Jump to content

Attempting to remove istart123 virus but Malwarebytes AntiMalware will not open


ncj

Recommended Posts

Hello,

I contracted the istart123 browser hijacker virus from the fake java plugin update.  Malwarebytes AntiMalware will not open.  I researched using this forum and it seems like each case is unique.

 

Attached are logs of the Farbar Recovery Scan Tool, Rkill 2.6.8, and RogueKiller V9.2.8.0

 

Any feedback and directions are appreciated. Thank you!

 

-Nick

FRST.txt

Addition.txt

Rkill.txt

RKreport_SCN_08172014_214816.log

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Thank you for the reply.  I followed directions.  The scan ran successfully; however, I encountered two error messages while running the scan.

 

C:\Windows\system32\config\system:The process cannot access the file because it is being used by another process

C:\Users\Nick\ntuser.dat:The process cannot access the file because it is being used by another process

 

Here are the results of the scan:

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-18 21:36:45
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003b WDC_WD3200BPVT-80JJ5T0 rev.01.01A01 298.09GB
Running: eybbxd6f.exe; Driver: C:\Users\Nick\AppData\Local\Temp\fxloqpoc.sys


---- Devices - GMER 2.1 ----

Device  \Driver\NAVENG \Device\NAVENG                                                                                               fffff8801b072bb4
Device  \Driver\NAVEX15 \Device\NAVEX15                                                                                             fffff8801aea651c
Device  \FileSystem\SRTSP \Device\SRTSP                                                                                             fffff8801ace0e70

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [756:764]                                                                                     fffff9600089d5e8
Thread  C:\Windows\System32\svchost.exe [2224:3140]                                                                                 000007fc74091544
Thread  C:\Windows\System32\svchost.exe [2224:3176]                                                                                 000007fc740555dc
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3728:2152]  000007fc761077b0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                       unknown MBR code

---- EOF - GMER 2.1 ----
 

Link to post
Share on other sites

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

Link to post
Share on other sites

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

Idle~Crawler
Supporter 1.80
istart123 uninstall


Close the window.

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

Hi,

 

I was only able to uninstall Idle~Crawler.

 

When I attempted to uninstall Supporter 1.80 I received an error message that says:

 

There was a problem starting C:\PROGRA~2\SUPPOR~1\SUPPOR~1.DLL

The specified module could not be found.

 

I attached a screenshot of the error message.

 

When I attempted to uninstall istart123 uninstall it opens it's own uninstall window that will say "Uninstaller is preparing necessary data" with a "Waiting" load bar that never completes.  I waited over an hour with the "Waiting".  This happened when I previously tried uninstalling istart123 prior to my first post.  I attached a screenshot of the window.  It looks like a fake uninstall app that is a part of the virus to me.

 

I still cannot open Malwarebytes Antimalware. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by Nick at 2014-08-20 22:19:40 Run:1
Running from C:\Users\Nick\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istart123.com/?type=sc&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639&q={searchTerms}
BHO-x32: Fralimbo -> {5dbf8f55-71ed-4e0e-8e34-7a5ef1183176} -> C:\Program Files (x86)\Fralimbo\Fralimbobho.dll No File
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\uqearsei.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: istart123
FF Extension: Fast Start - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\uqearsei.default\Extensions\faststartff@gmail.com [2014-08-14]
FF Extension: cosstminn - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\uqearsei.default\Extensions\wojxhzve@sicypwnp.edu [2014-08-14]
CHR HomePage: hxxp://www.istart123.com/?type=hp&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639
CHR StartupUrls: "hxxp://www.istart123.com/?type=hp&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639"
CHR DefaultSearchKeyword: istart123
CHR DefaultSearchProvider: istart123
CHR DefaultSearchURL: http://www.istart123.com/web/?type=ds&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639&q={searchTerms}
CHR Extension: (cosstminn) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\djbgehbnkcapfhinmdelogofilhlommd [2014-08-14]
CHR Extension: (Coupon Matcher) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbeaeacnffjpnodemllopecegchjefhb [2013-11-10]
CHR Extension: (cosstminn) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\djbgehbnkcapfhinmdelogofilhlommd\2.0 [2014-08-14]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-08-14]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istart123.com/?type=sc&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {E44CE848-2EBE-45F4-A56C-818419AC4744} - \Idle~Crawler Runner No Task File <==== ATTENTION
Task: {E2CC72D1-715D-4573-8F10-5ABA8C069264} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~Crawler Update => %LOCALAPPDATA%\Idle~Crawler\Idle~Crawler.exe
Task: {E44CE848-2EBE-45F4-A56C-818419AC4744} - \Idle~Crawler Runner No Task File <==== ATTENTION
Task: {3A5A0AC1-C318-4415-AA5E-FCD345613F87} - System32\Tasks\6da78b41-e5af-4b61-baff-7e889a0bb2b7-5 => C:\Program Files (x86)\CinemaBig-1.1\6da78b41-e5af-4b61-baff-7e889a0bb2b7-5.exe

S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

C:\Program Files (x86)\Fralimbo
C:\ProgramData\SetStretch.exe
%LOCALAPPDATA%\Idle~Crawler
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\CinemaBig-1.1
2014-08-14 21:56 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Nick\AppData\Local\Idle~Crawler
2014-08-14 21:55 - 2014-08-14 21:55 - 00003906 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-14 21:55 - 2014-08-14 21:55 - 00003670 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Nick\AppData\Local\Torch
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Nick\AppData\Local\globalUpdate
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Nick\AppData\Local\Comodo
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Nick\AppData\Local\Chromatic Browser
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Guest
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Administrator
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\ProgramData\f7643d545d73d6ec
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\ProgramData\cosstminn
2014-08-14 21:54 - 2014-08-14 21:54 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-14 22:25 - 2014-08-14 21:55 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-08-14 22:25 - 2014-08-14 21:55 - 00000000 ____D () C:\Program Files (x86)\Supporter
2014-08-14 22:23 - 2014-08-14 21:54 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2014-08-14 23:07 - 2014-08-14 23:07 - 00003132 _____ () C:\Windows\System32\Tasks\{4B32D006-02A1-4293-A1DB-AC1A143E4222}
2014-08-14 23:07 - 2014-08-14 21:55 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\istart123
2014-08-14 23:23 - 2012-11-29 17:59 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-478063614-3405397891-931207975-1001
2014-08-14 23:15 - 2014-08-14 21:54 - 00000000 ____D () C:\Program Files (x86)\ver6click-n-mark
2014-08-15 21:41 - 2012-12-19 20:19 - 00000000 ____D () C:\Program Files (x86)\CouponMatcher

EmptyTemp:
Reboot:



*****************

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dbf8f55-71ed-4e0e-8e34-7a5ef1183176}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5dbf8f55-71ed-4e0e-8e34-7a5ef1183176}" => Key deleted successfully.
 => Should not be moved.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\uqearsei.default\Extensions\faststartff@gmail.com => Moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\uqearsei.default\Extensions\wojxhzve@sicypwnp.edu => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: istart123 ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\djbgehbnkcapfhinmdelogofilhlommd => Moved successfully.
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbeaeacnffjpnodemllopecegchjefhb => Moved successfully.
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\djbgehbnkcapfhinmdelogofilhlommd\2.0 directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma" => Key deleted successfully.
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx => Moved successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E44CE848-2EBE-45F4-A56C-818419AC4744}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Idle~Crawler Runner" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2CC72D1-715D-4573-8F10-5ABA8C069264}" => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Idle~Crawler Update not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Idle~Crawler Update" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E44CE848-2EBE-45F4-A56C-818419AC4744}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Idle~Crawler Runner" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A5A0AC1-C318-4415-AA5E-FCD345613F87}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A5A0AC1-C318-4415-AA5E-FCD345613F87}" => Key deleted successfully.
C:\Windows\System32\Tasks\6da78b41-e5af-4b61-baff-7e889a0bb2b7-5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6da78b41-e5af-4b61-baff-7e889a0bb2b7-5" => Key deleted successfully.
be0fb33b => Service deleted successfully.
globalUpdate => Service deleted successfully.
globalUpdatem => Service deleted successfully.
"C:\Program Files (x86)\Fralimbo" => File/Directory not found.
C:\ProgramData\SetStretch.exe => Moved successfully.
%LOCALAPPDATA%\Idle~Crawler => Error: No automatic fix found for this entry.
C:\Program Files (x86)\globalUpdate => Moved successfully.
"C:\Program Files (x86)\CinemaBig-1.1" => File/Directory not found.
"C:\Users\Nick\AppData\Local\Idle~Crawler" => File/Directory not found.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf => Moved successfully.
C:\Users\Nick\AppData\Local\Torch => Moved successfully.
C:\Users\Nick\AppData\Local\globalUpdate => Moved successfully.
C:\Users\Nick\AppData\Local\Comodo => Moved successfully.
C:\Users\Nick\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Torch => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Comodo => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\HomeGroupUser$ => Moved successfully.
C:\Users\Guest\AppData\Local\Torch => Moved successfully.
C:\Users\Guest\AppData\Local\Google => Moved successfully.
C:\Users\Guest\AppData\Local\Comodo => Moved successfully.
C:\Users\Guest\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Guest => Moved successfully.
C:\Users\Administrator\AppData\Local\Torch => Moved successfully.
C:\Users\Administrator\AppData\Local\Google => Moved successfully.
C:\Users\Administrator\AppData\Local\Comodo => Moved successfully.
C:\Users\Administrator\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Administrator => Moved successfully.
C:\ProgramData\f7643d545d73d6ec => Moved successfully.
C:\ProgramData\cosstminn => Moved successfully.
"C:\Program Files (x86)\globalUpdate" => File/Directory not found.
C:\ProgramData\IePluginServices => Moved successfully.
C:\Program Files (x86)\Supporter => Moved successfully.
C:\Program Files (x86)\cosstminn => Moved successfully.
C:\Windows\System32\Tasks\{4B32D006-02A1-4293-A1DB-AC1A143E4222} => Moved successfully.
C:\Users\Nick\AppData\Roaming\istart123 => Moved successfully.
C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-478063614-3405397891-931207975-1001 => Moved successfully.
C:\Program Files (x86)\ver6click-n-mark => Moved successfully.
C:\Program Files (x86)\CouponMatcher => Moved successfully.
EmptyTemp: => Removed 340.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

post-171464-0-51403500-1408592176_thumb.

post-171464-0-43934700-1408592301_thumb.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Nick (administrator) on NICK on 21-08-2014 19:30:48
Running from C:\Users\Nick\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Spotify Ltd) C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\wscstub.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s  RtHDVCpl    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s  kernel32.dll
HKLM\...\Run: [btTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-11-10] (RealNetworks, Inc.)
HKLM-x32\...\Run: [NortonSupport] => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\symerr.exe [70496 2014-01-30] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-478063614-3405397891-931207975-1001\...\Run: [EPSON1DE313 (Epson Stylus NX430)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [232448 2011-01-21] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-478063614-3405397891-931207975-1001\...\Run: [spotify Web Helper] => C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd)
AppInit_DLLs: C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {DFE70978-FFE3-49E7-B8EA-F9A933D13491} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\uqearsei.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istart123.xml
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-10]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\uqearsei.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-08-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-08-04]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istart123.com/?type=sc&ts=1408071292&from=ymb&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX91C227163971639

Chrome:
=======
CHR DefaultSearchProvider: istart123
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-25]
CHR Extension: (YouTube) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-10]
CHR Extension: (Google Search) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-10]
CHR Extension: (RealDownloader) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-11-10]
CHR Extension: (Google Wallet) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
CHR Extension: (Gmail) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-10]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-17] (McAfee, Inc.)
R2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2012-12-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-12-26] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182312 2012-12-26] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe [265040 2014-07-31] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-08-01] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-12-26] (McAfee, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-14] (Symantec Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140821.001\IDSvia64.sys [525016 2014-08-13] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-12-26] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-12-26] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2012-12-26] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-12-26] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-12-26] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-12-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-12-26] (McAfee, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140821.008\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140821.008\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-22] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1505000.013\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
U0 msahci;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 19:01 - 2014-08-21 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-20 22:28 - 2014-08-20 22:28 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-20 22:28 - 2014-08-20 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 22:28 - 2014-08-20 22:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 22:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-20 22:28 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-20 22:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-19 21:38 - 2014-08-19 21:38 - 00000412 _____ () C:\Windows\Tasks\click-n-mark_wd.job
2014-08-19 20:48 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Nick\Desktop\TDSSKiller.exe
2014-08-19 20:47 - 2014-08-19 20:47 - 04161313 _____ () C:\Users\Nick\Downloads\tdsskiller(1).zip
2014-08-18 21:36 - 2014-08-18 21:36 - 00001597 _____ () C:\Users\Nick\Desktop\ark.txt
2014-08-18 21:36 - 2014-08-18 21:36 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-08-18 21:27 - 2014-08-18 21:27 - 00283816 _____ () C:\Windows\Minidump\081814-108281-01.dmp
2014-08-18 21:24 - 2014-08-18 21:24 - 00380416 _____ () C:\Users\Nick\Downloads\qpuovut1.exe
2014-08-18 21:19 - 2014-08-18 21:27 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 21:19 - 2014-08-18 21:20 - 00288128 _____ () C:\Windows\Minidump\081814-114546-01.dmp
2014-08-18 21:16 - 2014-08-18 21:16 - 00380416 _____ () C:\Users\Nick\Downloads\eybbxd6f.exe
2014-08-17 21:48 - 2014-08-17 21:48 - 00003401 _____ () C:\Users\Nick\Desktop\RKreport_SCN_08172014_214816.log
2014-08-17 19:34 - 2014-08-17 21:35 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-17 19:34 - 2014-08-17 19:34 - 05421656 _____ () C:\Users\Nick\Downloads\RogueKillerX64.exe
2014-08-17 19:34 - 2014-08-17 19:34 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-17 18:18 - 2014-08-17 21:09 - 00021755 _____ () C:\Users\Nick\Downloads\Addition.txt
2014-08-17 18:17 - 2014-08-21 19:31 - 00027525 _____ () C:\Users\Nick\Downloads\FRST.txt
2014-08-17 18:16 - 2014-08-21 19:30 - 00000000 ____D () C:\FRST
2014-08-17 18:16 - 2014-08-17 18:16 - 02101760 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe
2014-08-17 13:13 - 2014-08-17 13:13 - 00005078 _____ () C:\Users\Nick\Desktop\JRT.txt
2014-08-17 13:03 - 2014-08-17 13:03 - 01016261 _____ (Thisisu) C:\Users\Nick\Downloads\JRT(1).exe
2014-08-17 13:03 - 2014-08-17 13:03 - 00000000 ____D () C:\Windows\ERUNT
2014-08-17 12:59 - 2014-08-17 12:59 - 00000926 _____ () C:\Users\Nick\Desktop\NTREGOPT.lnk
2014-08-17 12:59 - 2014-08-17 12:59 - 00000907 _____ () C:\Users\Nick\Desktop\ERUNT.lnk
2014-08-17 12:59 - 2014-08-17 12:59 - 00000000 ____D () C:\Windows\ERDNT
2014-08-17 12:59 - 2014-08-17 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-08-17 12:58 - 2014-08-17 12:59 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-08-17 12:58 - 2014-08-17 12:58 - 00791393 _____ (Lars Hederer ) C:\Users\Nick\Downloads\erunt-setup.exe
2014-08-17 12:41 - 2014-08-17 12:43 - 04161313 _____ () C:\Users\Nick\Downloads\tdsskiller.zip
2014-08-17 12:41 - 2014-08-17 12:41 - 00000000 ____D () C:\Users\Nick\Downloads\tdsskiller
2014-08-17 12:24 - 2014-08-17 12:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nick\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-17 12:14 - 2014-08-17 12:15 - 00001702 _____ () C:\Users\Nick\Desktop\Rkill.txt
2014-08-17 12:14 - 2014-08-17 12:14 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Nick\Downloads\rkill.exe
2014-08-17 12:14 - 2014-08-17 12:14 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Nick\Downloads\rkill64.exe
2014-08-17 12:00 - 2014-08-17 12:00 - 00000347 _____ () C:\Users\Nick\Downloads\FRST.exe
2014-08-15 22:38 - 2014-08-15 22:40 - 30517960 _____ (Microsoft Corporation) C:\Users\Nick\Downloads\Windows-KB890830-x64-V5.15.exe
2014-08-15 21:37 - 2014-08-15 21:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nick\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-14 23:37 - 2014-08-14 23:37 - 00000000 _____ () C:\autoexec.bat
2014-08-14 23:36 - 2014-08-17 11:58 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-14 23:36 - 2014-08-14 23:36 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-14 23:34 - 2014-08-14 23:34 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Nick\Downloads\sh-remover.exe
2014-08-14 22:48 - 2014-08-18 21:22 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-14 22:47 - 2014-08-18 21:21 - 00002321 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-08-14 22:47 - 2014-08-14 22:47 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-08-14 22:47 - 2014-08-14 22:47 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-08-14 22:47 - 2014-08-14 22:47 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-14 22:46 - 2014-08-18 21:22 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-08-14 22:46 - 2014-08-18 21:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-08-14 22:46 - 2014-08-14 22:49 - 00000000 ____D () C:\ProgramData\Norton
2014-08-14 22:46 - 2014-08-14 22:46 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-08-14 22:39 - 2014-08-14 22:45 - 231648632 ____N (Symantec Corporation) C:\Users\Nick\Downloads\N360_21.1.0.18_SYMTB_PROMO_4_MRFTT_830_10145-US1.exe
2014-08-14 22:38 - 2014-08-14 22:38 - 00189320 _____ (Kaspersky Lab) C:\Users\Nick\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6227.exe
2014-08-14 22:31 - 2014-08-14 23:03 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\PC Safe PRO
2014-08-14 22:31 - 2014-08-14 22:31 - 00003438 _____ () C:\Windows\System32\Tasks\PCSafePRO_Popup
2014-08-14 21:59 - 2014-08-14 21:59 - 00000000 ____D () C:\Users\Nick\AppData\Local\32480
2014-08-14 21:58 - 2014-08-14 23:03 - 00000000 ____D () C:\Users\Nick\Documents\PCSafePRO
2014-08-14 21:58 - 2014-08-14 21:58 - 00000000 ____D () C:\Users\Nick\AppData\Local\Fusion_Tech_Software,_LLC
2014-08-14 21:55 - 2014-08-15 21:36 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-08-14 21:54 - 2014-08-14 23:14 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-14 21:53 - 2014-08-14 21:53 - 00000000 ____D () C:\ProgramData\Online
2014-08-14 21:52 - 2014-08-14 23:44 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\serv
2014-08-14 21:52 - 2014-08-14 21:53 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\device
2014-08-14 21:49 - 2014-08-14 21:49 - 00300920 _____ () C:\Users\Nick\Downloads\setup(1).exe
2014-08-14 21:48 - 2014-08-14 21:48 - 00300920 _____ () C:\Users\Nick\Downloads\setup.exe
2014-08-03 15:21 - 2014-08-03 15:21 - 00000000 ____D () C:\Users\Nick\Downloads\FrozenLetter2014
2014-08-03 14:51 - 2014-08-03 15:19 - 84392476 _____ () C:\Users\Nick\Downloads\FrozenLetter2014.rar
2014-07-29 21:53 - 2014-07-29 21:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 19:48 - 2014-07-28 19:48 - 00307904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-28 07:35 - 2014-06-26 15:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-28 07:35 - 2014-06-26 15:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-27 22:20 - 2014-07-27 22:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-26 12:57 - 2014-07-26 12:57 - 00019692 _____ () C:\Users\Nick\Desktop\139797130W.jpeg
2014-07-25 21:34 - 2014-05-03 00:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-25 21:34 - 2014-05-02 22:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-07-25 21:33 - 2014-06-30 17:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-25 21:33 - 2014-06-30 17:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-25 21:33 - 2014-06-30 17:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-25 21:33 - 2014-06-27 22:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-25 21:33 - 2014-06-18 21:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 21:33 - 2014-06-18 21:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 21:33 - 2014-06-18 21:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-25 21:33 - 2014-06-18 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-25 21:33 - 2014-06-18 21:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 21:33 - 2014-06-18 21:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 21:33 - 2014-06-18 21:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 21:33 - 2014-06-18 21:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 21:33 - 2014-06-18 21:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 21:33 - 2014-06-18 21:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-25 21:33 - 2014-06-18 21:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 21:33 - 2014-06-18 21:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 21:33 - 2014-06-18 21:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 21:33 - 2014-06-18 21:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-25 21:33 - 2014-06-18 21:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-25 21:33 - 2014-06-18 21:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 21:33 - 2014-06-18 21:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 21:33 - 2014-06-18 21:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 21:33 - 2014-06-18 21:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 21:33 - 2014-06-18 19:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 21:33 - 2014-06-18 19:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-25 21:33 - 2014-06-18 19:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 21:33 - 2014-06-18 19:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 21:33 - 2014-06-18 19:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-25 21:33 - 2014-06-18 19:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 21:33 - 2014-06-18 19:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 21:33 - 2014-06-18 19:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 21:33 - 2014-06-18 19:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-25 21:33 - 2014-06-18 19:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 21:33 - 2014-06-18 19:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-25 21:33 - 2014-06-18 19:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 21:33 - 2014-06-18 19:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 21:33 - 2014-06-18 19:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 21:33 - 2014-06-18 19:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 21:33 - 2014-06-18 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 21:33 - 2014-06-18 17:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-25 21:33 - 2014-06-17 18:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-25 21:33 - 2014-06-17 18:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-25 21:33 - 2014-06-10 23:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-25 21:33 - 2014-05-29 18:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-25 21:33 - 2014-05-29 18:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-25 21:33 - 2014-05-29 18:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-25 21:33 - 2014-05-29 18:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-25 21:33 - 2014-04-29 17:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-25 21:33 - 2014-04-29 17:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-07-25 21:33 - 2014-04-03 06:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-07-25 21:33 - 2014-04-02 22:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-07-25 21:33 - 2014-03-31 17:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-07-25 21:33 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-07-25 21:33 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-07-25 21:32 - 2014-06-18 21:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 21:32 - 2014-06-18 21:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 21:32 - 2014-06-18 19:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 21:32 - 2014-06-18 19:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 21:32 - 2014-06-18 19:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 21:32 - 2014-06-18 19:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 21:32 - 2014-06-18 19:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-25 21:32 - 2014-06-06 09:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-25 21:32 - 2014-06-06 05:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-25 21:32 - 2014-06-02 17:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-25 21:32 - 2014-05-29 17:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-25 21:32 - 2014-04-03 06:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-25 21:32 - 2014-03-06 19:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-25 21:32 - 2014-03-06 19:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 19:31 - 2014-08-17 18:17 - 00027525 _____ () C:\Users\Nick\Downloads\FRST.txt
2014-08-21 19:30 - 2014-08-17 18:16 - 00000000 ____D () C:\FRST
2014-08-21 19:06 - 2013-11-10 18:25 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 19:01 - 2014-08-21 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-21 19:00 - 2012-11-29 17:52 - 00000408 _____ () C:\Users\Nick\AppData\Roaming\sp_data.sys
2014-08-21 18:59 - 2013-11-10 18:25 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 18:59 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-20 22:38 - 2013-04-27 10:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 22:35 - 2012-12-26 00:44 - 00795648 ___SH () C:\Users\Nick\Desktop\Thumbs.db
2014-08-20 22:29 - 2012-12-01 22:12 - 00000000 ____D () C:\Users\Nick\AppData\Local\CrashDumps
2014-08-20 22:28 - 2014-08-20 22:28 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-20 22:28 - 2014-08-20 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 22:28 - 2014-08-20 22:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 22:22 - 2012-08-01 20:20 - 00048276 _____ () C:\Windows\PFRO.log
2014-08-20 22:22 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 21:38 - 2014-08-19 21:38 - 00000412 _____ () C:\Windows\Tasks\click-n-mark_wd.job
2014-08-19 20:47 - 2014-08-19 20:47 - 04161313 _____ () C:\Users\Nick\Downloads\tdsskiller(1).zip
2014-08-18 21:36 - 2014-08-18 21:36 - 00001597 _____ () C:\Users\Nick\Desktop\ark.txt
2014-08-18 21:36 - 2014-08-18 21:36 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-08-18 21:32 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-18 21:27 - 2014-08-18 21:27 - 00283816 _____ () C:\Windows\Minidump\081814-108281-01.dmp
2014-08-18 21:27 - 2014-08-18 21:19 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 21:27 - 2012-11-29 17:48 - 00000000 ____D () C:\Users\Nick
2014-08-18 21:25 - 2012-07-26 03:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-08-18 21:24 - 2014-08-18 21:24 - 00380416 _____ () C:\Users\Nick\Downloads\qpuovut1.exe
2014-08-18 21:22 - 2014-08-14 22:48 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-18 21:22 - 2014-08-14 22:46 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-08-18 21:21 - 2014-08-14 22:47 - 00002321 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-08-18 21:21 - 2014-08-14 22:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-08-18 21:20 - 2014-08-18 21:19 - 00288128 _____ () C:\Windows\Minidump\081814-114546-01.dmp
2014-08-18 21:16 - 2014-08-18 21:16 - 00380416 _____ () C:\Users\Nick\Downloads\eybbxd6f.exe
2014-08-18 20:04 - 2012-11-29 17:49 - 00000000 ____D () C:\Users\Nick\AppData\Local\VirtualStore
2014-08-17 21:48 - 2014-08-17 21:48 - 00003401 _____ () C:\Users\Nick\Desktop\RKreport_SCN_08172014_214816.log
2014-08-17 21:35 - 2014-08-17 19:34 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-17 21:09 - 2014-08-17 18:18 - 00021755 _____ () C:\Users\Nick\Downloads\Addition.txt
2014-08-17 21:04 - 2012-12-01 23:53 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\uTorrent
2014-08-17 19:34 - 2014-08-17 19:34 - 05421656 _____ () C:\Users\Nick\Downloads\RogueKillerX64.exe
2014-08-17 19:34 - 2014-08-17 19:34 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-17 18:16 - 2014-08-17 18:16 - 02101760 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe
2014-08-17 17:33 - 2013-11-10 18:29 - 00003330 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-478063614-3405397891-931207975-1001
2014-08-17 13:13 - 2014-08-17 13:13 - 00005078 _____ () C:\Users\Nick\Desktop\JRT.txt
2014-08-17 13:03 - 2014-08-17 13:03 - 01016261 _____ (Thisisu) C:\Users\Nick\Downloads\JRT(1).exe
2014-08-17 13:03 - 2014-08-17 13:03 - 00000000 ____D () C:\Windows\ERUNT
2014-08-17 12:59 - 2014-08-17 12:59 - 00000926 _____ () C:\Users\Nick\Desktop\NTREGOPT.lnk
2014-08-17 12:59 - 2014-08-17 12:59 - 00000907 _____ () C:\Users\Nick\Desktop\ERUNT.lnk
2014-08-17 12:59 - 2014-08-17 12:59 - 00000000 ____D () C:\Windows\ERDNT
2014-08-17 12:59 - 2014-08-17 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-08-17 12:59 - 2014-08-17 12:58 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-08-17 12:58 - 2014-08-17 12:58 - 00791393 _____ (Lars Hederer ) C:\Users\Nick\Downloads\erunt-setup.exe
2014-08-17 12:43 - 2014-08-17 12:41 - 04161313 _____ () C:\Users\Nick\Downloads\tdsskiller.zip
2014-08-17 12:41 - 2014-08-17 12:41 - 00000000 ____D () C:\Users\Nick\Downloads\tdsskiller
2014-08-17 12:24 - 2014-08-17 12:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nick\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-17 12:15 - 2014-08-17 12:14 - 00001702 _____ () C:\Users\Nick\Desktop\Rkill.txt
2014-08-17 12:14 - 2014-08-17 12:14 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Nick\Downloads\rkill.exe
2014-08-17 12:14 - 2014-08-17 12:14 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Nick\Downloads\rkill64.exe
2014-08-17 12:00 - 2014-08-17 12:00 - 00000347 _____ () C:\Users\Nick\Downloads\FRST.exe
2014-08-17 11:58 - 2014-08-14 23:36 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-15 22:40 - 2014-08-15 22:38 - 30517960 _____ (Microsoft Corporation) C:\Users\Nick\Downloads\Windows-KB890830-x64-V5.15.exe
2014-08-15 21:42 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-15 21:38 - 2014-08-15 21:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nick\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-15 21:36 - 2014-08-14 21:55 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-08-14 23:44 - 2014-08-14 21:52 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\serv
2014-08-14 23:43 - 2012-07-26 03:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-14 23:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-14 23:37 - 2014-08-14 23:37 - 00000000 _____ () C:\autoexec.bat
2014-08-14 23:36 - 2014-08-14 23:36 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-14 23:34 - 2014-08-14 23:34 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Nick\Downloads\sh-remover.exe
2014-08-14 23:14 - 2014-08-14 21:54 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-14 23:03 - 2014-08-14 22:31 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\PC Safe PRO
2014-08-14 23:03 - 2014-08-14 21:58 - 00000000 ____D () C:\Users\Nick\Documents\PCSafePRO
2014-08-14 22:49 - 2014-08-14 22:46 - 00000000 ____D () C:\ProgramData\Norton
2014-08-14 22:47 - 2014-08-14 22:47 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-08-14 22:47 - 2014-08-14 22:47 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-08-14 22:47 - 2014-08-14 22:47 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-14 22:46 - 2014-08-14 22:46 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-08-14 22:45 - 2014-08-14 22:39 - 231648632 ____N (Symantec Corporation) C:\Users\Nick\Downloads\N360_21.1.0.18_SYMTB_PROMO_4_MRFTT_830_10145-US1.exe
2014-08-14 22:38 - 2014-08-14 22:38 - 00189320 _____ (Kaspersky Lab) C:\Users\Nick\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6227.exe
2014-08-14 22:31 - 2014-08-14 22:31 - 00003438 _____ () C:\Windows\System32\Tasks\PCSafePRO_Popup
2014-08-14 22:16 - 2013-11-18 21:53 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Malwarebytes
2014-08-14 22:16 - 2013-01-31 22:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 21:59 - 2014-08-14 21:59 - 00000000 ____D () C:\Users\Nick\AppData\Local\32480
2014-08-14 21:58 - 2014-08-14 21:58 - 00000000 ____D () C:\Users\Nick\AppData\Local\Fusion_Tech_Software,_LLC
2014-08-14 21:55 - 2013-11-10 18:25 - 00002395 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-14 21:55 - 2013-04-23 20:46 - 00001359 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-14 21:54 - 2013-11-10 18:24 - 00000000 ____D () C:\Users\Nick\AppData\Local\Google
2014-08-14 21:54 - 2013-11-10 18:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-14 21:54 - 2013-04-23 20:46 - 00001371 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-14 21:54 - 2012-11-29 17:51 - 00001654 _____ () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-14 21:54 - 2012-07-26 02:21 - 00035958 _____ () C:\Windows\setupact.log
2014-08-14 21:53 - 2014-08-14 21:53 - 00000000 ____D () C:\ProgramData\Online
2014-08-14 21:53 - 2014-08-14 21:52 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\device
2014-08-14 21:49 - 2014-08-14 21:49 - 00300920 _____ () C:\Users\Nick\Downloads\setup(1).exe
2014-08-14 21:48 - 2014-08-14 21:48 - 00300920 _____ () C:\Users\Nick\Downloads\setup.exe
2014-08-10 22:37 - 2012-12-01 20:44 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Spotify
2014-08-08 21:06 - 2012-12-01 20:45 - 00000000 ____D () C:\Users\Nick\AppData\Local\Spotify
2014-08-03 17:56 - 2012-12-02 00:29 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\vlc
2014-08-03 15:21 - 2014-08-03 15:21 - 00000000 ____D () C:\Users\Nick\Downloads\FrozenLetter2014
2014-08-03 15:19 - 2014-08-03 14:51 - 84392476 _____ () C:\Users\Nick\Downloads\FrozenLetter2014.rar
2014-07-31 23:41 - 2012-12-12 23:32 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-30 20:54 - 2012-10-27 22:03 - 01519225 _____ () C:\Windows\WindowsUpdate.log
2014-07-29 21:55 - 2013-04-23 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-29 21:53 - 2014-07-29 21:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 20:46 - 2014-06-01 14:24 - 00000000 ____D () C:\Windows\rescache
2014-07-28 19:48 - 2014-07-28 19:48 - 00307904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-27 22:20 - 2014-07-27 22:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-27 22:20 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-27 22:20 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-27 22:20 - 2012-07-26 02:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-26 12:57 - 2014-07-26 12:57 - 00019692 _____ () C:\Users\Nick\Desktop\139797130W.jpeg
2014-07-26 02:01 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-26 01:57 - 2013-08-18 12:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-25 21:36 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-16 10:34

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Nick at 2014-08-21 19:32:19
Running from C:\Users\Nick\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
istart123 uninstall (HKLM-x32\...\istart123 uninstall) (Version:  - istart123)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JNLP (HKCU\...\JNLP) (Version:  - JNLP)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 11.6.443 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Norton 360 (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
Office Suite X 3.3 (HKLM-x32\...\{1F56A6C9-81CA-4B5F-B471-8CCB13CF85DA}) (Version: 3.3.9567 - Office Suite X)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version:  - Costmin) <==== ATTENTION
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-08-2014 02:23:29 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {22F05E5B-0F2D-4349-97D2-E5D19F27129C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2BC7A53A-FD72-47FB-8BA5-CC6EE5C48961} - System32\Tasks\PCSafePRO_Popup => C:\Program Files (x86)\PC Safe PRO\Splash.exe
Task: {37719543-60C0-4007-913F-D110907E10F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {3CDDF0E5-BEA2-400C-ADEA-2B66D8E8CBBA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {4D3CB462-3415-4F6A-A144-C76FAD88A4C6} - \{4B32D006-02A1-4293-A1DB-AC1A143E4222} No Task File <==== ATTENTION
Task: {501F02FA-DC46-4764-BED6-516613068A17} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {6D056E02-279F-4679-944B-4C714A62957F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7D5A6B65-35F9-46CA-851A-3CCB4A79B13F} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {884BB949-3A11-4D5A-930D-60AD25AF9CCF} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {8A7680ED-7423-4B31-876A-CDBF07AF3B4A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-478063614-3405397891-931207975-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {992072FF-9258-4C6F-9482-D6F3BEE0D2BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9D5F8682-1233-49F8-8E85-F98060BDEBFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {9D604D81-026D-421C-BE7D-8DC15CEBAD99} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AC284CCC-5CF8-4A8D-90DE-37D1036BC6EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-31] (Microsoft Corporation)
Task: {AC539887-376B-4F0C-860C-5AE9747D971E} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {AE9DF9E8-C624-4DF7-B6E1-874086E35F7F} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C04C63C6-CE1C-4CE3-A30F-3B8243A21AA9} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D473ED53-66E0-48DB-A5C1-7967029C3A04} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F5255196-6D56-4C97-B824-E16D8B9A797B} - \Optimize Start Menu Cache Files-S-1-5-21-478063614-3405397891-931207975-1001 No Task File <==== ATTENTION
Task: {F79DB322-6DF6-41B1-8F8C-E815F51CC423} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {FD66EA3A-DEBB-4A93-B114-4EF689C7AFEC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\click-n-mark_wd.job => C:\Program Files (x86)\ver6click-n-mark\E9click-n-markJ.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-07-26 02:58 - 2012-07-26 02:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-10 20:28 - 2012-08-10 20:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-11-28 17:13 - 2012-11-28 17:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 17:13 - 2012-11-28 17:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-27 21:47 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-08-24 19:17 - 2012-08-24 19:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-07-29 21:53 - 2014-07-29 21:53 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2014 10:29:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1628
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/20/2014 10:28:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x138c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/20/2014 10:25:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1598
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/20/2014 10:24:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x3b8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/20/2014 10:19:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 31.0.0.5310, time stamp: 0x53c75e91
Faulting module name: mozalloc.dll, version: 31.0.0.5310, time stamp: 0x53c72e91
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0xf88
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (08/20/2014 08:23:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/18/2014 09:15:48 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Internet Explorer because of this error.

Program: Internet Explorer
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (08/18/2014 09:15:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17028, time stamp: 0x53a20947
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000001d
Fault offset: 0x045a0ed0
Faulting process id: 0x2094
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (08/18/2014 08:34:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/17/2014 11:08:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15593


System errors:
=============
Error: (08/21/2014 06:59:34 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends on the following service: MpsSvc. This service might not be installed.

Error: (08/21/2014 06:59:34 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends on the following service: MpsSvc. This service might not be installed.

Error: (08/20/2014 10:26:19 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends on the following service: MpsSvc. This service might not be installed.

Error: (08/20/2014 10:26:19 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends on the following service: MpsSvc. This service might not be installed.

Error: (08/20/2014 10:25:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/20/2014 10:22:42 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends on the following service: BFE. This service might not be installed.

Error: (08/20/2014 10:22:40 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends on the following service: MpsSvc. This service might not be installed.

Error: (08/20/2014 10:22:37 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the following service: BFE. This service might not be installed.

Error: (08/20/2014 10:22:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/20/2014 10:21:09 PM) (Source: DCOM) (EventID: 10010) (User: NICK)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}


Microsoft Office Sessions:
=========================
Error: (08/20/2014 10:29:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd162801cfbcf013456fecC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll510e9849-28e3-11e4-beda-dc85de77ecf2

Error: (08/20/2014 10:28:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd138c01cfbcf00af51907C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll4911b4ed-28e3-11e4-beda-dc85de77ecf2

Error: (08/20/2014 10:25:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd159801cfbcef9578bcd4C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlld341e53f-28e2-11e4-beda-dc85de77ecf2

Error: (08/20/2014 10:24:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd3b801cfbcef754f8099C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllb98a99f8-28e2-11e4-beda-dc85de77ecf2

Error: (08/20/2014 10:19:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141bf8801cfbcd184839302C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllfc8a3e41-28e1-11e4-bed9-dc85de77ecf2

Error: (08/20/2014 08:23:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (08/18/2014 09:15:48 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Internet Explorer000000000

Error: (08/18/2014 09:15:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1702853a20947unknown0.0.0.000000000c000001d045a0ed0209401cfbb4b1c637b1eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownbbb16721-2746-11e4-bed6-dc85de77ecf2

Error: (08/18/2014 08:34:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (08/17/2014 11:08:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15593


==================== Memory info ===========================

Processor: Intel® Core i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 38%
Total physical RAM: 3979.79 MB
Available physical RAM: 2464.32 MB
Total Pagefile: 8075.79 MB
Available Pagefile: 6156.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:2.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:157.84 GB) (Free:157.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 944CB54D)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    istart123 uninstallSupporter 1.80
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

fixlist.txt

Link to post
Share on other sites

I was able to uninstall istart123 and Support 1.80 using Revo Uninstaller.  Thank you.

 

Next I ran FRST and will post the log as a new reply.

 

However, I still cannot open Malwarebytes Antimalware.  Also, my browser still automatically opens to the istart homepage, even after I go into options and change the homepage. 

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-08-2014
Ran by Nick at 2014-08-23 10:10:27 Run:2
Running from C:\Users\Nick\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: C:\Windows\Tasks\click-n-mark_wd.job => C:\Program Files (x86)\ver6click-n-mark\E9click-n-markJ.exe
Task: {F79DB322-6DF6-41B1-8F8C-E815F51CC423} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {F5255196-6D56-4C97-B824-E16D8B9A797B} - \Optimize Start Menu Cache Files-S-1-5-21-478063614-3405397891-931207975-1001 No Task File <==== ATTENTION
Task: {884BB949-3A11-4D5A-930D-60AD25AF9CCF} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {4D3CB462-3415-4F6A-A144-C76FAD88A4C6} - \{4B32D006-02A1-4293-A1DB-AC1A143E4222} No Task File <==== ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\uqearsei.default\extensions\faststartff@gmail.com
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istart123.xml
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
AppInit_DLLs: C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL File Not Found

C:\Program Files (x86)\ver6click-n-mark
2014-08-15 21:36 - 2014-08-14 21:55 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect

EmptyTemp:
*****************

C:\Windows\Tasks\click-n-mark_wd.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F79DB322-6DF6-41B1-8F8C-E815F51CC423}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F79DB322-6DF6-41B1-8F8C-E815F51CC423}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5255196-6D56-4C97-B824-E16D8B9A797B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5255196-6D56-4C97-B824-E16D8B9A797B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-478063614-3405397891-931207975-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{884BB949-3A11-4D5A-930D-60AD25AF9CCF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{884BB949-3A11-4D5A-930D-60AD25AF9CCF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D3CB462-3415-4F6A-A144-C76FAD88A4C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D3CB462-3415-4F6A-A144-C76FAD88A4C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4B32D006-02A1-4293-A1DB-AC1A143E4222}" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istart123.xml => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
"C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL" => Value Data removed successfully.
"C:\Program Files (x86)\ver6click-n-mark" => File/Directory not found.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
EmptyTemp: => Removed 352 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

I followed that exact order.  I ran FRST fix and after the automatic restart I attempted to open Malwarebytes without ever opening a web browser.  It did not work and I gave it a couple tries.

 

Here are the new fix results just in case...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-08-2014
Ran by Nick at 2014-08-25 21:01:30 Run:5
Running from C:\Users\Nick\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: C:\Windows\Tasks\click-n-mark_wd.job => C:\Program Files (x86)\ver6click-n-mark\E9click-n-markJ.exe
Task: {F79DB322-6DF6-41B1-8F8C-E815F51CC423} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {F5255196-6D56-4C97-B824-E16D8B9A797B} - \Optimize Start Menu Cache Files-S-1-5-21-478063614-3405397891-931207975-1001 No Task File <==== ATTENTION
Task: {884BB949-3A11-4D5A-930D-60AD25AF9CCF} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {4D3CB462-3415-4F6A-A144-C76FAD88A4C6} - \{4B32D006-02A1-4293-A1DB-AC1A143E4222} No Task File <==== ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\uqearsei.default\extensions\faststartff@gmail.com
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istart123.xml
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
AppInit_DLLs: C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL File Not Found

C:\Program Files (x86)\ver6click-n-mark
2014-08-15 21:36 - 2014-08-14 21:55 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect

EmptyTemp:
*****************

C:\Windows\Tasks\click-n-mark_wd.job not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F79DB322-6DF6-41B1-8F8C-E815F51CC423}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5255196-6D56-4C97-B824-E16D8B9A797B}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-478063614-3405397891-931207975-1001" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{884BB949-3A11-4D5A-930D-60AD25AF9CCF}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D3CB462-3415-4F6A-A144-C76FAD88A4C6}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4B32D006-02A1-4293-A1DB-AC1A143E4222}" => Key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\faststartff@gmail.com => Value not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istart123.xml" => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
"C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL" => Value Data not found.
"C:\Program Files (x86)\ver6click-n-mark" => File/Directory not found.
"C:\ProgramData\WindowsMangerProtect" => File/Directory not found.
EmptyTemp: => Removed 25.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

Follow this set of instructions to remove Malwarebytes: https://forums.malwarebytes.org/index.php?/topic/122284-mbam-clean-removal-process/

When finished, follow my instructions to reinstall it:

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes Anti-Malware to your desktop. Double-click the downloaded setup file and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

[*]Click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Link to post
Share on other sites

It worked!  Thank you.

 

Now, the scan did not detect any malicious items.  However, my browser still automatically opens to that istart123 homepage, no matter if I try to change it in Options.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/26/2014
Scan Time: 8:11:08 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Nick

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 237435
Time Elapsed: 20 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\FRST\Quarantine\C\Program Files (x86)\Supporter\Supporter_x64.dll    a variant of Win64/SProtector.A potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\ver6click-n-mark\x64\TandemRunner.exe    a variant of Win64/Adware.AddLyrics.A application    cleaned by deleting - quarantined
C:\Users\Nick\Downloads\Enlightened_Season_1_Complete_720p_secure (1).exe    Win32/TopMedia.B potentially unwanted application    deleted - quarantined
C:\Users\Nick\Downloads\Enlightened_Season_1_Complete_720p_secure.exe    Win32/TopMedia.B potentially unwanted application    deleted - quarantined
C:\Users\Nick\Downloads\Flying_Lotus_-_Until_the_Quiet_Comes_[320kbps]_secure.exe    Win32/TopMedia.B potentially unwanted application    deleted - quarantined
 

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

# AdwCleaner v3.308 - Report created 01/09/2014 at 18:33:13
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Nick - NICK
# Running from : C:\Users\Nick\Downloads\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Nick\AppData\Local\Conduit
Folder Deleted : C:\Users\Nick\AppData\Roaming\Device
Folder Deleted : C:\Users\Nick\AppData\Roaming\serv

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17054


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\uqearsei.default\prefs.js ]

Line Deleted : user_pref("extensions.GRApvdTpGw.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9209 octets] - [01/09/2014 18:29:30]
AdwCleaner[s0].txt - [8059 octets] - [01/09/2014 18:33:13]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8119 octets] ##########
 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Nick on Mon 09/01/2014 at 18:38:11.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Nick\AppData\Roaming\mozilla\firefox\profiles\uqearsei.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/01/2014 at 18:49:46.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 6 Update 22  
 Java version out of Date!
 Adobe Flash Player     14.0.0.145  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (31.0)
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Your system is clean now! :)

 

 

Internet Explorer out of date

Your version of Internet Explorer is outdated.

  1. Please download IE 10 from http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-10/worldwide-languages
  2. Save it to your desktop.
  3. Double click on the file on your desktop to start the installation process.
  4. Reboot

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.


After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.





Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.