again.
  21. I'll have it by tomorrow, definitely. I'm really terribly sorry about how long this has been taking.
  22. Hey, sorry about the late response. I'll be able to get on the computer soon, and I'll get to you when I can. Thanks
  23. Haven't seen you here before ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Home Premium x64 Ran by Lucas on Thu 03/13/2014 at 18:36:35.26 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3EF0E6B0-0DA1-4CB4-975C-10FD3F6536E3} Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}" ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{0293A61C-2017-4B54-91C5-90A682A24994} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{02C48749-2F3A-4572-B2C2-E7F2EC5CB007} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{04EB1E06-E6D8-4E71-8D0B-E78A2FC1C4EF} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{06853AE0-2701-4614-93C2-B3BA13DB7AF1} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{1EDEB6BD-23EB-4F0D-B264-BE5ADB2A76C8} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{2BA3D17B-3598-4BF7-82AF-02B1FD41CD30} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{330E09E1-978F-4AF9-B31C-C3242899C1F7} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{35CBFE1B-25CB-474D-B427-6EDFFB0C82CA} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{3DB51FCF-CFD7-4501-B4C7-380B595E60C6} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{3DC8344D-BBA1-40EC-9536-A60748F3E23B} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{4EC86299-6AB2-4BEA-93A1-1A092C05ECF9} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{54583C9E-45F5-4668-8FE7-707FC6A21A69} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{57958D80-032B-4838-8FA1-C469EDED2CC7} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{5C9BB924-93B3-477D-AF5E-94295154C424} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{66933081-A66E-428B-AB7E-F0973625F50E} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{6774874F-EC6D-4853-AECB-47107A8EBFBF} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{6A605025-3623-4505-9158-AB67AEAE517D} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{6BA2BC79-7870-46EB-BD37-417FE8E04D0B} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{84A2BE64-489E-4992-BE41-303412FD65D2} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{8707A224-ADD0-486A-A15B-9A4A9E6776A0} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{8F49CB79-3766-4441-9006-BD8A8523F03B} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{A475E013-7EA8-4FE3-90A5-22E17C1075A6} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{AC04475D-CE1C-4BDB-909B-897DEC3C1A81} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{B02645B2-968C-495A-BCF6-68A84EE8091F} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{B7528A70-5BFE-4F7F-9013-F460D0557D70} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{BA1ACE1E-9880-49FB-B931-E26EB31C1BF7} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{D2ED117D-F631-48D7-9CC1-1BF5FF94CAF0} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{EA50EE8E-4F81-429F-9E01-18EA3D8837E9} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{EC0399C8-5862-4750-835F-00F562E666F1} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{F5977A3D-B5F5-416A-8B43-CE43336EF5DA} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{F7449E47-5E95-4FD3-A477-BEB8B855E56A} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{F81B767F-BD89-49CC-B6ED-D892D4585142} Successfully deleted: [Empty Folder] C:\Users\Lucas\appdata\local\{F9FAF168-4F7F-40FB-B5DC-461B115755CD} ~~~ FireFox Emptied folder: C:\Users\Lucas\AppData\Roaming\mozilla\firefox\profiles\6zd0no7f.default\minidumps [349 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 03/13/2014 at 18:54:30.52 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.022 - Report created 13/03/2014 at 18:29:50 # Updated 13/03/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Lucas - LUCAS-PC # Running from : C:\Users\Lucas\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : 70e6ca8c ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2 Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Program Files (x86)\Optimizer Pro Folder Deleted : C:\Program Files (x86)\TidyNetwork Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} Folder Deleted : C:\Users\Lucas\AppData\Local\apn Folder Deleted : C:\Users\Lucas\AppData\Local\SearchProtect Folder Deleted : C:\Users\Lucas\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Lucas\AppData\Roaming\Optimizer Pro Folder Deleted : C:\Users\Lucas\Documents\Optimizer Pro File Deleted : C:\END File Deleted : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\searchplugins\Askcom.xml File Deleted : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\searchplugins\conduit-search.xml File Deleted : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\user.js File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro] Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Line Deleted : user_pref("browser.search.order.1", "Ask.com"); Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", ""); -\\ Google Chrome v33.0.1750.146 [ File : C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : icon_url ************************* AdwCleaner[R0].txt - [7101 octets] - [13/03/2014 18:28:11] AdwCleaner[s0].txt - [6471 octets] - [13/03/2014 18:29:50] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6531 octets] ########## There was an add-on that we removed before the scans that got rid of the ads, but we still had the redirect until the scan was run.
  24. Hey, My brother was downloading GIMP onto his computer, and there appears to be some sort of browser hijack in it - new tabs in Firefox go to conduit.com, and random words are blue and double-underlined, and display a GIMP advertisement when hovered over with the mouse. MSE didn't find anything; Malwarebytes did, but it was unable to remove whatever's causing this mess. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.45.2 Run by Lucas at 21:48:53 on 2014-03-06 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5922.3776 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\SysWOW64\ACEngSvr.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll mWinlogon: Userinit = userinit.exe, BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{5213283F-3399-4EB1-9F8E-A30D7440A822} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{5213283F-3399-4EB1-9F8E-A30D7440A822}\2375942554139383 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{5213283F-3399-4EB1-9F8E-A30D7440A822}\3516E6962656C6021427D63702E45677 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{5213283F-3399-4EB1-9F8E-A30D7440A822}\762743 : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\progra~2\optimi~1\optpro~1.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll x64-BHO: TidyNetwork: {5AB835E1-4A43-3826-FDF5-5636839C9F15} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 x64-Run: [setwallpaper] c:\programdata\SetWallpaper.cmd x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\6zd0no7f.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll FF - plugin: C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll . ---- FIREFOX POLICIES ---- . user_pref(extensions.autoDisableScopes,14); ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024] R2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2009-7-13 45568] R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-8-28 379520] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-15 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-15 701512] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-28 2656280] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-5-8 138024] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-8 317440] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-5-8 76912] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-15 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-8-28 1103976] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-1 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-5 15360] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-29 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2014-03-07 02:42:47 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C2BEE99-E9C2-4C2D-AC58-FCD23DADF793}\offreg.dll 2014-03-07 00:29:19 -------- d-----w- C:\Users\Lucas\AppData\Roaming\Optimizer Pro 2014-03-07 00:27:26 -------- d-----w- C:\Users\Lucas\.gimp-2.6 2014-03-07 00:25:26 -------- d-----w- C:\Program Files (x86)\GIMP-2.0 2014-03-07 00:23:36 -------- d-----w- C:\Program Files (x86)\Optimizer Pro 2014-03-07 00:22:31 -------- d-----w- C:\Program Files (x86)\TidyNetwork 2014-03-07 00:20:03 -------- d-----w- C:\Users\Lucas\AppData\Local\SearchProtect 2014-03-06 21:32:56 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C9941A86-AE83-422F-B55D-84D292F39969}\gapaengine.dll 2014-03-06 21:32:15 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C2BEE99-E9C2-4C2D-AC58-FCD23DADF793}\mpengine.dll 2014-03-05 01:09:15 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-02-26 00:49:17 -------- d-----w- C:\Windows\Migration 2014-02-16 00:24:03 -------- d-----w- C:\Users\Lucas\AppData\Roaming\Malwarebytes 2014-02-16 00:23:50 -------- d-----w- C:\ProgramData\Malwarebytes 2014-02-16 00:23:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-02-16 00:23:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-16 00:23:23 -------- d-----w- C:\Users\Lucas\AppData\Local\Programs 2014-02-13 22:29:29 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0401000.01C 2014-02-13 22:29:29 -------- d-----w- C:\Windows\System32\drivers\NSSx64 2014-02-13 22:29:29 -------- d-----w- C:\Program Files (x86)\Norton Security Scan 2014-02-13 00:02:47 548864 ----a-w- C:\Windows\System32\vbscript.dll 2014-02-13 00:02:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-02-13 00:00:50 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-13 00:00:48 5768704 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-11 23:48:07 1882112 ----a-w- C:\Windows\System32\msxml3.dll 2014-02-11 23:48:07 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll 2014-02-11 23:48:06 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2014-02-11 23:48:06 2048 ----a-w- C:\Windows\System32\msxml3r.dll . ==================== Find3M ==================== . 2014-03-07 02:41:20 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe 2014-02-21 00:39:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-21 00:39:39 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll 2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe 2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll . ============= FINISH: 21:49:44.88 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 8/27/2012 8:28:47 PM System Uptime: 3/6/2014 9:40:33 PM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K53E Processor: Intel® Core i3-2330M CPU @ 2.20GHz | CPU 1 | 792/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 238 GiB total, 167.464 GiB free. D: is FIXED (NTFS) - 333 GiB total, 332.602 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Photosmart C4700 series Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Photosmart C4700 series PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart C4700 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart C4700 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP196: 2/22/2014 8:24:06 PM - Windows Update RP197: 2/25/2014 7:46:49 PM - Windows Update RP198: 2/26/2014 7:05:07 AM - Windows Update RP199: 3/1/2014 4:44:24 PM - Windows Update RP200: 3/4/2014 7:05:05 PM - Windows Update . ==== Installed Programs ====================== . ??????? Windows Live Mesh ActiveX ??(????) ??????? Windows Live Mesh ActiveX ??? 64 Bit HP CIO Components Installer Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Shockwave Player 12.0 Alcor Micro USB Card Reader ArcSoft Panorama Maker 6 Ask Toolbar Ask Toolbar Updater ASUS AI Recovery ASUS FancyStart ASUS Live Update ASUS Power4Gear Hybrid ASUS Splendid Video Enhancement Technology ASUS Virtual Camera ASUS WebStorage AsusScr_K3 Series_ENG AsusVibe2.0 ATK Package Bing Bar Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Controlo ActiveX do Windows Live Mesh para Ligações Remotas CyberLink LabelPrint CyberLink Power2Go D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Elsword version v3.1218.9.2 ETDWare PS/2-X64 8.0.5.1_WHQL Fast Boot Galeria de Fotografias do Windows Live Galerie de photos Windows Live Galería fotográfica de Windows Live GIMP 2.6.10 Google Chrome Google Toolbar for Internet Explorer Google Update Helper HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6 Insaniquarium Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Java 7 Update 45 Java Auto Updater Junk Mail filter update Kodu Game Lab Malwarebytes Anti-Malware version 1.75.0.1300 McAfee Security Scan Plus Mesh Runtime Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Starter 2010 - English Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Mozilla Firefox 27.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Network64 Nikon Message Center 2 Nikon Movie Editor Norton Security Scan Nuance PDF Reader Optimizer Pro v3.2 Picture Control Utility x64 PS_AIO_06_C4700_SW_Min PursuePoint Realtek High Definition Audio Driver REALTEK Wireless LAN Driver Scan Scribblenauts Unlimited Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Sonic Focus StarCraft Steam swMSM syncables desktop SE Toolbox Unity Web Player Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition ViewNX 2 Windows Live Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinFlash Wireless Console 3 . ==== Event Viewer Messages From Past Week ======== . 3/2/2014 10:58:54 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BRITTWINS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5213283F-3399-4EB1-9F8E-A30D7440A822}. The master browser is stopping or an election is being forced. . ==== End Of File =========================== Thanks once again for taking the time to assist me with this.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.